New, by me: U.S. pharma giant Cencora says Americans’ personal and health information were stolen in a Feb. data breach.
Cencora, previously AmerisourceBergen, said it obtained patients’ data through partnerships with drug makers, including Abbvie, Acadia, Bayer, Novartis, Regeneron.
Cencora's disclosures with U.S. states so far show at least half a million people are affected. But Cencora said it is unwilling to say if it knows how many people are affected.
If you received a letter from Cencora in the last few days, you are likely affected. Even then, Cencora says it “does not have address information to provide direct notice” for some affected individuals.
Cencora handles around 20% of the pharmaceuticals sold and distributed throughout the United States, and says on its website that the company has served at least 18 million patients to date.
NEW, by me: The check-in computers at several hotels around the U.S. are running a consumer-grade spyware app called pcTattletale.
pcTattletale was seen stealthily and continually capturing screenshots of the hotel booking systems, which contained guest information and reservation details.
This was discovered because a security researcher found a flaw in the spyware is exposing these screenshots to the internet, not just the spyware's intended users.
@zackwhittaker I’ve seen people use those computers for so much personal stuff and the staff at those places don’t bother checking security on those machines. They really should setup a guest account system where once you log off everything is cleared for the next user. Nothing gets stored. You could basically just setup a chrome book browser.
A busy edition of ~ this week in security ~ is now out:
• FBI seizes BreachForums (again)
• CISA official breaks ranks on SS7 flaws
• May's Patch Tuesday fixes plenty of zero-days
• Jamaica's state-run agency hit by ransomware
• Australian prescription company hacked
• CSC ignores "free laundry" bug
• A brand new pair of cyber cats, and more.
@zackwhittaker oh no if the laundry machine company doesn't fix this security bug soon it might mean that millions of people will have clean clothes for free!
We've spent years securing endpoints and network perimeters from external threats. And now the biggest threat to our data is coming from inside the house. https://cloudisland.nz/@mugginsm/112453455988901949
Some of the attacks recorded in Estate's database show efforts to carry out SIM swap attacks — one campaign was simply titled “ur getting sim swapped buddy” — and doxing victims.
The database also exposed information about Estate's founder, a Danish programmer in their early 20s, who claimed, “I do not operate the site anymore.”
Although the cybercrime site is hidden behind Cloudflare, Estate's founder misconfigured the site's server exposing its real-world location.
A Jamaica state-run agency is recovering from a ransomware attack, reports the Jamaica Gleaner.
"BSJ, the statutory body established to promote and encourage standardisation in relation to commodities, processes and practices, confirmed that it suffered a ransomware attack in February and is still working to 'normalise' its operations."
Several other authorities are affected by the cyberattack.
NEW, by me: Since mid-2023, a cybercrime operation called Estate has allowed hundreds of members to carry out thousands of automated phone calls aimed at tricking victims into turning over their one-time passcodes.
Oftentimes, that one-time passcode is all the attacker needs to break into a victim’s online account.
But a bug in Estate's code exposed the site's backend database, which was not encrypted. A security researcher shared the database with TechCrunch.
Estate's leaked database provides a rare insight into how a one-time passcode interception operation works.
But while Estate's owner promised privacy for its members, stating "We do not log any data," that wasn't true.
Estate's database has logs of more than 93,000 call attacks dating back to the site's launch last year, as well as detailed server logs that gave Estate's owner a real-time window into what was happening on Estate’s server at any given time.
~ this week in security ~ is back after a week away, with:
• U.S. name and sanction LockBit ransomware leader
• U.K. Armed Forces' payroll hacked
• Ascension healthcare system hit by ransomware
• Research shows VPNs can leak data
• USPTO inadvertently leaked filers' addresses (again!)
• Plus: Someone scraped 49 million Dell customer addresses
• A brand new cyber cat, and more.
CNN's @snlyngaas reporting that the ransomware attack on Ascension's hospital chain is the work of the Black Basta gang, citing four sources with knowledge of the investigation. Ascension has 140 hospitals in 19 states. Black Basta has previously targeted healthcare organizations and other big corporations.