At a glance.
- Cybercriminals target gift card departments.
- Courtroom recording software backdoored.
- Cencora notifies customers of data breach.
Cybercriminals target gift card departments.
Microsoft has published a report on a Morocco-based cybercriminal group called "Storm-0539" or "Atlas Lion" that's attempting to compromise organizations' gift card departments in order to issue fraudulent gift cards. In some cases, the threat actor has stolen up to $100,000 per day from certain companies.
Microsoft states, "What sets Storm-0539 apart is its deep understanding of cloud environments, which it exploits to conduct reconnaissance on organizations’ gift card issuance processes and employee access. Its approach to compromising cloud systems for far-reaching identity and access privileges mirrors the tradecraft and sophistication typically seen in nation-state-sponsored threat actors, except instead of gathering email or documents for espionage, Storm-0539 gains and uses persistent access to hijack accounts and create gift cards for malicious purposes and does not target consumers exclusively."
The US FBI issued a Private Industry Notification on this campaign earlier this month, noting that the crooks use smishing campaigns to gain initial access.
Courtroom recording software backdoored.
Rapid7 has found that courtroom recording software Justice AV Solutions (JAVS) was backdoored in a supply chain attack, allowing attackers to take full control of affected systems. Justice AV Solutions said in a statement, "Through ongoing monitoring and collaboration with cyber authorities, we identified attempts to replace our Viewer 8.3.7 software with a compromised file. We pulled all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and conducted a full internal audit of all JAVS systems. We confirmed all currently available files on the JAVS.com website are genuine and malware-free. We further verified that no JAVS Source code, certificates, systems, or other software releases were compromised in this incident." The company added that "[t]he file in question did not originate from JAVS or any 3rd party associated with JAVS."
Rapid7 states, "Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials. Users should install the latest version of JAVS Viewer (8.3.8 or higher) after re-imaging affected systems."
Cencora notifies customers of data breach.
US pharmaceutical giant Cencora is notifying certain customers that medical and personal information was stolen during a cyberattack earlier this year, TechCrunch reports. TechCrunch says the company has notified around 500,000 individuals so far, and that number is expected to rise. The breached information includes "patient names, their postal address and date of birth, as well as information about their health diagnosis and medications."