By: Jessica Cooper
April 26, 2019

Weekly Top 5: Healthcare breaches, insecure apps, and state-sponsored hijacking

This week we saw another ElasticSearch database that was left open and it exposed several million data points of personally identifiable information (PII). This is one of the numerous breaches of ElasticSearch just in the past six months. There was that time when the server was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks. In addition, Citifinancial records were found back in January, exposing 24.3 million mortgage and credit reports. Unprotected Elasticsearch instances are a gift for hackers as they can compromise databases to gain full administrative privileges on the underlying servers.

1. Million of Medical Documents for Addiction and Recovery Patients Leaked

An ElasticSearch database that was left open to the internet exposed about 4.9 million data points of personally identifiable information (PII) related to individuals seeking treatment at the Steps to Recovery addiction treatment facility in Levittown, Pa., which is located outside of Philadelphia. Justin Paine, director of trust and safety at Cloudflare found that the database, which wasn’t protected by any sort of authentication, contained data collected by the treatment facility between mid-2016 to late last year. “Based on the patient name it was simple to locate all medical procedures a specific person received, when they received those procedures, how much they were billed, and at which specific facility they received treatment,” Paine explained.

In all, there are two indexes inside the database, containing 4.91 million documents (roughly 1.45GB of data). After collating and cross-referencing a section of the information, Paine found that a single patient ID could have multiple rows of data for different medical procedures.

By: Tara Seals, Published on ThreatPost

2. Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug

About a half a billion Apple iOS users (and counting) have been hit by session-hijacking cybercriminals bent on serving up malware. They’re exploiting an unpatched flaw in the Chrome for iOS browser, to bypass sandboxing and hijack user sessions, targeting iPhone and iPad users. The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.

By: Tara Seals, Published on ThreatPost

3. Insecure Ride App Database Leaks Data of 300K Iranian Drivers

A researcher has discovered that over a quarter-million drivers of the Iranian ride-hailing app Tap30 have had their data left publicly exposed in an insecure database. Tap30 is an online taxi application, similar to Uber, that connects users to drivers through the mobile app and the corporate panel. The app has more than a million installs on Google Play. Researcher Bob Diachenko said that on Thursday, he found a database owned by Tap30 left open for three days, leaking an estimated 1 to 2 million unique records. That contained the information of around 300,000 drivers, Diachenko told Threatpost.

By: Lindsey O’Donnell, Published on ThreatPost

4. Ecuador Hit With ‘Cyberattacks’ After Assange’s Arrest

The government of Ecuador has been hit with as many as 40 million “cyberattacks” following its withdrawal of asylum protection for WikiLeaks’ founder Julian Assange and his arrest by British police last week, a deputy government minister tells Agence France-Presse. The attacks began almost immediately following Assange’s removal from Ecuador’s London embassy on Thursday, according to the report. The cyberattacks have targeted government websites, Patrico Real, Equador’s deputy minister for information and communication technologies, tells AFP. Javier Jara, Equador’s undersecretary of the electronic government department of the telecommunications ministry, categorized the activity as “volumetric attacks,” referring to high-volume denial-of-service attacks, according to AFP.

By: Scott Ferguson, Published on Data Breach Today

5. The Cybersecurity Automation Paradox

Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
Cybersecurity organizations face a chicken-and-egg conundrum when it comes to automation and the security skills gap. Automated systems stand to reduce many of the burdens weighing on understaffed security teams that struggle to recruit enough skilled workers. But at the same time, security teams find that a lack of automation expertise keeps them from getting the most out of cybersecurity automation. A new study out this week from Ponemon Institute on behalf of DomainTools shows that most organizations today are placing bets on security automation. Approximately 79% of respondents either use automation currently or plan to do so in the near-term future.

By: Ericka Chickowski, Published on Dark Reading

Jessica Cooper
Director, Product Marketing

By, Jessica Cooper