Medical AI company exposes patient data. Fake profiles exposed in a data breach. Mourning counts as a coup d’état at the NRA. The Scoolio app exposed student data.
In one look.
- Report: Medical AI Company Exposing Patient Data.
- Fake profiles exposed in a data breach.
- Mourning counts as a coup d’état at the NRA.
- The Scoolio app exposed student data.
Medical AI company exposes patient data.
Website Planet researchers disclose they discovered an insecure database containing nearly 900 million medical data records connected to Deep6.AI. The California-based software company provides AI-based patient trial matching, and a recent press release explains that they work with “dozens of leading research institutions, including 6 comprehensive cancer centers designated by NCI, 30,000 physicians and other providers, 30 million patients, and thousands of active trials. Compromised data includes notes from medical staff with sensitive details about patient interactions and treatment. The researchers informed Deep6.AI of the exhibition and the company quickly secured the database.
Breach of employment agencies reveals false profiles.
The Desorden Group ransomware gang took credit for a data breach by a Singaporean employment agency that apparently exposed the data of 40,000 job seekers. However, Dorothy Neo, Managing Director of Protemps Employment Services, Recount the Straits Times that the majority of compromised profiles were fake, sent to the company from spam accounts. To be exact, she claims that only about 2,500 of the accounts were real, and of those, only about 300 contained full profile details. Neo also says Protemps has yet to receive a ransom note from Desorden. The Personal Data Protection Commission has been informed of the incident and an investigation is underway.
The bereavement compromises the data of the members of the National Rifle Association.
Russian ransomware group The Grief claims to have stolen data from US National Rifle Association (NRA), NBC News reports. Hackers have already posted thirteen suspected NRA data files on their leak site and threatened to post more if they didn’t pay a ransom. The NRA did not comment on the incident in addition to posting a tweet explaining that the association “does not discuss matters relating to its physical or electronic security”. Explain, the data appear to relate to national grant applications and an internal meeting report. To complicate matters, many experts believe the Grievance is the reincarnation of the group previously known as Evil Corp, suspected of being responsible for the recent attack on Sinclair Broadcasting Group and currently under sanctions by the US Treasury Department. . In other words, paying is not only a bad idea, it could be illegal.
Paul Bischoff, privacy advocate at Comparitech, reminds victims that there is no particular reason to believe that a gang will destroy stolen data, even if the ransom is paid: “Members of the NRA must take measures to protect against the repercussions that could result. of this violation. Tip: a gun won’t help. Even if the NRA pays the ransom, there is no guarantee that Grief will destroy the stolen data.
Tim Erlin, vice president of strategy at Tripwire, noting that “it’s hard to get out of a cyberattack,” wrote of the importance of prevention:
“It’s always better to prevent a successful ransomware attack than to respond to it. It might seem like an impossible task, but keep in mind that unsuccessful ransomware attacks rarely make the headlines. Ensuring that systems are configured securely, that vulnerabilities are remedied, and that users are as well trained as possible to detect phishing attempts which can greatly make an attacker’s job more difficult.
“The inclusion of tax forms is of particular concern, as cybercriminals can use them to commit tax evasion. Make sure you file your taxes early, and make sure no one else files them on your behalf. “
Tony Pepper, CEO of Egress, sees a possibility that Grief will use political pressure as leverage:
“The NRA appears to be the latest victim in a continuing wave of ransomware attacks carried out by Grief. Although it is not clear if this attack is politically motivated or simply by hackers looking for a salary. Public display of internal NRA files could be one way to increase pressure on the NRA to pay a ransom. As long as there is a chance that organizations will continue to pay, they will continue to be an attractive target for ransomware. Phishing emails are by far the most common entry point for ransomware attacks, and in today’s threat landscape, every organization needs robust security solutions to truly protect their employees from the daily deluge. malicious emails.
Exposing the data to the application of the student community.
API bug discovered in Scoolio, a student community platform popular among schools in Germany, led to data exposure of 400,000 users, Bleeping Computer reports. The development of the app was supported by three public investment groups, and the app has become a standard tool in many German classrooms. Lilith Wittmann of computer security collective Zerforchung, who discovered the flaw, said the compromised data includes users’ GPS locations, school names, UUID details and even personal details like religion and sexuality. . It should be noted that although Scoolio claims to have 1.8 million users, Zerforchung believes the number is much lower because the app inflates its numbers: “As soon as you download the app and open it once, a empty profile with a UUID is generated – it doesn’t matter if you actually want to create a user account. Zerforchung also believes it took too long for Scoolio to resolve the issue once they found out, as it was reported on September 21 and was not resolved until October 25. Scoolio CEO Danny Roller responded, “Fortunately, after extensive testing, we can confirm user data was intercepted by third parties prior to Ms. Wittmann’s investigation and we were successful in addressing the gaps found.
Ilia Koloshenko, founder of ImmuniWeb and member of Europol’s Data Protection Experts Network, wrote to explain some of the challenges API vulnerabilities present to software users:
“Most modern web applications have serious vulnerabilities in their APIs and web services. Some vulnerabilities allow remote code execution and full control of the remote system. Such security vulnerabilities are generally undetectable by automated analysis tools due to their operational complexity. Few software developers have the security skills required to secure complex cross-application ecosystems, while using a multi-cloud and container environment increases complexity and makes matters worse.
“This specific incident can trigger serious legal ramifications under GDPR. Additionally, the unreasonably long period to correct a fairly straightforward defect will likely result in a higher fine if the relevant DPA decides to impose monetary penalties. The sensitive nature of the exposed data, if hijacked by cybercriminals, can foster targeted phishing campaigns, identity theft and financial fraud.
“All businesses that operate large web-based systems, that process personal data or other types of regulated data, should consider implementing a Secure-SDLC program that would include, among other things, ongoing monitoring of security and regulatory penetration testing. Systems like WAF or RASP can be used to detect and prevent exploitation of vulnerabilities in a timely manner while developers are working on patches.