AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/1/2024

Former IT employee accessed data of over 1 million US patients

Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. Geisinger is a non-profit organization that operates 134 care sites, ten hospitals, and the Geisinger Health Plan, serving a total of 1.2 million people. It employs 26,000 staff, including 1,600 doctors, and is considered one of Pennsylvania’s most important organizations. An announcement published earlier this week explains that in November 2023, Geisinger detected unauthorized access to its patients’ database by a former Nuance employee.

 

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the vulnerabilities is CVE-2024-5655 (CVSS score: 9.6), which could permit a malicious actor to trigger a pipeline as another user under certain circumstances.

 

Ticketmaster sends notifications about recent massive data breach

Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company’s Snowflake database, containing the data of millions of people. “Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider,” reads a data breach notification shared with the Office of the Maine Attorney General. “Based on our investigation, we determined that the unauthorized activity occurred between April 2, 2024, and May 18, 2024. On May 23, 2024, we determined that some of your personal information may have been affected by the incident. We have not seen any additional unauthorized activity in the cloud database since we began our investigation.”

 

Google cuts ties with Entrust in Chrome over trust issues

Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements. Entrust is one of the many certificate authorities (CA) used by Chrome to verify that the websites end users visit are trustworthy. From November 1 in Chrome 127, which recently entered beta, TLS server authentication certificates validating to Entrust or AffirmTrust roots won’t be trusted by default. Google pointed to a series of incident reports over the past few years concerning Entrust, saying they “highlighted a pattern of concerning behaviors” that have ultimately seen the security company fall down in Google’s estimations.

 

Microsoft tells yet more customers their emails have been stolen

It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted. We’ve been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive US government dataReports last week revealed that the issue was even larger than initially believed and additional customers’ data has been stolen. “We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” a Microsoft spokesperson told Bloomberg. “This is increased detail for customers who have already been notified and also includes new notifications.”

Related Posts