Cyber Bites

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology. Source: Dark Reading

A leaky database, which is connected to an internet-facing server, exposed personal information of over 800,000 blood donors in Singapore. According to the Health Sciences Authority (HSA), the database was exposed to the Internet for nine weeks starting in January 2019. The incident was discovered by a cybersecurity expert and alerted Singapore’s Personal Data Protection Commission (PDPC), Channel Asia reported. Source: CISO Mag

A strain of the botnet malware Mirai has emerged focused on a wider set of embedded internet-connected devices. Researchers at Palo Alto this week stated that a variant of the notorious Internet-of-Things infector is now looking to hijack TVs and projectors designed to display information and adverts, as well as the usual broadband routers, network-attached storage boxes, and IP-enabled cameras and digital video recorders. Source: The Register

Opportunistic actors are seeking to turn a quick profit from the tragic events last week in Christchurch, New Zealand, by engaging in online scams or by spreading malware embedded in content related to the gruesome attack. Source: Bleeping Computer

A large database with approximately 33 million profiles for people seeking jobs in China has been fully accessible and unprotected online. This information included sensitive information that could have been used for scammers and identity theft. The database was discovered by Sanyam Jain, a security researcher and member of GDI.Foundation, who found the database using the Shodan search engine. The 57GB Elasticsearch database contains the profiles of users in China who uploaded their resume and personal information...

The use of more artificial intelligence to improve security has been touted for a while. New research from Webroot reveals that a majority of business are now actively exploring the technology. It finds 71 percent of businesses surveyed in the United States plan to use more artificial intelligence and machine learning in their cybersecurity tools this year. However, a worrying 58 percent say that aren't sure what that technology really does. Although over one-third (36 percent) of...

Iranian hackers in recent months broke into the personal phone of Benny Gantz, a leading candidate in next month’s elections, and obtained its entire contents, according to a report Thursday. Two senior Shin Bet security service officials approached the Blue and White party chairman last month to inform him that his cellular phone had been hacked shortly after he announced his political bid, with programmers in Iran getting hold of his personal details and texts,...

The rash of e-commerce sites infected with card-skimming malware is showing no signs of abating. Researchers on Thursday revealed that seven sites—each with more than 500,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase. One of those sites, UK sporting goods outlet Fila.co.uk, had been infected since November and had only removed...

Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found. Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders and payment records. The server wasn’t protected with a password, allowing anyone to search the data. Gearbest ranks as one of the top 250 global websites, and serves top brands, including Asus, Huawei, Intel and Lenovo. Source: TechCrunch

Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerting them of a May2018 cybersecurity attack that may have affected their information, according to the HIPAA Journal. The security incident, which happened between May 9-17, was the result of a former MiraMed Global Services, a company that helps hospitals collect payments, who sent patient files to an unauthorized third party. Information that may have been affected included names, addresses, Social Security numbers and insurance policy information....