Binayak Dasgupta reports: A cyber security firm said on Wednesday that it stumbled upon large parts of the government’s contact tracing app Aarogya Setu’s code and back-end components that could jeopardise the privacy of 150 million users after a government website appeared to have inadvertently uploaded log-in credentials used by the developers, triggering a war of words…
Category: Commentaries and Analyses
For six months, security researchers have secretly distributed an Emotet vaccine across the world
Catalin Cimpanu reports on a rare bit of good news on the malware front, although the threat actors appear to have gotten the upper hand again: In the cyber-security industry, there’s a very dangerous moral line when it comes to exploiting bugs in malware, a line many security companies won’t cross, fearing they might end…
UK: Plymouth Passport Office’s pitiful password privacy
A blog post by Graham Cluley really resonated here this week. It begins: The Plymouth Herald reports on what appears to be an easy-to-avoid gaffe. An eagle-eyed passer-by spotted a password on clear display at Her Majesty’s Passport Office in Ebrington Street, scrawled on a flipchart leaning against an upper window. The paper contacted the UK Home Office,…
Medical records for cardiac patients left unsecured online
On August 2, a researcher contacted DataBreaches.net about a misconfigured Amazon s3 storage bucket they had discovered. The bucket contained more than 10,000 files, recently updated, with protected health information of patients seen by or involved with BioTel Heart cardiac data network. Sometimes it is easy to figure out the likely owner of an Amazon…
Check Point researchers uncovered Alexa flaw that exposed personal information and speech histories
Sharon Ross reports: Researchers at Check Point say they identified an exploit in Amazon’s Alexa voice platform that could have given attackers access to users’ personal information, speech histories, and Amazon accounts. In a blog post, they describe the way in which an attack might have been carried out against a user, beginning with a…
Federal Appeals Court Dismisses CareFirst Data Breach Appeal
From EPIC.org: The D.C. Circuit has ruled that it lacks jurisdiction to hear the appeal of CareFirst customers whose data was stolen in a 2014 data breach. The lower court in Attias v. CareFirst dismissed most of the plaintiffs and claims in the case for failure to allege damages and certified the dismissed claims for appeal. The D.C. Circuit…