Encircle News!

Retro Game Arcade
, , , , ,

Security giant Rubrik says hackers used Fortra zero-day to steal internal data

Carly Page

Silicon Valley-based data security company Rubrik has come forward as the latest victim of the Fortra GoAnywhere zero-day vulnerability, which has been linked to hacks targeting a hospital chain and a bank.

In a blog post published on Tuesday, Rubrik’s chief information security officer Michael Mestrovich said that attackers had gained access to the company’s non-production IT testing environments as a result of the flaw in Fortra’s GoAnywhere file-transfer software, which Rubrik uses for sharing internal data.

This vulnerability, tracked as CVE-2023-0669, first came to light on February 2 after security journalist Brian Krebs publicly shared details of Fortra’s paywalled security advisory. Fortra released a patch for the actively-exploited flaw five days later on February 7.

Mestrovich said that since learning of the flaw last month, Rubrik conducted a “comprehensive review” of the affected data with an unnamed third-party firm, which found that the data accessed mainly consists of Rubrik internal sales information, including “certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors.”

“The third-party firm has also confirmed that no sensitive personal data such as Social Security numbers, financial account numbers, or payment card numbers were exposed,” Mestrovich said.

Rubrik provides enterprise data management and backup services across on-premise, cloud and hybrid networks.

In a statement, Rubrik spokesperson Najah Simmons told TechCrunch that the “unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products.” Simmons declined to answer any additional questions, such as whether Rubrik has received or been made aware of a demand for payment.

Rubrik’s confirmation comes just hours after a listing naming the company appeared on the dark web leak site of the Clop ransomware gang. Samples of stolen data published by Clop, and seen by TechCrunch, align with Rubrik’s statement that it comprised of mostly corporate information.

The Russia-linked Clop gang claims to have exploited the zero-day flaw to steal data from more than 130 organizations — including Hatch Bank, and Community Health Systems, which last week confirmed in a filing with the Maine attorney general’s office that the hackers accessed medical billing and insurance information, diagnostic and medications data, and Social Security numbers.

Back in 2019, Rubrik suffered a security lapse that exposed a massive database of customer information. An exposed server that wasn’t protected with a password left tens of gigabytes of data, including customer names, contact information and casework for each corporate customer, accessible to anyone who knew the IP address of the server.

Ransomware gang uses new zero-day to steal data on 1 million patients

Security giant Rubrik says hackers used Fortra zero-day to steal internal data by Carly Page originally published on TechCrunch

https://techcrunch.com/2023/03/14/security-giant-rubrik-says-hackers-used-fortra-zero-day-to-steal-internal-data/

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI