Ugh.DutchNews.nl reports: Students working for extra cash at Amsterdam’s OLVG hospital group have for years been given complete access to the medical records system, allowing them to read personal information about friends, family and famous people, the Volkskrant said on Friday. The leak was made public by a philosophy student who made telephone appointments for…
Category: Of Note
Chinese company leaves Muslim-tracking facial recognition database exposed online
Catalin Cimpanu reports: One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet. The database belongs to a Chinese company named SenseNets, which according to its website provides…
GandCrab ransomware gang infects customers of remote IT support firms
Catalin Cimpanu reports: Hackers have used a two-year-old vulnerability in a software package used by remote IT support firms to gain a foothold on vulnerable networks and deploy the GandCrab ransomware on those companies’ customer workstations. At least one company has been hit already, according to a report on Reddit, confirmed by cyber-security firm Huntress…
Game of Thrones hacker worked with US defector to hack Air Force employees for Iran
Catalin Cimpanu reports: The US Department of Justice unsealed today espionage-related charges against a former US Air Force service member who defected to Iran and helped the country’s hackers target her former Air Force colleagues. Besides charges and an arrest warrant issued in the name of the former USAF service member, the DOJ also indicted…
2019 Data Breach Barometer Report Shows Massive Increase in Exposed Healthcare Records
HIPAA Journal reports: Protenus has released its 2019 Breach Barometer report: An analysis of healthcare data breaches reported in 2018. The data for the report came from Databreaches.net, which tracks data breaches reported in the media as well as breach notifications sent to the Department of Health and Human Services’ Office for Civil Rights and…
A Closer Look: SEC’s Edgar Hacking Case
Craig A. Newman writes: Last month, the U.S. Securities and Exchange Commission charged nine defendants with hacking into the agency’s EDGAR system – the online platform used by public companies for making their public filings – and stealing material nonpublic information to use for illegal trading purposes. While the charges are new, the insider trading…