Breaches of security controls at Ikea Canada and two American healthcare providers.
Welcome to Cyber Security Today. It’s Monday May 9th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ikea Canada continues notifying 95,000 Canadians that an employee made unapproved searches of its customer database in March. It isn’t clear how the company realized there had been a breach of security controls. But it told Global News that an employee made what it called a generic search of the database. Ikea said no customer financial information was involved. It also told Global News it made sure the information wasn’t shared with a third party.
Two American healthcare providers have acknowledged that compromised email accounts of employees were behind data breaches. WellDyneRx, a Florida-based pharmacy benefits provider, said last December it discovered someone had accessed an employee’s email account the previous month. That account included emails with information of some patients including their names, dates of birth, Social Security numbers, driver’s licence numbers, prescription information and treatment information. The company isn’t saying how many people it is notifying.
Meanwhile Databreaches.net says the North Alabama Bone and Joint Clinic filed a preliminary notice of a cyber incident that happened in March. Several email accounts of employees and clinic files were accessed without authorization. The clinic is still trying to determine how many patients were affected, but the information seen could have included names, financial information, dates of birth, family information, prescription information, and medical information.
Threat actors have found a new place to hide malicious code: In the event logs of Windows computers. According to researchers at Kaspersky, that’s where an unknown hacker was caught depositing shellcode for execution and other malicious components. This particular attacker has created some novel techniques for malware that mostly runs in memory. However, they start with a victim being tricked into downloading a file that leads to the installation of a Cobalt Strike and SilentBreak penetration testing tools. These are tools often used by attackers. IT administrators need to regularly scan their networks for unexpected evidence of these tools. They’re evidence you’ve been hacked.
Microsoft is extending the mandatory use of two-factor authentication to contributors to its GitHub developer platform. Only 16 per cent of active GitHub users and 6.5 per cent of users of the NPM open-source code repository use multifactor authentication. But GitHub is going to force more users to adopt 2FA until everyone is enrolled by the end of next year. For example, at the end of this month all maintainers of the top 500 code packages on NPM will have to use two-factor authentication. Later this year those who maintain high-impact packages will be added.
Finally, security administrators whose firms use Trend Micro’s Apex One endpoint security should make sure the latest Smart Scan pattern has been installed. This is because an earlier pattern may cause a false alert when the Microsoft Edge browser is updated. There may also have been a change to the Windows registry. That will require going in and replacing a file. Instructions on how to do that are in a customer advisory issued by Trend Micro. There’s a link to that advisory here.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.