Millions of Social Profiles Leaked by Chinese Data-Scrapers

Millions of Social Profiles Leaked by Chinese Data-Scrapers

The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.

Ransomware Gang Collects Data from Blood Testing Lab

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.

ThreatList: Healthcare Breaches Spike in October

ThreatList: Healthcare Breaches Spike in October

There was also a breach at Texas Health Resources thanks to a mailing error, which involved a total of 82,577 records.In all, October saw healthcare organizations and business associates in 24 states report data breaches (Texas’ 15 accounting for most of them).

Millions of Golfers Land in Privacy Hazard After Cloud Misconfig

Millions of Golfers Land in Privacy Hazard After Cloud Misconfig

Unfortunately, Game Golf landed its users in a sand trap of privacy concerns by not securing the database: Security Discovery senior security researcher Jeremiah Fowler said that the bucket included all of the aforementioned analyzer information, plus profile data like usernames and hashed passwords, emails, gender, and Facebook IDs and authorization tokens.

High-Severity SHAREit App Flaws Open Files for the Taking

High-Severity SHAREit App Flaws Open Files for the Taking

“We wanted to give as many people as we can the time to update and patch their devices before disclosing such critical vulnerability.” The flaws, which could be exploited by an attacker on a shared WiFi network, have a CVSS 3.0 score of 8.2, meaning they are high-severity, researchers told Threatpost.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

Alan Monie, researcher with Pen Test Partners, outlined in a Thursday post how he was able to launch various Insecure Direct Object Reference (IDOR) attacks on the watches. Regardless, Monie told Threatpost that the security glitch would be difficult to fix, and recommends that consumers stop using the watch.