Personal data on US military members is easily bought from data brokers, and more.
Welcome to Cyber Security Today. It’s Wednesday, November 8th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Want to get personal information about active members of the U.S. military? It could cost you as little as 12 cents a record. That’s the conclusion of a report by researchers at Duke University’s School of Public Policy. They looked at hundreds of websites of data brokers selling information they legally collect from a variety of sources. Legitimate data brokers assemble information in a number of categories to sell to marketers and advertisers. Some even say they have to verify a purchaser’s identity, presumably to make sure data isn’t being bought by crooks or that the data is held confidentially. The report says some brokers may not bother with these supposed background checks. And what can a purchaser get? Data on members of the Army, Navy, Air Force or Marines and their families including health and financial data and possibly location information. This data, the report notes, could be used by foreign governments or crooks for profiling, blackmail, targeting with information campaigns and more. The report urges Congress to pass a comprehensive federal privacy law with strong controls over data brokers.
Worries by Americans and Canadians about what data brokers do isn’t new. In 2005 the U.S. Congressional research service did a background paper on data brokers. In 2014 the Office of Canada’s Federal Privacy Commissioner looked at what was going on at the time in both countries. In 2018 Canadian privacy commissioner Daniel Therrien announced an investigation into six data brokers here. That investigation is still ongoing. And in March of this year the U.S. Consumer Financial Protection Bureau announced an inquiry into the business practices of data brokers.
Veeam Software has released updates to patch two critical and two medium vulnerabilities in its Veeam ONE IT monitoring platform. The four holes affect versions 11 and 12 of the platform, as well as Veeam Disaster Recovery Orchestrator, Availability Orchestrator and Recovery Orchestrator. Failure to patch will allow a hacker to do nasty things.
A North Korean group has created new malware to compromise Mac computers. That’s according to researchers at Jamf Software. They call the gang BlueNoroff. Typically, this gang’s strategy is sending messages to cryptocurrency exchanges, venture capital companies or banks claiming to be an investor looking for a partnership. Another ruse is pretending to be a head hunter looking to recruit an employee. The report doesn’t detail how victims computers are infected, but it’s likely through an infected email attachment.
A new and more powerful version of the Gootloader malware variant has been discovered by researchers at IBM. Until now Gootloader has been used by the gang behind it as an initial access tool, after which attackers would use other tools to spread across an IT network. This new version of Gootloader downloads a module called GootBot to move around a network. The goal of this new module is to more easily evade detection. This gang usually spreads Gootloader by tricking people who do internet searches for templates for contracts, legal forms or business-related documents. They get sent to compromised websites that look like legitimate forums where they download infected files. IT departments should ensure that script block logging is enabled within their enterprise. Then they can monitor Windows event logs for signs of compromise
How can hackers break into internet-connected medical equipment? Sometimes with the help of equipment and software manufacturers. According to researchers at Trustwave, until recently the maker of an EEG brain scanning and monitoring software for hospitals recommended medical staff use the default administrator password for the Microsoft SQL database the application has. That password is spelled out in the device’s instruction guide. If a hacker gets a copy of the guide, knowing the database’s password they could get into a hospital IT network. Thankfully, after being advised of the risk the vendor has revised the user guide and now urges users not to use the default password. This of course is of no importance for listeners of my show because none of you would use an application’s default password. Nor would you create a guessable password like 12345, or one of the seven days of the week, or one of the 12 months of the year or …
Finally, Google has released a patch to fix a serious storage-related bug in Android 14 that is locking users out of their smartphones. This bug has been around for a month. However, Google says only some of peoples’ data is recoverable. And no data can be recovered from devices that are repeatedly rebooting.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.