Cyber Security Today, Oct. 21, 2022 – Microsoft storage misconfiguation, data tracker leads to another data breach, and more

Share post:

Microsoft admits a storage misconfiguation, data tracker leads to a data breach at a second US hospital chain, and more.

Welcome to Cyber Security Today. It’s Friday, October 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Microsoft has acknowledged a misconfigured storage bucket open on the Internet exposed business data that could have been copied by anyone who found it. Some business documents between Microsoft and prospective customers could have been seen and stolen. After being notified in September of the open storage by researchers at a company called SOCRadar, the data was secured. But it included names, email addresses, email content, company names and phone numbers. It also may have included attached files relating to business between a customer and Microsoft or one of its partners.

Another American hospital chain is notifying patients of a data breach related to the use of the Meta Pixel tracker on their websites. Advocate Aurora Health, which has 26 hospitals in Wisconsin and Illinois, is notifying patients of the breach. It exposed the personal data of 3 million patients. This follows the admission by Novant Health that improper use of Meta Pixel led to the exposure of data of 1.3 million patients. According to the Bleeping Computer news service, Meta Pixel helps website operators understand how visitors interact with their sites. It also sends data to Meta — the parent of Facebook — which sends it to marketers and advertisers.

Police in Brazil this week arrested a person they believe is a member of the Lapsus$ extortion gang. This comes after the Brazilian Ministry of Health was hacked last year. Two people believed to be associated with the gang were charged last April in the U.K.

Two Americans have been sentenced to two-year prison terms for going after executives of cryptocurrency companies and others who likely had cryptocurrency. The convicts got control of the social media accounts of targets, then used that access to convince cellphone companies to give them control of the victims’ smartphones through SIM card swapping. The phone access was used to try and access bank accounts. It was alleged that the pair stole about $330,000 in cryptocurrency from victims.

More bad apps have been found in the Google Play store. Researchers at McAfee discovered 16 apps that managed to get past Google scrutiny and onto the marketplace. As is common, crooks disguised the malicious apps as utilities people might want: A currency converter, a flashlight, a digital image vault and a QR code reader. Smartphone apps like that can be appealing — our mobile phones are fun devices, why not load them up with useful apps? That attitude is how malware gets on your phone, and how your email and bank accounts get hacked. Be very careful before chosing to download apps that aren’t from brand-name companies. Research before you click.

Finally, Texas is suing Google for allegedly violating the state’s biometric law. The claim is that by illegally collecting voice prints, records of face geometry and more though Google Photos, Google Assistant and Nest Hub Max the company has unlawfully captured and used their data without getting informed consent. Then, the claim says, Google used the data for its own commercial interest. None of the claims have been proven in court.

That’s it for now. But later today the Week In Review edition will be out. This week David Shipley of Beauceron Security and I will discuss a Blind Carbon Copy email mistake, the risks of the use of real data when testing applications and new Canadian cyber incident statistics.

Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Oct. 21, 2022 – Microsoft storage misconfiguation, data tracker leads to another data breach, and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Why Jensen Huang in the Taylor Swift of tech. Hashtag Trending for Friday, June 21, 2024

Hashtag Trending is brought you with the generous sponsorship of Zoho Canada. We thank them for making it...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways