Cyber Security Today, April 29, 2022 – Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned

Share post:

Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned. Welcome to Cyber Security Today. It’s Friday April 29th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Another misconfigured bucket of data stored in the cloud has been found. This time it held data and images of people by Breastcancer.org. It’s an American non-profit with a website that offers free research to women and men on breast cancer. It also has discussion forums people can subscribe to. In a report released this week researchers at SafetyDetectives found said last year they found an open Amazon S3 bucket holding 150 GB of data with over 350,000 files. Some of the files were user avatars, which are real or sketched pictures forum users can put beside their real or assumed names. Others were images posted with their comments in the forums. However, some digital images have what’s called EXIF data that can include general location information, such as where an image was shot. That could lead to the real identities of people being tracked down, say the researchers. Some data also included results of medical tests. In addition to this being a privacy problem the researchers say Breastcancer.org didn’t reply to warning messages. Ultimately researchers had to Amazon as well as the U.S.Computer Emergency Response Team to get the data secured. Two lessons from this incident: Organizations must have a combination of policies and IT procedures to ensure sensitive data employees have access to is locked down. And they need procedures for taking seriously email, phone and text complaints about security-related problems. IT administrators allowing employees to use Microsoft’s Internet Explorer browser need to know threat actors are hunting for versions that haven’t patched a year-old vulnerability. The warning comes from security researchers at Bitdefender. Attackers are using the vulnerability to install the RedLine Stealer trojan. This is malware that steals passwords, credit card information and other sensitive data. This vulnerability was patched in March, 2021. There is no reason why companies, or individuals, should still be using an old version of any browser. Individuals should check once a week to make sure their browser is running the latest version. Does Facebook have full control over the data of its users? Can it make privacy promises to users and reguators? No, say some employees. That’s according to a document written last year and seen by reporters at Motherboard. Authored by Facebook privacy engineers on the Ad and Business Product team, it says Facebook can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ The problem, says the letter, is privacy regulators expect Facebook to make promises like that. A Facebook spokesperson replied the company has extensive processes and controls to comply with privacy regulations. There’s a link here to the article, so can you read it and judge yourself. Finally, later today look for the Week in Review edition of the podcast. My guest is Terry Cutler, head of Montreal’s Cyology Labs. We’ll discuss the Lapsus$ extortion gang’s tactics, ransomware attacks on Costa Rica and a list of favourite vulnerabilities exploited last year by hackers. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, April 29, 2022 – Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

AI Engages In Deceptive Marketing: Hashtag Trending for Tuesday, December 3, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses a science fiction,...

AI vs Ghost Engineers: Hashtag Trending for Monday, Dec. 2, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses, a science fiction...

AI Chat Bot Exposes 300,000 Records: Cyber Security Today for Monday, December 2, 2024

This week’s programs are brought to you by the book Elisa: A Tale of Quantum Kisses. Pre-release of...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways