Tag Archive for: theft

Nearly 3M people hit in Harvard Pilgrim healthcare data theft • The Register

/in


Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2.9 million people in all US states.

Pilgrim’s problems were first admitted last year after a March ransomware infection that affected systems tied to the health services firm’s commercial and Medicare Advantage plans. While the intrusion occurred on March 28, 2023, it wasn’t discovered until April 17. Pilgrim says it believed customer data was extracted in the interim period.

“After detecting the unauthorized party, we proactively took our systems offline to contain the threat,” Harvard Pilgrim said in its latest notification letter sent out this month. “We notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.”

Names, physical addresses, phone numbers, birth dates, clinical information including lab results, and social security ID numbers were all compromised, Harvard Pilgrim said. 

The latest notification letters mark the fourth time Harvard Pilgrim has updated the total number of victims. An update in February put the total number at 2,632,275 individual records exposed; now it is reporting a total of 2,860,795 people. 

As is usually the case in these sorts of dramas, credit monitoring and identity protection services are being offered, and the business doesn’t believe any of the stolen data has been misused as a result of the theft – that it knows about at least. 

It’s not uncommon for victim numbers to increase during the course of an investigation, though 2.8 million is a lot of people and may not be the final tally yet.

“Our investigation is still underway and we will continue to provide notification in the event we identify additional individuals whose information may have been impacted,” a spokesperson told The Register.

Critical vulnerabilities: A very Cisco week

There weren’t a ton of critical vulnerabilities to report this week, though Cisco did have a pretty busy few days with a series of updates going out for IOS and other products.

Source…

Why Hacker Tactics Are Shifting To Cookie Theft: Expert

/in


As more organizations adopt multifactor authentication, theft of browser cookies is becoming a go-to method for attackers to bypass the security measure, says Sophos Global Field CTO Chester Wisniewski.


As more organizations adopt multifactor authentication (MFA), the theft of web browser cookies is turning into a go-to method for attackers seeking to subvert the security measure, according to a top security researcher.

To combat the massive risk posed by stolen or compromised passwords, MFA—which requires a second form of authentication beyond username and password—has long been considered harder to defeat than password-only logins and is an essential part of cyberdefense.

[Related: 10 Major Cyberattacks And Data Breaches In 2023]

Organizations have gotten the message, and MFA is now increasingly commonplace even among small and midsize businesses. But because browser cookies are sometimes configured to allow logging in without triggering an MFA challenge, theft of the web session data is proving to be an ideal workaround for attackers, said Sophos Global Field CTO Chester Wisniewski.

“More and more small businesses are adopting good security practices, like multifactor [authentication],” Wisniewski told CRN. “But if I can get onto one computer and steal those cookies, I don’t need to worry about multifactor anymore. I can just bypass the authentication entirely.”

Ultimately, “the cookie is the universal key that unlocks everything,” he said.

The growth of this tactic among threat actors is underscored by findings from the recently released 2024 Sophos Threat Report, including the discovery that nearly all attacks tracked in the report—90 percent—included the use of infostealer malware. The percentage of attacks involving infostealers had not been tracked in previous years since it was seen as a significantly smaller concern, Wisniewski said.

And while the tools can be used to steal passwords, attackers are frequently using the malware to obtain browser cookies, he said. “I think…

Source…

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft

/in


A dangerous vulnerability in Apple Shortcuts has surfaced, which could give attackers access to sensitive data across the device without the user being asked to grant permissions.

Apple’s Shortcuts application, designed for macOS and iOS, is aimed at automating tasks. For businesses, it allows users to create macros for executing specific tasks on their devices, and then combine them into workflows for everything from Web automation to smart-factory functions. These can then be shared online through iCloud and other platforms with co-workers and partners.

According to an analysis from Bitdefender out today, the vulnerability (CVE-2024-23204) makes it possible to craft a malicious Shortcuts file that would be able to bypass Apple’s Transparency, Consent, and Control (TCC) security framework, which is supposed to ensure that apps explicitly request permission from the user before accessing certain data or functionalities.

That means that when someone adds a malicious shortcut to their library, it can silently pilfer sensitive data and systems information, without having to get the user to give access permission. In their proof-of-concept (PoC) exploit, Bitdefender researchers were then able to exfiltrate the data in an encrypted image file.

“With Shortcuts being a widely used feature for efficient task management, the vulnerability raises concerns about the inadvertent dissemination of malicious shortcuts through diverse sharing platforms,” the report noted.

The bug is a threat to macOS and iOS devices running versions preceding macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3, and it is rated 7.5 out of a possible 10 (high) on the Common Vulnerability Scoring System (CVSS) because it can be remotely exploited with no required privileges.

Apple has patched the bug, and “we are urging users to make sure they are running the latest version of the Apple Shortcuts software,” says Bogdan Botezatu, director of threat research and reporting at Bitdefender.

Apple Security Vulnerabilities: Ever More Common

In October, Accenture published a report revealing a tenfold rise in Dark Web threat actors targeting macOS since 2019 — with the trend poised to continue.

The findings coincide with the emergence…

Source…