Elasticsearch server leaks 12M medical records, Ledger database dumped on Raidforums marketplace, and more

Originally published at: https://cloudsek.com/threatintel/elasticsearch-server-leaks-12m-medical-records-ledger-database-dumped-on-raidforums-marketplace-and-more/

Round Up of Major Breaches and Scams

ACLU Sues FBI to Learn How It Obtains Data From Encrypted Devices

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices. The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency’s Electronic Device Analysis Unit (EDAU) has been acquiring solutions that can help it break into encrypted devices on its own.

Vn: Leaky Server Exposes 12 Million Medical Records to Meow Attacker

A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how long the data was exposed for before that.

OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.

DHS Details Risks of Using Chinese Data Services, Equipment

In an advisory this week, the Department of Homeland Security (DHS) warned American organizations of the risks posed by using data services and equipment from firms that have ties to the People’s Republic of China (PRC). Both businesses and customers in the United States are at risk due to the PRC’s data collection activities, the DHS warns. Some of these risks include the theft of confidential business data, trade secrets and intellectual property, violation of privacy and export laws, breach of contractual provisions, and risk of surveillance.

Leaked Ledger Database Dumped on Raidforums Dark Market

In what can be said as a rather underestimated data breach, cybercriminals posted the leaked database of Ledger’s customers on the Raidforums dark marketplace. The database contains over one million email addresses and over 250,000 physical addresses and phone numbers. Cryptocurrency wallet manufacturer Ledger is facing the consequences of a data leak on its website, which took place in June 2020. The company recently found that threat actors are posting the leaked data of millions of Ledger wallet customers on the dark web marketplace “Raidforums” for free.

Round Up of Major Malware and Ransomware Incidents

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

As if the exponential rise in phishing scams and malware attacks in the last five years wasn’t enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol’s COVID-19 Cybercrime Analysis Report, based on the feedback of 194 countries, phishing/scam/fraud, malware/ransomware, malicious domains, and fake news have emerged as the biggest digital threats across the world in the wake of the pandemic.

Round Up of Major Vulnerabilities and Patches

Cellebrite claims to be able to access Signal messages

Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages. The post was later changed and only reported that the Cellebrite Physical Analyzer allows lawful access to Signal app data, while the instructions have been removed.

Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools

Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product. The vulnerable instances were discovered across nearly 5.3 million unique assets belonging to Qualys’ more than 15,000 customers.

1 Like