Weekly Security News – June 6, 2019

Please follow the Title Links to read the full stories

From Bleeping Computer

Billing Details of 11.9M Quest Diagnostics Clients Exposed

Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.

The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.

From Hacker News

103 Checkers and Rally’s Restaurants in 20 States have payment data swiped from Point-of-Sale (POS) payment card readers

If you have swiped your payment card at the popular Checkers and Rally’s drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.

Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally’s locations—nearly 15% of its restaurants.

The impacted restaurants [name, addresses and exposure dates] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.

From Ars Technica

Hackers Actively use WordPress Plugin Flaw to send vistors to Bad Websites

Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.

The vulnerability was fixed two weeks ago in WP Live Chat Support, a plugin for the WordPress content management system that has 50,000 active installations. The persistent cross-site scripting vulnerability allows attackers to inject malicious JavaScript into sites that use the plugin, which provides an interface for visitors to have live chats with site representatives.

From Talos Intelligence

Hackers cobble together Frankenstein Malware

The campaign used components of:

  • An article to detect when your sample is being run in a VM
  • A GitHub project that leverages MSbuild to execute a PowerShell command
  • A component of GitHub project called “Fruityc2” to build a stager
  • A GitHub project called “PowerShell Empire” for their agents

We believe that the threat actors behind the Frankenstein campaign are moderately sophisticated and highly resourceful. The actors’ preference for open-source solutions appears to be part of a broader trend in which adversaries are increasingly using publicly available solutions, possibly to improve operational security.