Rite Aid breach, AT&T breach implications, CDK paid ransom
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Rite Aid announces data breach following June cyberattack
The third largest drugstore chain in the U.S. was hit by the RansomHub ransomware group in June. This has resulted in the theft of 10 GB of customer information, translating into 45 million records of people’s personal information, according to a post from RansomHub itself. Rite Aid states that the incident involves PII but not social security numbers, health or financial information. RansomHub is threatening to leak the data next Monday, July 22.
The personal security implications of the AT&T breach
The phone carrier’s data breach, which was announced on Friday, contained records of the phone numbers that were called to or texted to by customers between May 1, 2022 and October 31, 2022. The stolen data does not include any content of calls or texts, nor their time or date. In some instances cell site information was stolen, which might assist threat actors to triangulate customers’ locations as well as the people they interacted with, through the numbers themselves. According to Rachel Tobac, a social engineering expert and founder of cybersecurity firm SocialProof Security, quoted in TechCrunch, this type of data, referred to as metadata, “makes it easier for cybercriminals to impersonate people you trust, making it easier for them to craft more believable social engineering or phishing attacks against AT&T customers.” She continues, “the attackers know exactly who you’re likely to pick up a call from, who you’re likely to text back, how long you communicate with that person, and even potentially where you were located during that conversation due to the metadata that was stolen.”
U.S. offers support to prevent Paris Olympics cyber and disinformation attacks
This announcement from the Biden administration says the assistance will focus on “intelligence sharing as well as direct cyber support between the U.S. and French officials.” CISA’s Scott McConnell, added that CISA will be a member of the U.S. government’s joint operations center in Paris. Other agencies, including the State Department’s Diplomatic Security Service, will be contributing as well as other nations, such as Estonia. Primary concerns focus on possible Russian interference which has already been evident in its frequent disinformation and intimidation campaigns focused on the games and participants.
领英推荐
And now a word from our sponsor, Conveyor
CDK Global reportedly pays $25M ransom following cyberattack
Following up on the story regarding CDK Global, the maker of specialized software for car dealerships, The Register reports that the company paid the $25 million ransom in bitcoin, to the group that runs BlackSuit ransomware. The consulting firm Anderson Economic Group suggests that the total financial damage to dealers in the first two weeks of the shutdown is just over $600 million, or 24 times the ransom. The problems for CDK and its customers are not yet over, with certain parts of the network still offline as restoration and rebuilding continues.
Exim bug bypasses security filters on 1.5 million mail servers
Security firm Censys is now warning that more than “1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.” The flaw affects Exim releases up to and including version 4.97.1. With customers in the U.S., Canada and Russia most likely to be affected, the flaw works through the launching of a malicious attachment in a phishing email, and will allow threat actors to bypass security checks based on file extensions, in order to deposit executables.
Indiana county files disaster declaration after ransomware attack
According to The Record, “officials in charge of Clay County, Indiana filed a local disaster declaration following a ransomware attack that resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation.” The declaration makes it easier to free up funds and allow action to more quickly resolve the issue. The attack occurred around midnight on July 9 and has been confirmed as a ransomware attack.
CISA breaks into a U.S. federal agency, goes unnoticed for five months
As part of a red teaming exercise, named by CISA as SILENTSHIELD assessments, specialists exploiting an unpatched vulnerability in the Oracle Solaris enclave of an unnamed federal civilian executive branch agency, leading to what it said was a full compromise. The intrusion was made in January 2023, and for the following five months of the assessment, the target organization “failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity.” As reported in The Register, “After gaining access to the Solaris enclave, the red team discovered they couldn’t pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful.”