In today’s cybersecurity news…
Cencora confirms patient data stolen in February cyberattack
Following up on cyberattack on pharmaceutical supplier Cencora, the company has now confirmed, in an updated filing to the Securities and Exchange Commission submitted yesterday, July 31, that sensitive personal and health data was exfiltrated in the February breach. Most of this data was maintained by a subsidiary company of Cencora that provides patient support services. The filing did not mention the number of people impacted, nor did it name the subsidiary firm. According to InfoSecurity Magazine, there is currently no evidence that the data has been published or misused by the attackers.
Learn to hack computer chips with lasers and a $500 open-source tool
At next week’s Black Hat conference, one of the most intriguing presentations might be from Sam Beaumont and Larry “Patch” Trowell, both of whom work at security firm NetSPI, and who plan to present a new laser hacking device they’re calling the RayV Lite. In short, this tool, which they intend to release as open source, “aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies.” Their goal is to let people know, especially those who believe chip hacking to be out of reach of most hackers due to its cost and sophistication, that it is not, and that greater security must be built into the design of physical chips.
(Wired)
Android spyware Mandrake returns with new skills
An updated version of a malware that has been around since 2016 has been seen on five applications that together have seen 32,000 downloads from the Google Play app store. The new Mandrake performs a number of malicious activities, “including data collection, screen recording and monitoring, command execution, simulation of user swipes and taps, file management, and app installation.” It can also prompt users to install further malicious apps by displaying notifications that mimic Google Play.
Huge thanks to our sponsor, Dropzone AI
Three cyber-related bills clear Senate panel
This week saw three sets of Cybersecurity legislation pass through a key Senate committee Wednesday, toward consideration before the full chamber. The first was an act that “seeks to streamline the country’s patchwork of federal cyber rules,” including harmonizing federal cyber requirements for the private sector. The second was the Healthcare Cybersecurity Act, in response to the Change Healthcare problem, which calls on CISA to collaborate with the Department of Health and Human Services on cyber defenses. The third was the Federal Cyber Workforce Training Act, which “tasks the national cyber director with coming up with a plan to create a centralized resource and training center for federal cybersecurity workforce development. “ In part this would help create a program that would involve the private sector, and academia, to develop and deliver cyber training.
Phishing campaign targets OneDrive users
Researchers at the Trellix Advanced Research Center are warning of a sophisticated phishing campaign which tricks OneDrive users into executing a PowerShell script that leads to their systems being compromised. Users receive an email with an HTML attachment that falsely describes a DNS issue that needs to be fixed in order to reconnect to OneDrive. The HTML document includes a dialog box with a button marked “How to fix” which triggers the download of the malicious program files. Trellix states that most of the users targeted by this campaign, 40% are in the U.S., with others in South Korea, Germany, and India.
Eriakos ecommerce scam campaign targets Facebook users
A warning from security specialists at Recorded Future about a “sophisticated information-stealing fraud network that lures victims to fake web shops via malicious Facebook ads.” It has been named Eriakos after the CDN network used by the group behind the scam, which “exclusively targets mobile devices and users, with the scam websites only accessible via malvertising in order to evade security scanners.” The ad campaigns are short lived, designed to send out dozens of ads all pointing to a scam website, in order to overwhelm Facebook’s filters. The ads carry an urgency statement to entice quick purchases, and have been traced back to operations in China.
(InfoSecurity Magazine and Recorded Future)
Argentina will use AI to predict future crimes
Precog alert. In a move straight out of the novel and movie Minority Report, Argentina’s security forces “have announced plans to use artificial intelligence to predict future crimes.” Put in place by far-right president Javier Milei, the security unit will use “machine-learning algorithms to analyze historical crime data to predict future crimes. It is also expected to deploy facial recognition software to identify “wanted persons,” patrol social media, and analyze real-time security camera footage to detect suspicious activities.”