Cyber Security Today, April 29, 2022 – Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned

Share post:

Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned. Welcome to Cyber Security Today. It’s Friday April 29th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Another misconfigured bucket of data stored in the cloud has been found. This time it held data and images of people by Breastcancer.org. It’s an American non-profit with a website that offers free research to women and men on breast cancer. It also has discussion forums people can subscribe to. In a report released this week researchers at SafetyDetectives found said last year they found an open Amazon S3 bucket holding 150 GB of data with over 350,000 files. Some of the files were user avatars, which are real or sketched pictures forum users can put beside their real or assumed names. Others were images posted with their comments in the forums. However, some digital images have what’s called EXIF data that can include general location information, such as where an image was shot. That could lead to the real identities of people being tracked down, say the researchers. Some data also included results of medical tests. In addition to this being a privacy problem the researchers say Breastcancer.org didn’t reply to warning messages. Ultimately researchers had to Amazon as well as the U.S.Computer Emergency Response Team to get the data secured. Two lessons from this incident: Organizations must have a combination of policies and IT procedures to ensure sensitive data employees have access to is locked down. And they need procedures for taking seriously email, phone and text complaints about security-related problems. IT administrators allowing employees to use Microsoft’s Internet Explorer browser need to know threat actors are hunting for versions that haven’t patched a year-old vulnerability. The warning comes from security researchers at Bitdefender. Attackers are using the vulnerability to install the RedLine Stealer trojan. This is malware that steals passwords, credit card information and other sensitive data. This vulnerability was patched in March, 2021. There is no reason why companies, or individuals, should still be using an old version of any browser. Individuals should check once a week to make sure their browser is running the latest version. Does Facebook have full control over the data of its users? Can it make privacy promises to users and reguators? No, say some employees. That’s according to a document written last year and seen by reporters at Motherboard. Authored by Facebook privacy engineers on the Ad and Business Product team, it says Facebook can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ The problem, says the letter, is privacy regulators expect Facebook to make promises like that. A Facebook spokesperson replied the company has extensive processes and controls to comply with privacy regulations. There’s a link here to the article, so can you read it and judge yourself. Finally, later today look for the Week in Review edition of the podcast. My guest is Terry Cutler, head of Montreal’s Cyology Labs. We’ll discuss the Lapsus$ extortion gang’s tactics, ransomware attacks on Costa Rica and a list of favourite vulnerabilities exploited last year by hackers. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, April 29, 2022 – Breast cancer website leaves data open, a warning on Microsoft Explorer and Facebook privacy controls questioned first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

Is EU competition working? One company shows a 250 percent increase. Hashtag Trending for Friday April 12, 2024

US Internet providers must now display clear pricing and product information. HP Ink controversy continues to stain the company’s reputation with consumers. Is the EU’s competition legislation working? Early numbers seem to show it might be. And there’s a 10 million dollar bet that Elon Musk is wrong about AI. All this and more on

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways