<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/18/2019

SHARE

Breaches_ITSEC-1

Millions of Americans’ Medical Images and Data Are Available on the Internet

Medical images and health data belonging to millions of Americans, including X-rays, MRIs and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise. The records cover more than 5 million patients in the U.S. and millions more around the world. In some cases, a snoop could use free software programs — or just a typical web browser — to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.


Millions of Lion Air Passenger Records Exposed and Exchanged on Forums

Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. The records are present in two databases, one with 21 million records, the other with 14 million entries, in a directory holding backup files created in May 2019 mostly for Malindo Air and Thai Lion Air.

Info_Security_ITSEC

Latest Facebook shutdown involves hundreds of accounts misleading users in Ukraine, Iraq

Facebook announced on Monday it has taken hundreds of accounts, pages and groups offline upon determining they were engaged in separate information operations with roots in Iraq and Ukraine. The company caught 244 accounts, 269 pages, 80 groups and seven Instagram pages that were used to mislead legitimate Facebook users about their behavior, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a blog post.

Hacking_ITSEC

Panda Threat Group Mines for Monero With Updated Payload, Targets

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloads and targeting. While considered unsophisticated, researchers warn that the threat group has a wide reach and has attacked organizations in banking, healthcare, transportation and IT services.

Exploits_ITSEC

AMD Radeon Graphics Cards Open VMware Workstations to Attack

A remote code-execution bug exists in some configurations of the AMD Radeon graphics card that could allow an attacker to take control of a targeted system. The hack entails luring users of vulnerable systems to visit a specially crafted website that can deliver “a malformed pixel shader” to either a Radeon RX 550 or a Radeon 550 series graphics card.