Cybersecurity Weekly: CVS Health breach, Wegmans breach, VPN attacks surging

June 22, 2021 by Sam Fay

Over a billion CVS Health records were exposed online. Supermarket chain Wegmans discloses data breach. VPN attacks surged in the first quarter of this year. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Over a billion CVS Health records exposed online

Last week, security researchers discovered an unsecured database belonging to the US healthcare and pharmaceutical giant, CVS Health. The database was accessible to everyone without any type of authentication. The researchers disclosed their findings to CVS Health which promptly secured the archive the same day.
Read more »


2. Wegmans discloses data breach

The supermarket chain notified customers that some of their information was exposed as a result of the accidental availability online of two of its databases due to a configuration issue. The company pointed out that leaked account passwords were hashed and salted, while actual passwords were not contained in the databases.
Read more »


3. VPN attacks surged in first quarter

Attacks against virtual private network products surged dramatically in the first quarter of 2021 as threats actors tried to take advantage of previously disclosed vulnerabilities that organizations had not patched. Interestingly, the sharp increase in VPN attacks came amid an overall decrease in malware, botnet, and other types of exploit activity.
Read more »


4. Cruise operator Carnival discloses a security breach

The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information. The number of impacted individuals is not yet revealed, and it is also unclear if the company paid a ransom.
Read more »


5. A flaw in Peloton Bike+ could allow hackers to control it

A vulnerability in the popular Peloton Bike+ could have allowed an attacker to gain complete control over the device, including the camera and microphone to spy on the gym users. Experts pointed out that the attackers need physical access to the bike or access during any point in the supply chain from construction to delivery.
Read more »


6. Vigilante malware stops victims from visiting piracy websites

Researchers uncovered a malware campaign that aims to block infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system. The vigilantes distribute the vigilante malware in archives disguised as a wide variety of software packages that were advertised through the Discord chat service.
Read more »


7. Popular Android antivirus fail to detect malicious apps

New research found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. Researchers found that 8 of the 17 leading commercial anti-malware programs failed to detect any of the cloned applications.
Read more »


8. Google force installs Massachusetts MassNotify Android COVID app

For the past few days, users have reported that Google silently installed the Massachusetts MassNotify app on their devices without the ability to open it or find it in the Google Play Store. MassNotify is a COVID-19 contact tracing app that allows users who have opted into Android’s ‘COVID-19 Exposure Notifications’ feature to be warned when exposed to the virus.
Read more »


9. Fertility clinic discloses data breach exposing patient info

A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack. RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when a file server containing embryology data was encrypted and inaccessible.
Read more »


10. North Korea exploited VPN flaw to hack South’s nuclear research institute

South Korea’s state-run Korea Atomic Energy Research Institute on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion was said to involve a total of 13 IP addresses, one of which has been previously linked to a state-sponsored threat actor dubbed Kimsuky.
Read more »


Posted: June 22, 2021
Sam Fay
View Profile