TechCrunch broke news of research last Friday that A billion medical images are exposed online, as doctors ignore warnings. Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records on 590 online medical image archive systems. Two months later, the firm detailed the number of exposed servers had increased by more than half, to 35 million patient exams, exposing 1.19 billion scans and representing a considerable violation of patient privacy. Researchers pointed to a decades-old Picture Archiving and Communication System (PACS) and DICOM, a file format industry standard.
ISBuzz Team
Tomorrow, Microsoft will end regular update and patch distributions for Windows 7, leaving those without preparations in place at risk. Security experts commented below on this news and what is best strategy for companies still using Windows 7.
The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three separate fraudulent transactions that were carried out in November. The school district reported that the local police department and the FBI are investigating the incident. District officials said that though the investigation is ongoing, there are strong leads in the case.
According to researchers, multiple European websites for the Perricone MD anti-aging skin-care brand have been infected with scripts that steal customer payment card info when making a purchase. Two Magecart groups were competing for the credit card data on sites in the U.K., Italy, and Germany, but current evidence shows that only one exfiltrated the details successfully. https://twitter.com/Franckyki/status/1215681261567725569
PayPal has recently confirmed that a researcher found a high-severity security vulnerability in CAPTCHA that could expose user passwords to an attacker. The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the problem, which was disclosed January 8 having been patched by PayPal on December 11, 2019.
It has been reported that open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories. Driven by increased research into software security, more software under development, companies’ greater openness to vulnerability reporting, and perhaps most of all – improvements to the process of recording vulnerability reports – the number of software security issues published in the National Vulnerability Database rose to the highest recorded level in 2019, surpassing 17,300 issues reported during the year.
According to new research, attacks on the SHA-1 hashing algorithm just got a lot more dangerous with the discovery of a cheaper, more practical version of SHA-1 collision attacks. Hashing algorithms are used to compute the keys used in public key encryption which is essential to the security of nearly every web transaction. Although the industry has been trying to move away from SHA-1 for years, Venafi has found more than 6 million SHA-1 certificates still in use on public facing websites.
In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective.
In response to reports that an Iranian state-sponsored hacking group has been ‘password-spraying’ U.S. electric utilities for the past year, experts commented below.
A North Korea-backed hacking campaign that targets both Windows and macOS systems has been updated with new techniques and tools, it has been reported. This campaign, dubbed ‘Operation AppleJeus’, is designed steal cryptocurrency from organisations and individuals around the world. Attacks have been launched against businesses connected to cryptocurrency across the globe, with confirmed victims in the UK, Poland, Russia and China – although none have been publicly named.