World Nation News reports the threat actors who attacked Hospital Clínic de Barcelona are threatening to release sensitive medical information on patients. In particular, they warned that “in the near future” they will publish information about patients with infectious diseases and information about the use of experimental drugs in the elderly that the Barcelona center…
Throne fixes security bug that exposed creators’ private home addresses
Zack Whittaker reports: A recently fixed security bug at a popular platform for supporting creators shows how even privacy-focused platforms can put creators’ private information at risk. Throne, founded in 2021, bills itself as “a fully secure, concierge wishlist service that acts as an intermediary between your fans and you.” Throne claims to support more than…
Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers
Zack Whittaker reports: For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients’ information in a data breach notification filed with California’s attorney general last week, blaming their use…
Concerns turned into reality… As soon as Samsung Electronics unlocks ChatGPT, ‘misuse’ continues
The following is a Google machine translation of an article in the Economist Korea. Jeong Doo-yong reports: As soon as Samsung Electronics permitted the use of ChatGPT in its device solution (DS/semiconductor) business premises, an accident occurred in which corporate information was leaked. The contents of programs related to semiconductor ‘facility measurement’ and ‘yield/defect’ were entered…
Mastodon Vulnerability Exposes Sensitive Information: Data Leak Alert
PBN reports: Mastodon, a social network based on software for servers of the same name, has been found to have a vulnerability that could have allowed attackers to read individual pieces of information. The problem was caused by inadequate filtering of the data transferred during LDAP authentication. The vulnerability allows attackers to smuggle in an…
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Ravie Lakshmanan reports: The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084….