Cyber Security Today, Nov. 8, 2023 – Personal data on US military members is easily bought from data brokers

Share post:

Personal data on US military members is easily bought from data brokers, and more.

Welcome to Cyber Security Today. It’s Wednesday, November 8th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Want to get personal information about active members of the U.S. military? It could cost you as little as 12 cents a record. That’s the conclusion of a report by researchers at Duke University’s School of Public Policy. They looked at hundreds of websites of data brokers selling information they legally collect from a variety of sources. Legitimate data brokers assemble information in a number of categories to sell to marketers and advertisers. Some even say they have to verify a purchaser’s identity, presumably to make sure data isn’t being bought by crooks or that the data is held confidentially. The report says some brokers may not bother with these supposed background checks. And what can a purchaser get? Data on members of the Army, Navy, Air Force or Marines and their families including health and financial data and possibly location information. This data, the report notes, could be used by foreign governments or crooks for profiling, blackmail, targeting with information campaigns and more. The report urges Congress to pass a comprehensive federal privacy law with strong controls over data brokers.

Worries by Americans and Canadians about what data brokers do isn’t new. In 2005 the U.S. Congressional research service did a background paper on data brokers. In 2014 the Office of Canada’s Federal Privacy Commissioner looked at what was going on at the time in both countries. In 2018 Canadian privacy commissioner Daniel Therrien announced an investigation into six data brokers here. That investigation is still ongoing. And in March of this year the U.S. Consumer Financial Protection Bureau announced an inquiry into the business practices of data brokers.

Veeam Software has released updates to patch two critical and two medium vulnerabilities in its Veeam ONE IT monitoring platform. The four holes affect versions 11 and 12 of the platform, as well as Veeam Disaster Recovery Orchestrator, Availability Orchestrator and Recovery Orchestrator. Failure to patch will allow a hacker to do nasty things.

A North Korean group has created new malware to compromise Mac computers. That’s according to researchers at Jamf Software. They call the gang BlueNoroff. Typically, this gang’s strategy is sending messages to cryptocurrency exchanges, venture capital companies or banks claiming to be an investor looking for a partnership. Another ruse is pretending to be a head hunter looking to recruit an employee. The report doesn’t detail how victims computers are infected, but it’s likely through an infected email attachment.

A new and more powerful version of the Gootloader malware variant has been discovered by researchers at IBM. Until now Gootloader has been used by the gang behind it as an initial access tool, after which attackers would use other tools to spread across an IT network. This new version of Gootloader downloads a module called GootBot to move around a network. The goal of this new module is to more easily evade detection. This gang usually spreads Gootloader by tricking people who do internet searches for templates for contracts, legal forms or business-related documents. They get sent to compromised websites that look like legitimate forums where they download infected files. IT departments should ensure that script block logging is enabled within their enterprise. Then they can monitor Windows event logs for signs of compromise

How can hackers break into internet-connected medical equipment? Sometimes with the help of equipment and software manufacturers. According to researchers at Trustwave, until recently the maker of an EEG brain scanning and monitoring software for hospitals recommended medical staff use the default administrator password for the Microsoft SQL database the application has. That password is spelled out in the device’s instruction guide. If a hacker gets a copy of the guide, knowing the database’s password they could get into a hospital IT network. Thankfully, after being advised of the risk the vendor has revised the user guide and now urges users not to use the default password. This of course is of no importance for listeners of my show because none of you would use an application’s default password. Nor would you create a guessable password like 12345, or one of the seven days of the week, or one of the 12 months of the year or …

Finally, Google has released a patch to fix a serious storage-related bug in Android 14 that is locking users out of their smartphones. This bug has been around for a month. However, Google says only some of peoples’ data is recoverable. And no data can be recovered from devices that are repeatedly rebooting.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov. 8, 2023 – Personal data on US military members is easily bought from data brokers first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Open AI and Google Both Have Major AI Announcements: Hashtag Trending for Thursday, January 16, 2025

OpenAI’s new Tasks feature hints at autonomous AI, Google unveils Titans AI with long-term memory, and where are...

WordPress Co-Founder Warns Lawsuits Could End WordPress.org: Hashtag Trending for Wednesday, January 15, 2025

WordPress Co-Founder Warns Lawsuits Could Mean The End Of  WordPress.org. Tech Leaders Launch $30M Campaign to Protect Bluesky...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways