The message request showed up in my Twitter notifications: Hi There! 🙂 I see you have some experience in getting the right amount of attention for medicaid related data leaks. I have found admin credentials to some super sensitive medical billing processing system and get nothing but silence on all available contact channels and no…
Category: Commentaries and Analyses
Aarogya Setu vulnerable? Drama over data firm’s contention
Binayak Dasgupta reports: A cyber security firm said on Wednesday that it stumbled upon large parts of the government’s contact tracing app Aarogya Setu’s code and back-end components that could jeopardise the privacy of 150 million users after a government website appeared to have inadvertently uploaded log-in credentials used by the developers, triggering a war of words…
For six months, security researchers have secretly distributed an Emotet vaccine across the world
Catalin Cimpanu reports on a rare bit of good news on the malware front, although the threat actors appear to have gotten the upper hand again: In the cyber-security industry, there’s a very dangerous moral line when it comes to exploiting bugs in malware, a line many security companies won’t cross, fearing they might end…
UK: Plymouth Passport Office’s pitiful password privacy
A blog post by Graham Cluley really resonated here this week. It begins: The Plymouth Herald reports on what appears to be an easy-to-avoid gaffe. An eagle-eyed passer-by spotted a password on clear display at Her Majesty’s Passport Office in Ebrington Street, scrawled on a flipchart leaning against an upper window. The paper contacted the UK Home Office,…
Medical records for cardiac patients left unsecured online
On August 2, a researcher contacted DataBreaches.net about a misconfigured Amazon s3 storage bucket they had discovered. The bucket contained more than 10,000 files, recently updated, with protected health information of patients seen by or involved with BioTel Heart cardiac data network. Sometimes it is easy to figure out the likely owner of an Amazon…
Check Point researchers uncovered Alexa flaw that exposed personal information and speech histories
Sharon Ross reports: Researchers at Check Point say they identified an exploit in Amazon’s Alexa voice platform that could have given attackers access to users’ personal information, speech histories, and Amazon accounts. In a blog post, they describe the way in which an attack might have been carried out against a user, beginning with a…