June 5, 2023

CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Harvard Pilgrim Breach: 2.5 Million Affected

Harvard Pilgrim Health Care has disclosed a ransomware attack that occurred in March, impacting 2.5 million individuals and resulting in the theft of sensitive data. An investigation revealed that the attackers accessed and copied data between late March 28 and mid-April. The stolen information includes personal details, health insurance data, and clinical information. Victims are cautioned about the risks of phishing and social engineering attacks.

Massive Data Breach Hits Dental Insurance Provider

Managed Care of North America Dental, a major dental care and oral health insurance provider in the U.S., has reported a data breach affecting nearly 9 million patients. LockBit has claimed responsibility for the attack, in which they stole personal information, health insurance details, and dental care history. MCNA is offering identity theft protection and credit monitoring services. As they refused to pay the $10 million ransom, LockBit released the data for sale on the dark web. Affected individuals should stay vigilant for potential identity theft and phishing attempts using the leaked information.

Zyxel Networking Devices Vulnerable to Exploit

Threat actors are actively exploiting a critical command injection vulnerability (CVE-2023-28771) in Zyxel networking devices, enabling them to install malware. The flaw allows for remote code execution via a specially crafted IKEv2 packet. Zyxel has released patches for affected products, and CISA has issued an alert confirming active exploitation and advising federal agencies to apply the update. Botnets and other threat groups are targeting the vulnerability, potentially leading to DDoS attacks or more severe consequences. Administrators should promptly update these devices.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500