Here are some interesting updates about cybersecurity threats and new trends.
2TB of Clinical Trial Data Exposed: Privacy Breach Affects 1.6 Million Records
An unencrypted database containing 2 terabytes of clinical trial research data, allegedly belonging to DM Clinical Research, was discovered exposed on the internet by security researcher Jeremiah Fowler. The database contained sensitive personal and medical information of approximately 1.6 million patients, including names, birth dates, contact details, vaccination statuses, and current medications. Although the database was secured within 24 hours of notification, the duration of exposure and potential unauthorized access remain unknown. The incident raises concerns about compliance with state data breach laws, HIPAA regulations, and Title 21CFR Part 11 for clinical testing controls, depending on the company's status as a covered entity and the nature of its operations.
Experts emphasize the importance of implementing robust security measures to prevent such exposures. Recommendations include using vulnerability scanning tools to identify open databases, requiring VPN access for database connections, and implementing data and application governance practices. Cloud security posture management services are also suggested to detect exposed databases. The incident highlights the ongoing challenge of properly securing sensitive data, especially in cloud environments, and the need for organizations to use tools like checklists and security posture management to ensure appropriate access control and data protection. Fowler stresses the importance of encrypting and password-protecting data, as well as assessing and monitoring the security practices of third-party vendors used by healthcare organizations.
Source: Bank Info Security
ChatGPT Search Goes Public: Privacy Concerns and Safety Tips
ChatGPT search, now available to everyone for free without requiring an account, marks a significant expansion of OpenAI's services. This tool differs from standard ChatGPT by providing real-time, up-to-date information from the web while maintaining conversation context for more personalized responses. However, using ChatGPT search carries privacy and security risks, as OpenAI may collect and store user data, even for those not signed in. Potential issues include misinformation, AI hallucinations, and vulnerability to prompt injection attacks. Compared to Google Search, ChatGPT search may offer more tailored responses but lacks direct attribution to specific sources.
While using ChatGPT search without signing in provides some anonymity, it prevents users from opting out of model training and still allows for the collection of device data, operating system information, and IP addresses. To enhance privacy and security, users are advised to use incognito browsing, VPNs, and avoid sharing sensitive information. Although the safety of ChatGPT search is complex, users can protect themselves by being cautious about the data they input and utilizing available security tools. Ultimately, while ChatGPT search offers powerful information access capabilities, users should remain vigilant about their data privacy and security when using the service.
Source: Forbes
DISA Global Solutions Data Breach: 3.3 Million Records Exposed
DISA Global Solutions, a Texas-based employee screening company, recently disclosed a data breach affecting over 3.3 million individuals. The security incident occurred on February 9, 2024, but was only discovered on April 22, 2024, more than two months later. The compromised information may include names, Social Security numbers, driver's license numbers, financial account details, and drug testing information. DISA's initial response suggested possible ransomware involvement, as they claimed to have taken measures to prevent data leakage and confirmed the deletion of stolen files. The company is notifying affected individuals and offering free credit monitoring and identity restoration services. Security experts express concern over the extended period between the breach and its discovery, as well as the potential for misuse of the sensitive data. The situation is particularly worrying because individuals may not be immediately aware of their involvement, having interacted with potential employers rather than directly with DISA.
Source: The Register
Teen Hacker 'Natohub' Arrested in Spain for Massive Cyberattack
Spanish authorities have arrested an 18-year-old hacker known as Natohub, who is suspected of conducting over 40 cyberattacks against various organizations, including companies, institutions, and NATO databases since early 2024. The investigation began after a Madrid business association discovered a post on a data leak forum selling private information. Natohub's targets were wide-ranging, including the National Mint and Stamp Factory, State Public Employment Service, Ministry of Education, Spanish universities, NATO, US Army, and United Nations databases, with the most recent attacks focusing on the Civil Guard and Ministry of Defense. The suspect faces multiple charges, including discovery and disclosure of secrets, illegal computer access, computer damage, and money laundering, as he allegedly sold or freely published stolen information on various forums. Despite attempts to conceal his identity by changing online aliases and using anonymizing tools, authorities described the hacker as having extensive computer knowledge and employing a complex technological network. The investigation involved collaboration between the National Police, Civil Guard, Interpol, and US Homeland Security Investigations, with the suspect allegedly possessing over 50 cryptocurrency accounts.
Source: Bitdefender
.jpeg)
.jpeg)
