Wisconsin Physicians Service Insurance Corporation (WPS) recently started notifying roughly 950,000 individuals that their personal information was stolen in the MOVEit campaign last year. The MOVEit hack was disclosed in May 2023 after Progress Software discovered that the Russian-speaking Cl0p ransomware group had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software to access customer data.

It has recently been announced that around 3000 victims of historic fraud facilitated by Western Union will receive millions of dollars in the latest round of reimbursements announced yesterday.  The Department of Justice (DoJ) said that the second distribution of the second phase of the Western Union Remission would compensate the victims another $18.5m forfeited to the government by the Colorado-headquartered money transfer business.

A new study conducted by security researchers at StormWall found that distributed denial of service (DDoS) attacks continue to grow, with the number of incidents doubling year-on-year (YoY).  The researchers said that DDoS attacks globally rose by 102% in the first half of this year compared to 2023.  The government sector was the hardest hit, with a 116% YoY increase.  The researchers noted that attacks on the government sector amounted to 29% of DDoS incidents.  The researchers attribute this, in part, to the large number of countries holding elections this year.

Progress Software has recently issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allow attackers to remotely execute commands on the device.  The company said the flaw tracked as CVE-2024-7591 is categorized as an improper input validation problem allowing an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

Electronic payment gateway Slim CD recently announced that it had been hit by a cyberattack, potentially exposing the credit card details of 1.7 million individuals.  The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024.  A subsequent investigation identified system access between August 17, 2023, and June 15, 2024, which may have enabled an attacker to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.

Avis Car Rental recently started notifying close to 300,000 individuals that their personal information was stolen in an August 2024 data breach.  The company said the incident was discovered on August 5 when it flagged unauthorized access to one of its business applications.  Avis says it immediately took steps to contain the attack and notified the relevant authorities.

The US recently indicted a Kazakhstani national and a Russian national for operating several dark web sites facilitating the trading of personal, payment card, and banking information.  According to the Department of Justice (DoJ), the two, Alex Khodyrev, 35, of Kazakhstan, and Pavel Kublitskii, 37, of Russia, were the main administrators of wwh-club.ws (WWH Club) and several sister websites between 2014 and 2024.