Share Blog Post
Data breaches due to misconfigured databases at healthcare centers are on a rise. Recently, ‘Steps To Recovery’, a rehab center, has exposed nearly 4.91 million sensitive documents due to an unprotected ElasticSearch database. It is believed the leaky database contained 1.45GB data belonging to roughly 146,316 patients. The information compromised in the incident includes patients’ birth dates, physical addresses, phone numbers and email addresses.
That’s not all. A security lapse has enabled a hacker to steal and post online over 4,800 sensitive records belonging to the Mexican embassy in Guatemala. The hacker had managed to steal the slew of records by compromising a vulnerable server of the agency. The stolen documents include photocopies of passports, visas, birth certificates and payment cards. The compromised records also contain information about diplomatic rights, privileges, medical expenses and other operational data of the staff.
Top Breaches Reported in the Last 24 Hours
Rehab center data leak
An unprotected ElasticSearch database has exposed 4.91 million sensitive documents belonging to ‘Steps To Recovery’ rehab center. The exposed information includes patients’ birthdates, physical addresses, phone numbers and email addresses. Roughly 146, 316 patients are estimated to be impacted by the data leak. The leaky database contained 1.45GB of data.
Mexican Embassy data leak
A hacker has posted online over 4,800 sensitive documents from the Mexican Embassy in Guatemala. The incident occurred after the hacker - who goes by the online name ‘@0x55Taylor’ - gained access to a vulnerable server of the agency. The leaked information includes photocopies of passports, visas, birth certificates and payment cards. It also contains information about diplomatic rights, privileges, medical expenses and other operational data of the staff.
EmCare suffers a data breach
A data breach at EmCare has exposed the personal information of about 60,000 individuals. The physician-staffing company revealed that it learned about the hack on February 19, 2019. The hackers had managed to pull it off by gaining unauthorized access to some employees’ email accounts. These emails contained email addresses of 60,000 individuals, out of which 30,000 are patients. Other information exposed in the breach includes names, birthdates, Social Security numbers and driver’s lincense numbers of patients.
Top Malware Reported in the Last 24 Hours
New macOS malware
Security researchers have discovered a new macOS sample of OceanLotus threat actor. The sample comes with two elements - BLOB and CAB - that enables the attackers to evade detection. The sample is delivered as a zip attachment within an email. The icon of the zip file is disguised to look like a PDF file. The subject line of the email reads, ‘Handbook of legal issues for human rights activists.’ Once the victims click on the file and begin reading the launched document, the dropper unpacks the real payload into C:\ProgramData\Microsoft Help. The dropper executable gets deleted after it drops the malware which manages to bypass UAC at the default level. The malware’s BLOB and CAB files are obfuscated using XOR algorithm.
Top Vulnerabilities Reported in the Last 24 Hours
Prototype Pollution flaw
XXE injection vulnerability
A XML External Entity (XXE) injection vulnerability has been found in Microsoft Internet Explorer. The flaw can enable an attacker to steal confidential information or exfiltrate local files from the victim’s machine. The flaw works if a user opens a specially crafted .MHT file when interacting with the browser. Once the malicious .MHT file is opened on the IE, it automatically sends a GET request to the attacker’s server to download the malicious XML file. The malicious XML file contains details regarding the files specified for exfiltration, along with the uniform resource identifier (URI) of the attacker-controlled server.
Top Scams Reported in the Last 24 Hours
Fake donation scam
Scamsters are preying on the recent ‘Notre Dame’ tragedy to earn profits. They are leveraging multiple social engineering techniques to inform users worldwide about fake donation pages. These bad actors are using popular social media platforms, phishing emails and fake websites to amplify their fraud campaigns. In a majority of scams, the scammers are enticing targets to click on spam links that redirect to fraudulent donation websites. Therefore, the users are advised to review suggestions of crowdfunding sites before making any donation. This helps them identify if a site is legitimate or not. They should also be cautious of donation requests made by unfamiliar individuals or organizations through social media, email or phone.
Posted on: April 22, 2019
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.