Please follow the Title Links to read the full stories
From Bleeping Computer
Billing Details of 11.9M Quest Diagnostics Clients Exposed
Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.
The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.
From Hacker News
If you have swiped your payment card at the popular Checkers and Rally’s drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.
Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally’s locations—nearly 15% of its restaurants.
The impacted restaurants [name, addresses and exposure dates] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.
From Ars Technica
Hackers Actively use WordPress Plugin Flaw to send vistors to Bad Websites
Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.
The vulnerability was fixed two weeks ago in WP Live Chat Support, a plugin for the WordPress content management system that has 50,000 active installations. The persistent cross-site scripting vulnerability allows attackers to inject malicious JavaScript into sites that use the plugin, which provides an interface for visitors to have live chats with site representatives.
From Talos Intelligence
Hackers cobble together Frankenstein Malware
The campaign used components of:
- An article to detect when your sample is being run in a VM
- A GitHub project that leverages MSbuild to execute a PowerShell command
- A component of GitHub project called “Fruityc2” to build a stager
- A GitHub project called “PowerShell Empire” for their agents
We believe that the threat actors behind the Frankenstein campaign are moderately sophisticated and highly resourceful. The actors’ preference for open-source solutions appears to be part of a broader trend in which adversaries are increasingly using publicly available solutions, possibly to improve operational security.