May 2024 Cybersecurity News Roundup

Top Data Breaches: 

Healthcare Data Exposed: A cyberattack on pharmaceutical services provider Cencora compromised patient data (names, diagnoses, medications) from 11 drug companies.

Government Breach Investigation: Albany County, New York is investigating a potential cybersecurity breach, urging vigilance.

Fuel Distributor Hacked: Black Basta claims to have hacked Atlas, a major US fuel distributor, potentially exposing employee and financial data.

Pharmacy Benefit Manager Breach: Sav-Rx discloses a data breach impacting 2.8 million Americans, with personal information compromised.

Healthcare Attack Aftermath: Ascension hospitals are recovering from a major cyberattack, highlighting the operational disruptions beyond data breaches.

Vulnerabilities, Malware & Phishing: 

Courtroom Software Backdoor: Justice AV Solutions courtroom recording software was compromised with a backdoor installer, potentially affecting thousands.

New ATM Malware Threat: A new ATM malware claims to target 99% of European ATMs and 60% globally, posing a significant financial threat.

Financial Phishing with Minesweeper: A phishing campaign targeting financial institutions uses a disguised Minesweeper game to hide malicious scripts.

Cisco Firepower Management Center Vulnerability: Cisco identifies a high-severity SQL injection vulnerability in its Firepower Management Center software.

Fourth Chrome Zero-Day Patched: Google patches a fourth Chrome zero-day vulnerability this month, a type of confusion bug in the V8 engine. 

Arc Browser Launch Disrupted: Malvertising campaigns target downloads of the new Arc browser, distributing malware payloads.

Fake Antivirus Malware: Fake antivirus websites disguised as legitimate security software continue to distribute malware.

Vulnerability Backlog Grows: Funding cuts lead to a backlog of unanalyzed vulnerabilities in the US government’s National Vulnerabilities Database.

New Ransomware with a Twist: New ransomware, ShrinkLocker, uses Windows BitLocker to encrypt victim data.