SecureFact – Cyber Security News – Week of February 10, 2025

A large-scale brute force attack is underway, utilizing nearly 2.8 million IP addresses to guess credentials for networking devices from Palo Alto Networks, Ivanti, and SonicWall.
The attack, which has been ongoing since last month, originates from a large number of countries, with Brazil accounting for the most attacking IPs.
The compromised devices, including routers and IoTs from manufacturers like MikroTik and Cisco, are likely part of a botnet or residential proxy network.
To protect against such attacks, it’s crucial to use strong, unique passwords, enable multi-factor authentication, utilize IP allowlists, disable unnecessary web admin interfaces, and apply the latest firmware and security updates.

Hewlett Packard Enterprise (HPE) is notifying employees about a data breach stemming from a May 2023 cyberattack where Russian state-sponsored hackers, known as Cozy Bear (Midnight Blizzard/APT29/Nobelium), accessed the company’s Office 365 email environment.
The breach, discovered in December 2024, resulted in the theft of personal information, including driver’s licenses, credit card numbers, and Social Security numbers, from a limited number of employee mailboxes.
The same group is believed to be behind a related breach of HPE’s SharePoint server in May 2023.
This incident follows previous security breaches at HPE, including a 2018 hack by Chinese actors and a 2021 compromise of the Aruba Central network monitoring platform. More recently, HPE investigated potential breaches related to claims of stolen credentials and source code by a threat actor named IntelBroker.

Hospital Sisters Health System (HSHS) is notifying over 882,000 patients about a data breach that occurred in August 2023 after a cyberattack.
The attackers gained access to HSHS’ network between August 16 and August 27, 2023. The compromised data includes names, addresses, dates of birth, medical record numbers, limited treatment information, health insurance information, Social Security numbers, and/or driver’s license numbers.
While the incident had signs of a ransomware attack, no group has claimed responsibility.
HSHS is offering affected individuals one year of free Equifax credit monitoring and advising them to monitor their accounts for suspicious activity.

GrubHub disclosed a data breach affecting an undisclosed number of customers, merchants, and drivers.
The breach occurred after attackers compromised a third-party service provider account. While the attackers didn’t access Grubhub Marketplace account passwords, full payment card numbers, bank account details, Social Security numbers, or driver’s license numbers, they did gain access to names, email addresses, and phone numbers.
Some campus diners also had partial payment card information (card type and the last four digits of the card number) exposed.
GrubHub has taken steps to address the breach, including terminating the compromised account, hiring forensic experts, rotating passwords, and adding anomaly detection mechanisms.
They are also urging users to use unique passwords.

Community Health Center, Inc. (CHC), a Connecticut-based health center, reported a data breach affecting 1,060,936 individuals after detecting unauthorized activity in its systems on January 2, 2025.
A hacker accessed and extracted data, potentially including names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers, and health insurance information.
For those who received COVID-19 services at CHC, the compromised data might include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity, insurance details, test dates, results, and vaccine details, with Social Security numbers exposed in rare cases.
CHC claims its systems are secured, and there’s no current evidence of data misuse.
They are offering free identity theft protection to those whose Social Security numbers were involved and are advising others to take steps to protect their information, including removing personal data from the internet, being wary of mailbox communications, remaining cautious of phishing attempts, using strong antivirus software, and monitoring accounts.