An investigation into the July data breach incident at Singapore’s largest healthcare provider has revealed that local administrators made several critical mistakes that led to the breach, including the use of weak passwords and unpatched software. According to the initial press release announcing the breach, “It was not the work of casual hackers or criminal gangs. The stolen data included name, NRIC (National Registration Identity Card) number, address, gender, race and date of birth. Investigators said the records were not tampered with or deleted. However, experts warned that the data could end up on the dark web, where criminals could offer to buy it to conduct extortion attempts. A team set up to probe the breach – which compromised 1.5 million patient records, including the Singapore Prime Minister’s – has now revealed how hackers were able to infiltrate the SingHealth network and perform their actions. Investigators noted that the breach resembled an advanced persistent thre..

More than a year after hackers breached credit reporting agency Equifax to steal 146 million customer records, the UK Information Commissioner’s Office (ICO) has issued the company with a £500,000 fine – a small penalty for a such a monumental blunder. You might wonder why the UK and not the US (where Equifax is based) has fined the agency. The answer comes in the third paragraph of the ICO’s press release, where it is mentioned that, “although the information systems in the US were compromised, Equifax Ltd was responsible for the personal information of its UK customers.” It was still the US parent company that processed UK customer data, but the UK arm (Equifax Ltd.) failed to take appropriate steps to ensure Equifax Inc was protecting the information, hence the fine. The investigation was carried out under the Data Protection Act (DPA) from 1998, which the GDPR replaced this year. However, since the breach occurred before GDPR went into effect, the fine was issued under the older..

Bitcoin has truly taken off, at a current worth of more than 5,000 euros. Other cryptocurrencies are slowly catching up, but there is one special surprise waiting for investors and exchanges that might hinder their expansion plans. Things are about to get complicated because MPs in the UK want to regulate cryptocurrency, writes The Guardian. For a while now, governments and institutions operating in the financial services industry have been discussing this aspect, trying to find ways to regulate it on grounds that it is risky and it enables illicit activities such as money laundering. According to the Treasury committee report consumers are also at risk because cryptocurrency is yet an unregulated “wild-west”-type industry that bypasses banks, so there is no protection from the Financial Conduct Authority should anything happen to their crypto-assets. “Accordingly, investors should be prepared to lose all their money,” the report says. In response, the FCA “agrees with the committee..

A misconfigured AWS S3 bucket belonging to Medcall Healthcare Advisors exposed sensitive patient records as well as confidential doctor-patient audio discussions. For some reason, the story about the misconfigured AWS S3 bucket keeps repeating itself. Verizon, the Pentagon, Toyota, Tesla and the NSA are among the companies that have fallen victim to the same data breach. In this case, the data breach was detected on August 24, 2018 by risk specialists from cyber resilience company UpGuard. They reported that as much as 7 gigabytes of data from 181 US-based companies had now been compromised. Medical information including personally identifiable information, sickness descriptions, phone recordings, employment history, the Social Security Numbers of 3000 people and injury forms in pdf could easily be accessed used for a number of illicit activities such as identity theft, fraud or blackmail. “The bucket was publicly writable, as was the ACL permission set, which had an “Everyone – Full..

Bad actors are targeting businesses in Brazil using clever social engineering tactics and camouflaged malware to bypass strong authentication and security controls and ultimately take over bank accounts. Using a Trojan disguised as a legitimate banking module, the scammers seek login credentials to the victim’s banking account. IBM X-Force researchers dubbed the malware used in the scam “CamuBot” because it attempts to camouflage itself as a security module required by the banks impersonated by the attackers. The operation begins with a scammer posing as a bank employee calling the victim to say they need to install a piece of software. “To carry out their attacks, CamuBot operators begin with some basic reconnaissance to find businesses that bank with a certain financial institution. They then initiate a phone call to the person who would likely have the business’s bank account credentials,” according to a post on IBM’s security intelligence blog. The attackers instruct the victim..