Cybersecurity Weekly: CVS Health breach, Wegmans breach, VPN attacks surging
Over a billion CVS Health records were exposed online. Supermarket chain Wegmans discloses data breach. VPN attacks surged in the first quarter of this year. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Over a billion CVS Health records exposed online
Last week, security researchers discovered an unsecured database belonging to the US healthcare and pharmaceutical giant, CVS Health. The database was accessible to everyone without any type of authentication. The researchers disclosed their findings to CVS Health which promptly secured the archive the same day.
2. Wegmans discloses data breach
The supermarket chain notified customers that some of their information was exposed as a result of the accidental availability online of two of its databases due to a configuration issue. The company pointed out that leaked account passwords were hashed and salted, while actual passwords were not contained in the databases.
3. VPN attacks surged in first quarter
Attacks against virtual private network products surged dramatically in the first quarter of 2021 as threats actors tried to take advantage of previously disclosed vulnerabilities that organizations had not patched. Interestingly, the sharp increase in VPN attacks came amid an overall decrease in malware, botnet, and other types of exploit activity.
4. Cruise operator Carnival discloses a security breach
The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information. The number of impacted individuals is not yet revealed, and it is also unclear if the company paid a ransom.
5. A flaw in Peloton Bike+ could allow hackers to control it
A vulnerability in the popular Peloton Bike+ could have allowed an attacker to gain complete control over the device, including the camera and microphone to spy on the gym users. Experts pointed out that the attackers need physical access to the bike or access during any point in the supply chain from construction to delivery.
6. Vigilante malware stops victims from visiting piracy websites
Researchers uncovered a malware campaign that aims to block infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system. The vigilantes distribute the vigilante malware in archives disguised as a wide variety of software packages that were advertised through the Discord chat service.
7. Popular Android antivirus fail to detect malicious apps
New research found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. Researchers found that 8 of the 17 leading commercial anti-malware programs failed to detect any of the cloned applications.
8. Google force installs Massachusetts MassNotify Android COVID app
For the past few days, users have reported that Google silently installed the Massachusetts MassNotify app on their devices without the ability to open it or find it in the Google Play Store. MassNotify is a COVID-19 contact tracing app that allows users who have opted into Android's 'COVID-19 Exposure Notifications' feature to be warned when exposed to the virus.
9. Fertility clinic discloses data breach exposing patient info
A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack. RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when a file server containing embryology data was encrypted and inaccessible.
10. North Korea exploited VPN flaw to hack South's nuclear research institute
South Korea's state-run Korea Atomic Energy Research Institute on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion was said to involve a total of 13 IP addresses, one of which has been previously linked to a state-sponsored threat actor dubbed Kimsuky.
In this Series
- Cybersecurity Weekly: CVS Health breach, Wegmans breach, VPN attacks surging
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
