Archive for the ‘Uncategorized’ Category

Looting Causes Data Breach at Walgreens

Looting Causes Data Breach at Walgreens

The personal health information (PHI) of over 72,000 Walgreens customers has been exposed after looters broke into nearly 200 stores and stole prescriptions. 



America’s second-largest pharmaceutical chain contacted impacted customers in July to disclose the data breach. Walgreens spokesperson Jim Cohn told the Philadelphia Inquirer that 180 Walgreens stores had been looted but declined to state which specific ones. 



“As part of a comprehensive investigation and review of the damage, we learned there was also limited unauthorized access to certain patient information at some of these damaged locations,” Cohn said in a statement. 



Walgreens said that while paper records and filled prescriptions were swiped by looters, no financial information or Social Security numbers belonging to customers were exposed. 



In a breach notification letter dated July 24, Walgreens wrote: “Sometime between May 26 and June 5 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens.



“Among the many items stolen were certain items containing health-related information — such as filled prescriptions waiting for customer pick up and paper records.”



Sensitive information exposed in the spate of looting included customers’ full name, address, date of birth/age, phone number, email address, balance rewards numbers and photo ID numbers. Vaccination information was also exposed along with prescription details and clinical and health plan information.



The letter went on to state: “Upon learning of the potential compromise of information, Walgreens promptly took steps to close out and re-enter impacted prescriptions in our system to prevent potential fraud regarding the original prescription.”



Walgreens said that it was coordinating with local law enforcement where appropriate and had taken steps to reverse insurance claims for any stolen filled prescriptions that had already been billed to health plans. 



Impacted customers were offered one year of credit monitoring free of charge and were given advice on how to obtain and monitor credit reports. Customers were further advised to “follow-up with your insurance company or the care provider for any items you don’t recognize.”



According to data in the Office for Civil Rights (OCR) breach portal, the data breach may have affected 72,143 Walgreens customers.


Source: Infosecurity
Looting Causes Data Breach at Walgreens

US Disrupts Three Cyber-Enabled Terror Campaigns

US Disrupts Three Cyber-Enabled Terror Campaigns

The US government has made its largest ever seizure of cryptocurrency associated with terrorism after three alleged cyber-enabled terrorist financing campaigns were dismantled. 



The global disruption of campaigns involving Hamas’s military wing, the Izz ad-Din al-Qassam Brigades, al-Qaeda and Islamic State of Iraq and the Levant (ISIS) was announced yesterday by the Department of Justice. 



Each group was allegedly found to have used cryptocurrency and social media to raise their online profile and attract donations to fund their terror campaigns. In accordance with judicially authorized warrants, US authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites and four Facebook pages.



In 2019, Al-Qassam Brigades allegedly posted a call for Bitcoin donations to fund its terror campaign on its social media page. The request was then made via the group’s official websites, alqassam.net, alqassam.ps and qassam.ps.



Included on their websites was a video claiming that benefactors could send money anonymously by using unique Bitcoin addresses generated for each individual donor. However, the IRS, HSI and FBI agents were able to track and seize all 150 cryptocurrency accounts that allegedly laundered funds to and from the al-Qassam Brigades’ accounts.



“While these individuals believe they operate anonymously in the digital space, we have the skill and resolve to find, fix and prosecute these actors under the full extent of the law,” said acting United States attorney Michael Sherwin.  



A second campaign run by al-Qaeda and affiliated terrorist groups allegedly solicited cryptocurrency donations via a Bitcoin money laundering network operated using Telegram channels and other social media platforms.



In some instances, the terrorists allegedly posed as charities to attract donations that were actually intended to fund violent terrorist attacks. 



The third disrupted campaign involved an alleged scheme by ISIS facilitator Murat Cakar to fund ISIS by selling fake personal protective equipment via FaceMaskCenter.com.



“It should not surprise anyone that our enemies use modern technology, social media platforms and cryptocurrency to facilitate their evil and violent agendas,” said Attorney General William P. Barr.   



“We will prosecute their money laundering, terrorist financing and violent illegal activities wherever we find them and, as announced today, we will seize the funds and the instrumentalities that provide a lifeline for their operations whenever possible.” 


Source: Infosecurity
US Disrupts Three Cyber-Enabled Terror Campaigns

CVE-2020-15145

In Composer-Setup for Windows before version 6.0.0, if the developer’s computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:ProgramDataComposerSetupbincomposer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:ProgramDataComposerSetupbin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.
Source: NIST
CVE-2020-15145

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.
Source: NIST
CVE-2020-15142

CVE-2020-9708

The resolveRepositoryPath function doesn’t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
Source: NIST
CVE-2020-9708

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.
Source: NIST
CVE-2020-15141

Phishing Scam Targets Asda Shoppers

Phishing Scam Targets Asda Shoppers

Supermarket shoppers in the UK have been targeted by a phishing scam run via the social networking sites Facebook and Twitter. 



Unscrupulous scammers ran sponsored adverts on the sites offering women who were born in October a free £1000 gift card to spend at Asda. 



Victims who clicked on the advert’s link were led to a malicious site, sneakily decked out in the supermarket’s official branding to make it look legitimate.



The misled social media users were then instructed that in order to claim their gift card, they must first enter their personal details including name, home address, cell number, bank account details and bank card security number.



The paid for malicious ad depicted two women and a shopping trolley laden with groceries bearing branding not typically seen in UK supermarkets. 



Alongside the image was the text: “Good news, we are giving away £1000 Asda Gift Cards across the country to raise brand awareness! Please complete a short survey below to figure out if you’re eligible to get it. Act fast! Only 949 Gift Cards left.”



A member of Asda’s service team confirmed that the £1000 gift card giveaway was fraudulent after being contacted by a user from Manchester who spotted an ad for the falsified scam on Twitter.



The ASDA Service Team Twitter feed responded to the user’s query on August 10 by saying: “I can confirm this is not an advertisement from us, this looks to be a scam.”



The fraudulent ads were first identified by niche litigation practice Griffin Law. The UK firm’s research team has found evidence that around 100 potential victims have already reported seeing the advert on Facebook. The team believes that none of the victims who reported the scam were taken in by it. 



“With the majority of people still working from home or on furlough due to the COVID-19 crisis, we’re seeing a sharp rise in online scams offering everything from gift cards to discounts on everyday essentials,” commented Centrify vice-president Andy Heather. 



“These fraudulent posts are specifically designed to catch consumers off-guard, often making use of sponsored posts to fool unsuspecting victims into handing over personal information such as bank details.”


Source: Infosecurity
Phishing Scam Targets Asda Shoppers

CVE-2020-7583

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users’ privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.
Source: NIST
CVE-2020-7583

CVE-2020-22721

A File Upload Vulnerability in PNotes – Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous ” External Programs by uploading the malicious .exe file to the external program.
Source: NIST
CVE-2020-22721

CVE-2020-22722

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITYSYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITYSYSTEM by giving the attacker full system access to the remote PC.
Source: NIST
CVE-2020-22722