In today’s cybersecurity news…
Arc browser’s Windows launch sabotaged by malvertising
The much-anticipated launch of the Arc browser for Windows, a new browser that has already received positive reviews after last year’s release for iOS, was marred by a Google Ads malvertising campaign that lured people into downloading trojanized installers to receive malware payloads. A report from MalwareBytes describes how the threat actors set up malicious advertisements on Google Search to attract users looking to download the new web browser. Since these installed the Arc browser as expected, it is unlikely that victims will realize they have become infected with malware.
(ThreatDown blog by MalwareBytes)
Cencora breach exposed patient info from 11 drug companies
Following up on a story we covered in March 1, some of the world’s largest drug companies have disclosed data breaches following a cyberattack at Cencora, formerly known as AmerisourceBergen, a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support. The data stolen includes full name, address, health diagnosis, medications, and prescriptions, although no numbers of patients appears available. This is because the 11 companies affected, including Novartis, Bayer, and GlaxoSmithKline are processing the impact individually.
Threat actors use fake antivirus websites to distribute malware
In April of this year, researchers at Trellix Advanced Research Center identified multiple fake antivirus sites being used to distribute info-stealers. According to Security Affairs, the sites hosted “sophisticated malicious files such as APK, EXE, and Inno setup installer, including Spy and Stealer capabilities, and were masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes.” No specific threat actor was identified in the report.
Albany County investigating ‘cybersecurity breach’ ahead of holiday weekend
Albany County executive Daniel McCoy told Recorded Future News that the state capital is “working with the state Division of Homeland Security and the Emergency Services Cyber Incident Response Team after discovering the potential issue in county networks.” It is considered to be a possible cybersecurity breach, but at this point they say they are not aware of any data exfiltration.
Thanks to today’s episode sponsor, Vanta
With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast.
Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you.
Visit vanta.com/ciso to take a tour.
Black Basta claims hack on fuel distributor Atlas
According to researcher Dominic Alvieri, Black Basta has added the company to its online victim list. “Atlas is one of the largest national fuel distributors in the U.S., moving 1 billion gallons of fuel per year to the 49 continental states. Amid the 730GB of data claimed to have been stolen from Atlas is corporate data belonging to departments such as Accounts, HR, Finance, and Executive, as well as user and employee data. The gang has published some documents as proof, but Atlas has yet to disclose the alleged incident.
A fourth Chrome zero-day discovered this month
On Thursday, Google issued fixes to a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. This vulnerability deals with a type confusion bug in the V8 JavaScript and WebAssembly engine. This is the fourth zero-day that Google has patched in May.
Funding cuts expands backlog of unanalyzed vulnerabilities
New research from VulnCheck shows that over 90% of submissions to the U.S. government’s National Vulnerabilities Database have not been analyzed or enriched since the agency announced cutbacks in February. CVE enrichment involves the inclusion of public feedback following the creation of a vulnerability number. This has been adversely affected by the cutbacks. Out of 12,720 new vulnerabilities added since February, 11,885 remain not analyzed. In addition, 82% of bugs that have a public proof-of-concept exploit have not been examined.
Microsoft says goodbye to Cortana and WordPad
The company has announced that these two apps will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. Cortana has been steadily removed from iterative builds over the past few months, but as of Windows 11, version 24H2, they, along with the Tips app are deprecated.