The analyst team at CybelAngel, a global leader in digital risk protection, has discovered that more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers, in a new research report released today. The report “Full Body Exposure” is the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data. The analysts discovered millions of sensitive images, including personal healthcare information (PHI), were available unencrypted and without password protection.
ISBuzz Team
Today, the European Union, through the EU Digital Services Act, will unveil new regulations which aims to create a more competitive marketplace for all businesses. The regulator has always been at the forefront of ensuring the reach and power of BigTech organisations is fair and controlled. Once the Act is enshrined into law, the world’s biggest technology companies will have to consider who they govern the data hosted on their platforms.
News is breaking that bad actors allegedly operating on behalf of a foreign government have breached SolarWinds, and deployed a malware-infected update for its Orion software to infect the networks of multiple US companies and government networks, according to FireEye. SolarWinds claims that 33,000 companies use its Orion product, and it estimates that 18,000 companies were directly impacted by a malicious update.
Lookout, Inc., the leader in mobile security, today announced the discovery of Goontact, a new spyware targeting iOS and Android users in multiple Asian countries. Uncovered by the Lookout Threat Intelligence team, Goontact targets users of illicit sites and steals personal information stored on their mobile devices. Evidence shows these sextortion scams are affecting Chinese-, Japanese- and Korean-speaking people. Goontact may also be operating in Thailand and Vietnam. Lookout discovered evidence the campaign may have been active since 2018 and is still active today. The goal of adversaries is likely extortion or blackmail, based on the information gathered and the…
Apps on all of Apple’s app stores will now have to show much more detail about what data they collect and what it is used for. From 14 December developers must show what information they gather, listed in terms of what is taken to track users and what is linked directly to them. However, the tech giant said it was not seeking to change publishers’ business models. Apple has included its own apps in the new rule. Location and contact information were two examples of data that app developers might take in order to track users and their activities, the firm said. It also…
It has been reported that The Department of Homeland Security (DHS) was successfully breached as part of a major attack on U.S. federal agencies by suspected Russian hackers, Reuters said yesterday. Reuters cited “people familiar with the matter” in reporting that hackers believed to be working for the Russian government had successfully gained access to internal communications within DHS.
Please see below for comment from a cybersecurity expert on the recent Twitter fine by the Irish Data Protection Regulation.
A range of key government networks, including the Treasury, Commerce and Homeland Security Departments, have all reportedly fallen victim to a major cyberespionage campaign by the Russian government within the past 48 hours. The list of victims is likely to grow and include more private companies too. The fact that the agency tasked with protecting the U.S. from cyber and physical threats was breached highlights how all government agencies are at risk from state-sponsored threats. To provide insight into how the U.S. government should recover and learn from this incident, please consider reviewing the below commentary from cybersecurity leaders.
CybelAngel identifies medical devices and web portals leaking unprotected images including X-rays and CT Scans The analyst team at CybelAngel, a global leader in digital risk protection, has discovered that more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers, in a new research report released today. The report “Full Body Exposure” is the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data. The analysts discovered millions…
It has been reported that state-sponsored hackers – suspected to be working for Russia – have been monitoring emails at the US Treasury Department and another American federal agency for months. The US intelligence community is reportedly concerned that the hackers who targeted the Treasury and an agency of the Commerce Department may have been spying on other agencies too.