- Metacurity
- Posts
- Especially Sh*tty Attack: Psychotherapy Center Hacker Threatens to Release Patient Files
Especially Sh*tty Attack: Psychotherapy Center Hacker Threatens to Release Patient Files
Zoom's E2E is here, Surveillance start-up's male team used security cameras to make sexually explicit jokes about colleagues, Link previews can leak data, Oz media monitoring company hit by an attack
The hacker who stole data from more than 40,000 patients at the Vastaamo psychotherapy center in Finland is threatening to leak mental health records onto the internet unless the patients provide payment in bitcoin, including those patients who are underaged. Mikko Hyppönen, chief research officer at Finnish cybersecurity company F-Secure said it succinctly when he said “This is an especially shitty attack and it's quite unusual even on a global scale.” (Melissa Heikkilä and Laurens Cerulus / Politico EU)
Related: EURACTIV.com, Daily Mail, Cyberscoop, TechNadu, Telegraph, HOTforSecurity, Economic Times, Help Net Security, Threatpost, Security Affairs, Financial Times Technology, Courthouse News Service, The Guardian, SecurityWeek, The Daily Swig, UPI.com, POLITICO EU, Infosecurity Magazine, The Register, Dark Reading: Vulnerabilities / Threats, Data Breaches Digest, VICE News, Teller Report, Homeland Security Today, The Record, Wired, Daily Cyber Digest, Bleeping Computer, Infosecurity Magazine, CNN.com, IT News, BBC News
Zoom Launches End-to-End Encryption in Technical Preview
Zoom has launched in technical preview its end-to-end encryption (E2EE) protection to both free and paid users. Zoom says E2EE is supported across its Mac, PC, iOS, and Android apps, as well as Zoom Rooms, but not its web client or third-party clients that use the Zoom SDK. Users have thirty days to give Zoom feedback during the preview. (Jon Porter / The Verge)
Employees at Surveillance Startup Verkada Made Sexually Explicit Jokes About Women Colleagues Using Company’s Security Cameras
A sales director at Silicon Valley surveillance startup Verkada abused the company’s state-of-the-art security cameras to take and post photos of colleagues in a Slack channel called #RawVerkadawgz where they made sexually explicit jokes about women who worked at the company. When management at Verkada found out, they punished the offending employees by reducing their stock instead of firing them, causing outrage among employees. At least five of the staff members involved were part of a popular white male “crew” who went to high school together. (Charles Rollet / IPVM)
Related: BiometricUpdate, Futurism, Boing Boing, The Verge, Joseph Cox - VICE, Slashdot
Link Previews in Chat and Messaging Apps Can Leak Sensitive Data
Link previews found in most chat and messaging apps can leak sensitive data, consume bandwidth, drain batteries and expose links in chats that are supposed to be end-to-end encrypted researchers Talal Haj Bakry and Tommy Mysk discovered. Facebook Messenger and Instagram were the worst offenders. (Dan Goodin / Ars Technica)
Related: The Hacker News, MacRumors, The Hacker News, Sensorstechforum, MacRumors, iMore, The Hacker News, Law & Disorder – Ars Technica, Mysk
Media Monitoring Company Used by Australian Federal Government Hit by Likely Ransomware Attack
Isentia, a media monitoring and analytics company used by the Australian federal government was hit by a cyberattack, most likely a ransomware attack, that was disrupting services involving its media portal. Isentia’s media-monitoring work requires clients to give it information on sensitive topics to properly brief it on what to look for in the media. It’s not clear if the attack affects this aspect of the company’s work. (Josh Taylor and Christopher Knaus / The Guardian)
Related: iTnews - Security
Other Infosec Developments
More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation, researchers at boutique security firm Security Joes discovered. All the systems were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management. (Catalin Cimpanu / ZDNet)
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP has disclosed a data breach that exposed current and former Google employees' personal information. The firms sent out a data breach notification to affected Googlers saying “that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers), including you.” (Lawrence Abrams / TechCrunch) Related: PYMNTS, TechCrunch
A data breach suffered by the Nitro PDF service impacts top-tier companies including Google, Apple, Microsoft, Chase, and Citibank according to an advisory the company to the Australia Stock Exchange. Cybersecurity intelligence firm Cyble told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. The data is for sale in a private auction with the starting price set at $80,000. (Lawrence Abrams / Bleeping Computer) Related: Digital Journal, Security Affairs, Data Breaches Digest, Security Affairs
The U.S. government’s favorite iPhone hacking technology company Grayshift has raised $47 million in a Series A funding round led by PeakEquity Partners. GrayShift’s GrayKey iPhone unlocking tool is in use by hundreds of police departments across the U.S. (Thomas Brewster / Forbes)Share Metacurity
Hail to Infosec Women
SC Magazine gave a much-deserved salute to a group of women at the top of the information security world including Eva Galperin, Katie Moussouris, Tarah Wheeler, Lesley Carhart, and many more. Take a bow, my sisters! Photo by Christina @ wocintechchat.com on Unsplash
Photo by National Cancer Institute on Unsplash