Zack Whittaker reports: For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients’ information in a data breach notification filed with California’s attorney general last week, blaming their use…
Concerns turned into reality… As soon as Samsung Electronics unlocks ChatGPT, ‘misuse’ continues
The following is a Google machine translation of an article in the Economist Korea. Jeong Doo-yong reports: As soon as Samsung Electronics permitted the use of ChatGPT in its device solution (DS/semiconductor) business premises, an accident occurred in which corporate information was leaked. The contents of programs related to semiconductor ‘facility measurement’ and ‘yield/defect’ were entered…
Mastodon Vulnerability Exposes Sensitive Information: Data Leak Alert
PBN reports: Mastodon, a social network based on software for servers of the same name, has been found to have a vulnerability that could have allowed attackers to read individual pieces of information. The problem was caused by inadequate filtering of the data transferred during LDAP authentication. The vulnerability allows attackers to smuggle in an…
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Ravie Lakshmanan reports: The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084….
HIPAA: Deficient or Miscast
Matt Fisher writes: The development of new technology in healthcare and the massive expansion in sources of healthcare data have both created many complications when it comes to protecting and securing sensitive information about individuals. Inevitably, the discussion then turns to the role of HIPAA, which then turns to HIPAA not meeting current needs. A recent…
Rogers Communications data allegedly sold on a hacker forum
Vilius Petkauskas reports: Rogers’ leak includes data from the company’s active directory, including information on customers, the attackers claim. The company confirmed the leak, saying some of Rogers employees’ “business contact information” was exposed. Attackers posted an ad on a mostly Russian-speaking hacker forum, alleging the database for sale belongs to Rogers Communications, a Canadian…