Hackers Exploit MOVEit Zero-Day Flaw to Steal Data from Several Big Organizations - 1

Hackers Exploit MOVEit Zero-Day Flaw to Steal Data from Several Big Organizations

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A zero-day vulnerability found in MOVEit file transfer software was exploited by a prominent ransomware group to attack multiple companies and a provincial government.

According to reports, UK-based BBC, Boots, British Airways (BA) and the government of Nova Scotia, Canada are some of the prominent organizations affected. As this flaw affects all MOVEit transfer versions, the actual number of organizations affected by this vulnerability remains unknown.

Some of the victims, including BBC and BA, revealed that their outsourced payroll provider, Zellis, was affected by the vulnerability. Its dependence on MOVEit transfer software (provided by Progress Software) for providing the payroll services led to this mishap. Zellis in a separate statement also admitted that some of its customers were impacted, although the exact number and names were not revealed.

It stated that containment measures were deployed as soon as it became aware of this vulnerability, including disconnecting servers using MOVEit software, informing appropriate authorities in the UK and Ireland, as well as engaging with external cybersecurity and forensic experts.

This vulnerability was revealed by Progress Software on May 31, when it notified its customers about the flaw found in both MOVEit transfer and Cloud. Although Progress immediately released security patches for this flaw, cybersecurity firms like Mandiant and Rapid7 reported its exploitation by ransom gangs.

The current attacks were attributed to Lace Tempest (FIN11, TA505) which is known to operate the CI0p ransomware site, reported Microsoft. Its modus operandi involves exploiting zero-day flaws to access system databases to steal data for extortion. The gang is also known to threaten and publish data of unwilling victims on its website.

Some of BBC & Boot’s employees’ data that may have been breached include names, National Insurance number, partial home addresses, email IDs and employee numbers.

UK’s National Cyber Security Centre has also advised organizations’ using MOVEit transfer software ‘’to take immediate action by following vendor best practice advice and applying the recommended security updates.”

Data of 2.47 Million Individuals Exposed in Enzo Biochem Ransomware Attack - 2

Data of 2.47 Million Individuals Exposed in Enzo Biochem Ransomware Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a recent Form 8-K filing with the US Securities and Exchange Commission (SEC), Enzo Biochem revealed that clinical test information of nearly 2.4 Million individuals was compromised in the April 2023 ransomware attack.

Enzo Biochem is a US-based medical sciences company that specializes in producing and marketing DNA-based tests to detect infectious and transmissible diseases.

The cyberattack prompted the company to launch an immediate investigation which revealed that around 2,470,000 individuals’ clinical test data was accessed and exfiltrated by unknown threat actors. The investigation which was carried out with the help of external cybersecurity experts revealed that compromised information included individuals’ names, test information, and in some instances their Social Security numbers (around 600,000).

In the SEC filing, the company also revealed that it’s trying to determine whether employees’ information was also a part of this breach. If any such discovery is made, Enzo will notify the impacted individuals and concerned regulatory authorities.

Adhering to its disaster recovery plan, Enzo Biochem also deployed containment measures, including disconnecting affected systems from the internet and notifying appropriate law authorities. These measures helped the company avoid disruption in business operations and enabled continuous delivery of services to its patients and partners.

However, the company stated that it has incurred and is expecting more expenses in relation to this cyberattack. ‘’certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,’’ noted Enzo Biochem.

Moreover, the attack and data breach has also exposed the company to certain risks and uncertainties, and in days to come, it is expecting increased scrutiny from regulatory authorities.

In recent months the healthcare industry has been witnessing a spate of ransomware attacks, resulting in the theft of sensitive personal and financial information. Just last week US-based MCNA revealed that its network had been compromised and personal data of 8.9 Million customers were stolen in the data breach incident.