At a glance.
- Hackers breach Rhode Island benefits system.
- Clop ransomware gang claims responsibility for Cleo attacks.
- California healthcare system sustains ransomware attack.
- Phishing campaign targets YouTube creators.
Hackers breach Rhode Island benefits system.
Sensitive information belonging to hundreds of thousands of Rhode Islanders may be leaked online this week, the Providence Journal reports. The data was stolen during an attack on the state's public benefits computer system RIBridges earlier this month, and may involve names, addresses, dates of birth, Social Security numbers, and some banking information. According to the AP, the breach may affect "[a]nyone who has been involved in Medicaid, the Supplemental Nutrition Assistance Program known as SNAP, Temporary Assistance for Needy Families, Childcare Assistance Program, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program and health insurance purchased through HealthSource RI."
Rhode Island Governor Dan McKee said in a press briefing on Saturday that a negotiator hired by Deloitte is in ransom talks with the hackers, and those talks suggest the crooks may decide to leak the data as early as this week.
Clop ransomware gang claims responsibility for Cleo attacks.
The Clop ransomware gang has claimed responsibility for data theft attacks exploiting a critical vulnerability (CVE-2024-55956) affecting Cleo's file transfer products, BleepingComputer reports. The gang told BleepingComputer that it had breached "quite a lot" of companies through the flaw.
Cleo released an updated patch for the vulnerability last week, but attackers have been exploiting the flaw since at least December 3rd. The company urges customers to apply the patch as soon as possible. Huntress, Rapid7, Arctic Wolf, and Sophos have observed widespread exploitation of the vulnerability.
California healthcare system sustains ransomware attack.
PIH Health, a regional healthcare provider serving more than 3 million residents across southern California, is still recovering from a ransomware attack it sustained on December 1st, BankInfoSecurity reports. The Los Angeles Daily News obtained a letter purportedly sent by the hackers, in which the crooks claim to have stolen 2 terabytes of data containing 17 million patient records. The healthcare provider hasn't confirmed these details.
The health system said in an update on its website, "PIH Health is working with cyber forensic specialists to assess the issue. Impacted individuals will be notified if protected health information is found to be compromised."
Phishing campaign targets YouTube creators.
Researchers at CloudSEK describe a phishing campaign that's using phony collaboration offers to target popular YouTube accounts. The emails contain OneDrive links that lead to ZIP files containing malware. The researchers note, "The attackers are leveraging trusted brand names and professional collaboration offers as a cover to distribute malicious attachments. The email subject lines and contents are carefully crafted to appear as legitimate business opportunities, including promotions, partnership proposals, and marketing collaborations."