The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.
Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.
There was also a breach at Texas Health Resources thanks to a mailing error, which involved a total of 82,577 records.In all, October saw healthcare organizations and business associates in 24 states report data breaches (Texas’ 15 accounting for most of them).
Unfortunately, Game Golf landed its users in a sand trap of privacy concerns by not securing the database: Security Discovery senior security researcher Jeremiah Fowler said that the bucket included all of the aforementioned analyzer information, plus profile data like usernames and hashed passwords, emails, gender, and Facebook IDs and authorization tokens.
“We wanted to give as many people as we can the time to update and patch their devices before disclosing such critical vulnerability.” The flaws, which could be exploited by an attacker on a shared WiFi network, have a CVSS 3.0 score of 8.2, meaning they are high-severity, researchers told Threatpost.
Alan Monie, researcher with Pen Test Partners, outlined in a Thursday post how he was able to launch various Insecure Direct Object Reference (IDOR) attacks on the watches. Regardless, Monie told Threatpost that the security glitch would be difficult to fix, and recommends that consumers stop using the watch.