Sergiu Gatlan reports: Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication….
Vision for Hope notification of data security incident
Hope started as a school in Illinois for children with disabilities, but it expanded its mission over the years. This is a notification they posted on August 3: Vision for Hope (“Hope”) recently discovered an incident that may have involved the personal information or protected health information of some of its patients or other individuals….
Long Island Jewish Forest Hills Notifies Patients Who Were Potentially Impacted by a Former Employee’s Unauthorized Access of Electronic Medical Records
QUEENS, N.Y.–(BUSINESS WIRE)–Long Island Jewish Forest Hills Hospital (“LIJFH”) today announced that it has notified patients who were potentially impacted by a former employee’s unauthorized access of electronic medical records. LIJFH has taken steps to address this matter and is offering credit monitoring to any patient who may have been affected. As background, on January…
UK: NHS Highland apologizes after data security breach
Tom Ramage reports: Letters inviting patients at NHS Highland for their second dose of Covid vaccine were produced by NHS Highland Public Health carrying information relating to other patients. A spokesperson has explained: “These letters each contain the name and address of the patient along with the date, a time slot and a location they…
Data leak affects about 3,000 NYC students and 100 employees, officials confirm
Pooja Salhotra reports: Personal information, including academic records and biographical data, of about 3,000 New York City public school students and 100 education department staff members was inadvertently shared more widely than intended, education department officials confirmed on Thursday. At least one student within the public school system managed to access a Google Drive that…
ibex Provides Notice of Data Security Incident
WASHINGTON, Aug. 07, 2021 (GLOBE NEWSWIRE) — ibex today issued this announcement concerning an earlier event, disclosed by the company on October 23, 2020 in its Annual Report (Form 20-F), which may have potentially impacted the security of information relating to certain employees and their families. While ibex is unaware of any attempted or actual…