It has been reported that The United Nations children’s agency, UNICEF, has inadvertently leaked personal information belonging to thousands of users of its online learning portal Agora. The website offers free training courses to UNICEF staff and members of the public on issues such as child rights, humanitarian action, research, and data. An email containing personal details of 8,253 users enrolled in courses on immunization went out to nearly 20,000 Agora users.
ISBuzz Team
Security Experts Commnets on the News: Sex lives of menstruation app users have been shared with Facebook https://twitter.com/privacyint/status/1171110776326819840
Look at recent data breaches and you’ll see most attention points to commercial businesses, with Imperva being the most recent firm falling victim to an attack that exposed email addresses, scrambled passwords, API keys and SSL certificates. Data breaches and ransomware attacks continue to show no signs of slowing down. Companies across many industry verticals fall victim to what seems to be an almost daily occurrence. Most recently, another sector is proving to be an attractive target: education. On August 2, the K-12 Cybersecurity Resource Center’s K-12 Cyber Incident Map reported its 533rd publicly-disclosed cyber incident, which means the number…
A nonprofit privacy advocacy group called Open Privacy Research Society discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are easily interceptable. The society discovered the vulnerability and notified Vancouver Coastal Health (VCH) immediately almost a year ago, but VCH ignored and downplayed the vulnerability for months. Some of the patient data (PHI) being broadcast includes the following: Name Age Gender marker Diagnosis Attending doctor and room number
Security Experts Comments on the News: The FBI found yesterday afternoon that BEC/EAC scams cost organisations over $26 billion between June 2016 and July 2019. The threat continues to grow and evolve, targeting small, medium, and large business and personal transactions. Between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses. Based on the financial data, banks located in China and Hong Kong remain the primary destinations of fraudulent funds. However, the Federal Bureau of Investigation has seen an increase of fraudulent transfers sent to the United Kingdom, Mexico, and Turkey. FBI IC3: Business…
Apple launched a new set of products yesterday at a highly anticipated event. However, it could lead to a spike in identity fraud as a result of the offers from telecoms providers to incentivise customers to purchase flagship handsets. https://twitter.com/MultiCultural7/status/1171734474721128448
With the release of the September 2019 security updates, Microsoft has released 2 advisories and updates for 79 vulnerabilities. Of these vulnerabilities, 17 are classified as Critical. according to reports.
ZDNet has reported that Microsoft has made its Automated Incident Response in Office 365 Advanced Threat Protection (ATP) generally available to enterprise customers.The automation feature, announced in preview earlier this April, aims to help security analysts respond faster and more systematically to a barrage of security alerts. Microsoft is making two categories of automated incident response generally available. The first are automatic investigations that commence in response to new alerts, such as users reporting phishing email, users clicking on a link determined to be malicious, malware being detected in received email, and phishing email that has landed in a user’s mailbox. The second category…
It has been reported that that critical vulnerabilities have been discovered in Telestar Digital GmbH Internet of Things (IoT) radio devices that permit attackers to remotely hijack systems. Today, Vulnerability-Lab researcher Benjamin Kunz disclosed the firm’s findings, of which two CVEs have been assigned, CVE-2019-13473 and CVE-2019-13474.
ZDNet reported earlier today that security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS). The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon. The first and only report on this hacking group has been published in 2016 by Citizen Lab, a non-profit organization focusing on security and human rights. According to the Citizen Lab report, the Stealth Falcon group has been in operation since 2012 and was seen targeting United Arab Emirates (UAE) dissidents. Previous tools included a…