FBI Probing COVID Patient Data Breach in SD; Hackers Can Exploit Unpatched Flaw in Safari Browser; NSA Director Reveals Russian Move to Undermine 2018 Midterms; Facebook Turns Over Withheld Myanmar Data to UN Investigators. Click “Continue reading” below.
FBI Probing COVID Patient Data Breach in SD
The FBI is investigating a data breach that exposed the names, addresses, birthdates and infection status of COVID-19 patients in South Dakota.
The breach occurred in June, when a third-party vendor gained access to a database shared between the state’s Department of Health and law-enforcement agencies, Infosecurity Magazine reports.
The database, housed on an online portal, was designed to reduce the chances of law enforcement and other service members from coming in contact with a patient who had COVID by allowing first-responders to find out if a resident at a specific address had tested positive.
The breach occurred when Netsential.com Inc., a web developer hosting the database, added labels to a file — allowing a third party to identify a resident’s COVID-19 status.
The South Dakota Department of Public Safety alerted COVID patients that their data might have been exposed and that their information might be accessible online, Infosecurity reports.
“This information may continue to be available on various internet sites that link to files from the Netsential breach,” the agency’s letter said. “The list did not include any financial information, Social Security numbers, or internet passwords of any individuals.”
Sources (all external links):
- Infosecurity Magazine : FBI Investigates COVID-19 Patient Data Breach
- Government Technology: FBI Investigates COVID-19 Patient Data Breach in South Dakota
Hackers Can Exploit Unpatched Flaw in Safari Browser
Cybersecurity researchers have discovered a flaw in Safari’s sharing functionality that could potentially expose critical user information to hackers.
The flaw was exposed by Pawel Wylecial, a Poland-based security researcher and founder of Redteam and BlackOwlSec, Forbes reports.
He found that sharing an image over the browser could expose users to click-jacking, a form of attack that fools users into clicking on a malicious element without their knowledge, according to the report.
Wylecial found that the vulnerability can only be exploited if the victim preforms the share action, decreasing the risk of the vulnerability.
The researcher disclosed the vulnerability to Apple in April — and the company, Forbes reports, has prepared a fix to be released next spring.
NSA Director Reveals Russian Move to Undermine 2018 Midterms
A top intelligence official said Tuesday that the U.S. Cyber Command and the National Security Agency (NSA) worked to prevent Russian meddling in the 2018 midterm elections.
NSA Director and Cyber Command Chief Paul Nakasone disclosed the agency’s activities in an article for Foreign Affairs magazine, The Associated Press reports.
“Thanks to these and other efforts, the United States disrupted a concerted effort to undermine the midterm elections,” Nakasone wrote. “Together with its partners, Cyber Command is doing all of this and more for the 2020 elections.”
He added that 68 cyber-protection teams were working to “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified,” AP reports.
Nakasone also defended the U.S. government’s shift towards a more aggressive strategy against cyberthreats.
The United States is moving from a “reactive, defensive posture” to engaging in combat with foreign adversaries online, he said.
“We learned that we cannot afford to wait for cyberattacks to affect our military networks,” Nakasone wrote. “We learned that defending our military networks requires executing operations outside our military networks.
“The threat evolved, and we evolved to meet it.”
- The Associated Press: Military’s top cyber official defends more aggressive stance
Facebook Turns Over Withheld Myanmar Data to UN Investigators
After a lead United Nations investigator accused Facebook of withholding evidence from the agency, the company has turned over the data to the Investigative Mechanism on Myanmar (IIMM).
The information included data and pages from accounts associated with the Myanmar military that Facebook removed in 2018 to stop hate speech against Rohingya, a company representative told Reuters.
Myanmar is facing charges of genocide before the International Court of Justice (ICJ) because of the military’s crackdown on Rohingya that forced 730,000 people to flee into Bangladesh, according to the report.
“As these investigations proceed, we will continue to coordinate with them to provide relevant information as they investigate international crimes in Myanmar,” the Facebook representative said.
Facebook came under fire by the IIMM for not releasing evidence of “serious international crimes,” though it had vowed to cooperate with the investigation.
In 2018, Facebook claimed it had removed 18 accounts and 52 pages associated with the Myanmar military, but U.N. investigators argued that Facebook played a key role in spreading hate speech and violence.
— By DPN Staff