8 million Maximus medical files intercepted

Aug 08 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that exposes cyber criminals like Putin exposes Wagnersโ€™ female spies ๐Ÿ˜ฌ

Todayโ€™s hottest cyber security stories:

  • ๐Ÿ’Š 8 million Maximus medical files intercepted by Clop via MOVEit mega-bug ๐Ÿ‘พ

  • ๐Ÿ‘ฎ FBI warns of scammers posing as NFT devs to steal your crypto ๐Ÿช™

  • ๐Ÿ‘‘Burger King f*cks up Royale-ly. Forgets to password-protect systems AGAIN! ๐Ÿคฆ

Maximus Hackus โš”๏ธ

๐Ÿ“ฐ๐Ÿ”’ Russian Ransomware Crew Strikes Again: Deloitte, Chuck E. Cheese, Maximus, and Hallmark Channel Affected! ๐Ÿ”“๐Ÿค–

The notorious Russian ransomware group, Clop, has claimed its latest victims, including accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel. ๐Ÿ˜ฑ๐ŸŽฏย They exploited the MOVEit vulnerability, compromising hundreds of organisations worldwide.

Deloitte confirmed the intrusion but remained tight-lipped about the extent of data accessed. The accounting firm, along with PwC and Ernst and Young, found themselves among the victims due to security holes in vulnerable deployments of MOVEit file-transfer tool.

However, Deloitte took immediate action, applying security updates and following the vendor's guidance to mitigate the situation. ๐Ÿ›ก๏ธ๐Ÿ’ผ

On the other hand, Maximus, responsible for US government programs like Medicaid and Medicare, revealed in a US Securities and Exchange Commission filing that Clop accessed the personal information of up to 11 million individuals. The compromised data includes social security numbers, protected health information, and other personal details. ๐Ÿ˜ฐ๐Ÿ’ป

Maximus acted swiftly to address the MOVEit vulnerability, committing up to $15 million to cover the cleanup cost. The company assured that its corporate network remains unaffected by the breach and is conducting an ongoing investigation. ๐Ÿš€๐Ÿ’ต

These incidents serve as a stern reminder of the importance of robust cybersecurity measures for both businesses and government entities. Let's stay vigilant and take proactive steps to safeguard our sensitive information from cyber threats. ๐Ÿ’ช๐Ÿ”’

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Keep an FBI out for NFT scammers! ๐Ÿ‘๏ธ

ย ๐Ÿ“ฐ๐Ÿ’” FBI Warns NFT Enthusiasts of Scammers Preying on Cryptocurrency Assets! ๐Ÿ’€๐Ÿ’ธ

Beware, NFT enthusiasts! The FBI has issued a warning about fraudsters posing as Non-Fungible Token (NFT) developers to steal cryptocurrency and NFT assets.

These criminals gain unauthorised access to NFT developer social media accounts or create nearly identical ones to promote "exclusive" NFT releases. ๐Ÿšซ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Their misleading tactics include labelling promotions as "limited supply" or "surprises" to create a sense of urgency and trick victims into making rushed decisions without proper research. Unsuspecting victims click on provided links, only to be redirected to phishing websites resembling legitimate NFT platforms. ๐Ÿ˜ž๐Ÿ”—

Once on these fraudulent websites, victims are prompted to connect their cryptocurrency wallets for NFT purchases. However, this seemingly harmless action activates a drainer smart contract, transferring their assets to the criminals' wallets. To avoid detection, the scammers use cryptocurrency mixers and exchanges to obscure the stolen assets' final destination. ๐ŸŒช๏ธ๐Ÿ’ฐ

The FBI advises caution in NFT-related activities:

  1. Verify the authenticity of NFT developers and their promotions.

  2. Check if social media accounts advertising promotions are legitimate.

  3. Double-check website URLs to avoid clones of legitimate sites.

  4. Be wary of NFT reward opportunities that sound too good to be true.

If you become a victim of such fraud, report it promptly to the Internet Crime Complaint Center, providing crucial details such as links, social media accounts, crypto accounts, or domains linked to the scam, using the keyword "NFTHack" in your report. ๐Ÿšจ๐Ÿ’ป

This is not the first time scammers have targeted cryptocurrency owners. The FBI has previously warned about various schemes leading to substantial losses in cryptocurrency investments.

Let's stay vigilant and protect our digital assets from these malicious actors! ๐Ÿ›ก๏ธ๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about itย ๐Ÿ—ž๏ธ

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

๐Ÿ’ฐ Daily Dough: Bite-sized investing ideas, wisdom, news, and trends you need to grow your dough!

๐Ÿ“ˆย ProductivityGlide: A bite-sized email for your most productive day yet!

๐Ÿซย AI Marketing School: The latest AI Marketing tools, techniques, and news delivered biweekly.

Let us know what you think!

Whoppers a daisy! ๐Ÿ˜๐Ÿคจ

๐Ÿ“ฐ๐Ÿ” Burger King France Faces Security Mishap: Sensitive Credentials Exposed! ๐Ÿ”“๐Ÿ’ป

Burger King, the well-known US-based fast-food giant with over 19 thousand restaurants worldwide and a revenue of $1.8 billion, recently faced a cybersecurity concern in France. ๐Ÿ˜ฑ๐Ÿ‡ซ๐Ÿ‡ท

The Cybernews research team discovered that Burger King's French website had a misconfiguration, causing sensitive credentials to be exposed to the public. In the wrong hands, these leaked credentials could have been used to launch cyberattacks against the chain's systems. ๐Ÿ˜จ๐Ÿ”‘

The impacted website was used for job applications, potentially affecting individuals seeking employment at Burger King in France. This situation raises concerns about data privacy and security. ๐Ÿ’ผ๐Ÿ”’

Notably, this isn't the first time Burger King has experienced a data leak. Back in 2019, a similar misconfiguration resulted in the exposure of personally identifiable information (PII) of children who bought Burger King menus in France. ๐ŸŸ๐Ÿ‘ฆ

Upon notification, Burger King acted swiftly to address the issue after Cybernews contacted them. Let's hope they continue to prioritise cybersecurity measures to safeguard both customer and employee data. ๐Ÿ›ก๏ธ๐Ÿค

Stay tuned for more updates on cybersecurity and data protection! Let's stay vigilant in this digital age. ๐Ÿ’ช๐Ÿ’ป

So long and thanks for reading all the phish!

Recent articles