Rite Aid Hit by Data Breach

This week, the Alert Logic ActiveIntelligence team reviews how Rite Aid recently discovered that unauthorized third parties accessed the online store’s e-commerce platform and acquired personal information of customers.

Breach

Rite Aid Hit by Data Breach

According to HIPAA Journal, pharmacy chain Rite Aid recently discovered that unauthorized third parties accessed the online store’s e-commerce platform and acquired personal information of customers who entered their payment card details at the online store. An investigation into the breach revealed that access to the platform was first gained on January 30, 2017, and continued until April 11, 2017, when the intrusion was detected and unauthorized access was blocked.

Presently, it is unclear exactly how many individuals have been impacted by the breach. The pharmacy is working with credit card companies and offering affected individuals a full year of free credit monitoring.

References: Rite Aid Announces Breach of Its Online Store | Rite Aid’s Ecommerce Platform Breached, Personal Info Stolen

Mitigation Strategies:

  • Web application firewall management and advanced anomaly detection. 
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • FIM solution would detect any type of file modification or addition.

Malware

Critical New Flaw Found in Samba

A 7-year-old critical remote code execution vulnerability has been discovered in the Samba networking software. The remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0. In the wake of WannaCry, the critical new flaw could allow a remote attacker to take control of an affected Linux and Unix machines.

Security experts say that the flaw is trivial to exploit. However, Samba is so widely used that a network worm could really have a field day exploiting this vulnerability. The U.S. Computer Emergency Response Team (US-CERT) recommends users and administrators to immediately apply the patch or workarounds.

References: 7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely | Samba Patches Wormable Bug Exploitable With One Line Of Code | Patch The Samba Bug Before a Network Worm Exploits It

Mitigation Strategies:

This Week's Suspicious IP Addresses

109.234.36.68 212.83.151.223
218.65.30.38 103.89.88.10
59.45.175.62 103.207.37.34

*IP addresses provided by Recorded Future.