Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

URGENT: MOVEit transfer breach

published on 2023-06-15 10:21:05 UTC by
Content:

The UK's National Cyber Security Centre (NCSC) shared some important details about an incident at Zellis, a company that’s suffered a serious online attack. The event has shown us that even large and well-protected companies can be targeted by online threats. This blog will look into what happened and share valuable advice to help others avoid similar situations.

What has happened?

Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen. The NCSC is ,working with Zellis to understand and respond to this incident. We will continue to update the page as more information becomes available.

Who is affected?

The stolen information relates to employees at eight of Zellis's customers, including the BBC, Boots and British Airways. Other, non-UK based organisations have been affected, including Aer Lingus. Again, the information stolen relates to employees of these organisations.

What can I do?

If you work for an affected Zellis customer, and you are concerned about your personal information, follow our guidance below for individuals affected by a data breach. If you are an organisation directly affected by this vulnerability, see our guidance for organisations.

Advice for individuals affected

Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out ,how to protect themselves from the impact of the breach.

Advice for organisations affected

For organisations directly affected, Progress (the vendor of the MOVEit software) has issued best practice ,advice on mitigating this vulnerability.

The NCSC offers extensive ,guidance on preventing and mitigating malware attacks.

Cyber attacks like this that target organisations' supply chains (rather than the organisation directly) are increasingly common. In addition to our well-established Supply chain principles, we have recently provided:

· ,Guidance on how to map your supply chain

· ,Guidance on how to assess and gain confidence in your supply chain cyber security

· ,Free e-learning to help you manage cyber security risk across supply chains

The NCSC's position, along with law enforcement, is that we don’t endorse, promote or encourage the payment of ransoms. Read more in our joint blog with the Information Commissioner's Office (ICO) on why it’s a myth that paying the ransom makes the incident go away.

What if we have been compromised because of this vulnerability?

If you are a UK organisation compromised by this vulnerability, use the ,government's sign-posting service to report the incident.

To stay up to date against the latest threats, please sign up for our ,core membership today.

Article: URGENT: MOVEit transfer breach - published almost 1 year ago.

https://www.wmcrc.co.uk/post/urgent-moveit-transfer-breach   
Published: 2023 06 15 10:21:05
Received: 2023 06 19 08:47:44
Feed: The Cyber Resilience Centre for the West Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor