Becky Bracken reports: Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov…
Terrorist hackers target Atlassian & Oracle servers
Edward Kost writes: Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years. The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered. Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities – CVE-2012-3152, CVE-2019-11581,…
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
In: Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security loophole found on its website
OpIndia staff report: The recently launched drive by the Congress party to induct a whopping 5 lakhs ‘social media warriors’ to support the party has turned out to be an exercised marred with massive security loopholes. The Congress IT cell seems to have slipped even in employing basic IT security systems in place for this…
NC: Central Piedmont Community College impacted by ransomware attack
Central Piedmont Community College experienced a ransomware attack that they first disclosed on February 10. Here is their most recent update: Central Piedmont Community College has experienced a ransomware attack, which was discovered Wednesday evening, Feb. 10. The college’s Information Technology Services (ITS) staff worked tirelessly through the night to take the college’s critical systems…
After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.