Week of May 10th, 2024
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
What Can Organizations Learn From the Recent London Drugs Cyberattack?
As of May 9th, Canadian retail pharmacy chain London Drugs has issued a formal apology letter to its customers for its abrupt closure of all Western Canada stores after a significant cyberattack that shut down 79 of its retail locations across British Columbia, Alberta, Saskatchewan, and Manitoba. The shutdown lasted approximately six days, with some systems still being impacted.?
“I want to begin by expressing my sincere apologies for the inconvenience and any concerns that may have arisen from the cybersecurity incident against London Drugs,” Clint Mahlman, London Drugs president and chief operating officer, said in a recent public address “As soon as we became aware of suspicious activity in our environment, we immediately engaged third-party cybersecurity specialists from across North America to assist with containment, mitigation, and to conduct a forensic investigation. While we are [now] open, we beg for a little more forgiveness and patience as we connect to some of our other systems.”
London Drugs deals with thousands of cyberattacks every day, the president went on to say, and claimed that, at this time, it “appears no customer information was stolen.” Exact details of the cyberattack will not be released by the company due to concerns the info will be used to refine future attacks.?
On average, sales growth drops 5.4% for compromised retail companies . This is compounded by:
Ethical hackers suggest that retail organizations focus on six primary control objectives for organizations within the retail industry:
Furthermore, retail organizations are warned to migrate their data to secure infrastructure and ensure POS systems are encrypted, review and maintain all compliance mandates, monitor and keep up with the latest threats, and invest in regular penetration testing.
Urgent Cybersecurity Update Released for Google Chrome
Google has released an urgent update for its popular Chrome web browser. The update fixes a critical zero-day vulnerability that malicious attackers are actively exploiting: a vulnerability in Chrome’s Visuals component that is being tracked as CVE-2024-4671, which is a flaw related to the use-after-free issue and can potentially lead to remote code execution.
领英推荐
The vulnerability is considered to be high-risk, and, if left unpatched, attackers have the opportunity to gain unauthorized access to sensitive information on impacted systems.
Google has launched the Chrome 124.0.6367.201/.202 update for users of Windows, Mac, and Linux desktops.
This is the sixth Chrome zero-day patched by Google in 2024. This past April, Google fixed two other zero-day vulnerabilities–CVE-2024-2887 and CVE-2024-2886–that were exploited at the Pwn2Own Vancouver 2024 hacking competition.
CVE-2024-2887 was a type of confusion weakness in WebAssembly used as part of a remote code execution exploit, whereas CVE-2024-2886 was a use-after-free flaw in the WebCodecs API that permits arbitrary read/write access. Earlier in the year, Google also patched CVE-2024-0519, which was an actively exploited zero-day that allowed attackers to access sensitive information or crash unpatched browsers due to an out-of-bounds memory access weakness present in the V8 JavaScript engine.
The discovery of another actively-exploited Chrome zero-day flaw highlights the ongoing security risks posed by web browsers, as threat actors are targeting weaknesses in browser components and APIs to compromise user systems at an accelerated rate. Experts recommend incorporating potential browser weaknesses into your team’s 2024 cybersecurity incident response plan .
Dell Customer Data for Sale on Hacking Forum
Alongside a string of cyberattack announcements this week–including, but not limited to, the British Columbia government investigating numerous cyber incidents , being impacted by a breach, a cyberattack disrupting the operations of an American hospital chain, and the United Kingdom rolling out new password laws – Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
The organization notified customers via email, stating that a Dell portal containing customer information related to purchases had been breached. The following information was allegedly accessed by the threat actor during the breach:
The company emphasized that, to their knowledge, the stolen information does not include financial or payment information, email addresses, or telephone numbers. They state that they are working with law enforcement and a third-party forensics firm to investigate the incident.
As first reported by the publication Daily Dark Web , a threat actor under the name of “Menelik” put up a Dell database for sale on the Breach Forums hacking forum on April 28th. The threat actor claimed that they stole data from Dell for "49 million customer and other information systems purchased from Dell between 2017-2024."
As of May 10th, the offer has since been deleted from the forum, which may indicate that another threat actor purchased the database.?
What this week’s news reiterates is that, when it comes to being the target of a cyberattack, it’s not a matter of “if”–it’s a matter of “when.” And in the fight against threat actors, proactive offensive security is power.?