Sav-Rx discloses data breach impacting 2.8 million Americans
 

Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. 

A&A Services, doing business as Sav-RX, is a pharmacy benefit management (PBM) company that provides prescription drug management services to employers, unions, and other organizations across the U.S. 

On Friday, the company notified the Maine Attorney General’s office of a cybersecurity incident in October 2023 that exposed the data of 2,812,336 people.
 

Source- https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/ 

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites 

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. 

The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations. 

Such attacks are known to leverage known flaws in WordPress plugins or easily guessable credentials to gain administrator access and install other plugins (legitimate or otherwise) for post-exploitation. 

Source- https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html7 

Hackers target Check Point VPNs to breach enterprise networks 

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. 

Remote Access is integrated into all Check Point network firewalls. It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access. 

Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches. 

Source- https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/ 

First American December data breach impacts 44,000 people 

First American Financial Corporation, the second-largest title insurance company in the United States, revealed Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. 

Founded in 1889, it provides financial and settlement services to real estate professionals, home buyers, and sellers involved in residential and commercial property transactions. The California-based company has over 21,000 employees and reported a total revenue of $6 billion last year. 

As the financial services company shared in a statement published on December 21 providing very few details regarding the nature of the incident, First American was forced to take some of its systems offline today to contain the impact of a cyberattack. 

Source- https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/ 

Check Point releases emergency fix for VPN zero-day exploited in attacks 

Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. 

On Monday, the company first warned about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later, it discovered the source of the problem, a zero-day flaw that hackers exploited against its customers. 

Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled. 

Source- https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/ 

Shell’s customer data claimed to be leaked 

A threat actor has listed a dataset that allegedly belongs to the British multinational oil and gas company Shell. The dataset contains sensitive information, such as first names, last names, email addresses, phone numbers, and home addresses. 

The cybercriminal behind the dataset listing claims that the data is from clients across the UK, Australia, France, India, Singapore, Philipines, Netherlands, Malaysia, and Canada. 

While the leaked data seems legit, Cybernews could not independently verify the claims it belongs to Shell. Cybernews has reached out to the company for comment, but a response has yet to be received. 

Source- https://cybernews.com/news/shells-customer-data-leak/ 

Cooler Master allegedly breached, members exposed 

The attackers claim to have stolen 103GB of data from the company’s servers on May 18th. According to the attacks’ perpetrators, the allegedly stolen information carries a trove of sensitive data, including Cooler Master’s Fanzone members’ payment card details. 

The hacker behind the attacks provided a data sample, including details on around one thousand users. The Cybernews research team has reviewed the sample and concluded that it appears to be legitimate. However, the data sample did not contain Fanzone members’ payment card details. 

Source- https://cybernews.com/news/cooler-master-data-breach/ 

Cybercriminals pose as “helpful” Stack Overflow users to push malware 

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users’ questions by promoting a malicious PyPi package that installs Windows information-stealing malware. 

Sonatype researcher Ax Sharma (and a writer at BleepingComputer) discovered this new PyPi package is part of a previously known ‘Cool package’ campaign, named after a string in the package’s metadata, that targeted Windows users last year. 

Source- https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/ 

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud 

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. 

The suspicious activity commenced on April 15, 2024, with the company noting that it “proactively” informed customers that had the feature enabled. It did not disclose how many customers were impacted by the attacks. 

Credential stuffing is a type of cyber attack in which adversaries attempt to sign in to online services using an already available list of usernames and passwords obtained either from previous data breaches, or from phishing and malware campaigns. 

Source- https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html 

Christie’s confirms breach after RansomHub threatens to leak data 

Christie’s confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. 

Christie’s is a prominent auction house with a history spanning 2.5 centuries. It operates in 46 countries and specializes in selling art, luxury items, and high-valued collectibles. 

Christie’s has handled numerous notable auctions such as Leonardo da Vinci’s Salvator Mundi for $450 million in 2017, the Yves Saint Laurent and Pierre Bergé collection for 370 million euros in 2009, and Paul Allen’s art collection that surpassed $1.5 billion in 2022. 

Source- https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/ 

Smarttech247