Cyber Security Today, May 1, 2024 – Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more

Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more.

Welcome to Cyber Security Today. It’s Wednesday, May 1st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

 London Drugs, a Western-Canadian drug store chain, is still trying to recover from what it calls a cybersecurity incident that was discovered on the weekend. On Tuesday afternoon, when this podcast was recorded, the company said in a tweet that all of its stores were still closed and phone lines disconnected until it can get on top of the attack. But the company now says it is investigating if any data might have been compromised in the attack. That’s a change from Monday, when it said at that time there was no reason to believe that customer or employee data has been impacted. London Drugs is similar to Walmart in that it not only has pharmacies but also sells a wide range of consumer and electronic products. It has 80 stores across four Canadian provinces and more than 9,000 employees.

Expect fireworks this afternoon at a U.S. Congressional committee hearing. UnitedHealth Group CEO Andrew Witty is scheduled to testify about February’s ransomware attack. The AlphV/BlackCat gang hit a division called Change Healthcare that provides billing and data services to hospitals and clinics across the U.S., causing financial woes in the healthcare sector. When Witty appears committee members will be armed with a copy of his opening statement, which says the attackers used compromised credentials to break into a portal protected with a Citrix application. But portal logins weren’t protected with multi-factor authentication. UnitedHealth bought Change Healthcare two years ago. Witty also says the decision to pay a ransom to get access to stolen and encrypted data was his. The number of victims impacted by the incident would be equal to a “substantial portion of people in America,” Witty says.

(Livestream the hearing from here:  https://energycommerce.house.gov/ )

Developers using the R programming language are urged to update their version fast because of a vulnerability. Researchers at HiddenLayer say the open-source environment often used for statistical computing has a hole that could allow an attacker who creates a malicious RDS file to execute code. Developers should upgrade to version 4.4.0. R is widely used in healthcare, finance and government IT departments.

The U.S. Federal Communications Commission has levied almost US$200 million in fines against Sprint, T-Mobile, AT&T and Verizon for selling customers’ real-time location information to data brokers without subscribers’ consent. The fines had been proposed four years ago.

To comply with a European law, Apple is allowing users of its devices in the EU to get apps not only from the Apple store but also from other app marketplaces. However, researchers at an app maker called Mysk say the way Apple allows this through its Safari browser is clumsy. In fact, they argue Apple’s approach can expose iPhone users in the EU being tracked. That’s because the Safari solution doesn’t allow the origin of a marketplace website to be checked against the site’s URL. The Brave browser does that.

The United Kingdom’s new cybersecurity product protection legislation came into effect Monday. Manufacturers selling equipment in the U.K. are forbidden from allowing easy-to-guess default passwords, and have to provide a point of contact so people can report security issues. Is it time for your state or province to adopt a similar law?

J.P.Morgan is notifying almost 452,000 people of a data breach caused by employees or their agents. The financial giant acts as a benefit payments agent for an unnamed company. Three people used their access to create reports with plan participation information including names, addresses, Social Security numbers and certain personal financial information.

The Philadelphia Inquirer is notifying more than 25,000 people their personal information was copied in a hack just over a year ago. Information stolen included names, financial account or credit/debit card numbers, as well as security codes, passwords or PIN numbers for the accounts.

Governments in the U.S., Britain and elsewhere offer free cybersecurity tools for businesses. The Canadian Centre for Cyber Security has just released its latest: A platform called Howler. It’s an open-source application to help security operation centre (SOC) teams triage and investigate incidents, suspect files and alerts. In simple terms, it’s a workflow management system. A triage analyst watching for suspect actions can rank incidents and assign work for further investigation. Filters can also be created so teams can automatically dismiss known scenarios and focus on critical issues. You don’t have to be Canadian to get Howler. It can be downloaded by anyone with a Github account.

Finally, as I mentioned last week tomorrow is World Password Day. It’s a day that IT leaders should think about whether their organization uses the most effective password strategies to protect against logins by threat actors. That includes making a phishing-resistant multifactor authentication solution mandatory for all employees, giving each employee a password manager so they can create and store complex passwords without having to memorize them and looking at alternatives to passwords like biometric authentication.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.