AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 06/21/2019

Online food ordering service EatStreet disclosed a security incident from May which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners. EatStreet is currently "servicing over 15,000 restaurants in more than 1,100 cities" according to the company's website and it is a "one-stop-shop for online ordering and marketing" by offering partnered restaurants "web, mobile, and social products for online ordering." While the number of customers and partners impacted in the security incident is not provided in the data breach notifications sent to affected parties, the company's Android app has over 100,000 installs as of June 5, 2019, according to the information available on its Google Play Store entry.


2 Data breach forces AMCA’s parent firm to file Chapter 11 bankruptcy

The medical bill collection firm Retrieval-Masters Creditors Bureau Inc. has filed for Chapter 11 bankruptcy protection citing the fallout from a massive data breach that exposed the information of millions of patients. Retrieval-Masters Creditors Bureau Inc., which collects debts from medical labs under the name American Medical Collection Agency (AMCA) filed in the Southern District of New York with the aim of liquidating the company, court documents stated. Company founder and CEO Russell H. Fuchs told the court the Chapter 11 filing is the direct result of a data breach it became aware of in March 2019 that exposed the PHI of millions of patients, many belonging to Quest Diagnostics and LabCorp – AMCA’s largest customers. A subsequent investigation showed the breach may have been opened in August 2018.


3 Meds prescriptions for 78,000 patients left in a database with no password

A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 US patients. The leaky database was discovered by the security team at vpnMentor, led by Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet earlier this week. The database contained information on 391,649 prescriptions for a drug named Vascepa; used for lowering triglycerides (fats) in adults that are on a low-fat and low-cholesterol diet. Additionally, the database also contained the collective information of over 78,000 patients who were prescribed Vascepa in the past.


4 Amazon wants to sell “surveillance as a service”

Drone-based surveillance is a logical next step for Amazon, which has invested heavily in both parts of that equation. The company has been talking about using drones to deliver packages since 2013, at the time, to the great amusement of logistics giant FedEx. These days, Amazon’s plans are probably looking a lot less funny to its competitors. Amazon consumer chief Jeff Wilke said in early June that the company could start using its Prime Air drone to deliver packages to customers within the next few months, as it pushes to make one-day delivery the new standard on Amazon Prime. Amazon’s recent patent says surveillance would be a “secondary task” of such a drone-based system, after package delivery. The company suggests a user may want to “subscribe to a surveillance system to provide surveillance as a service,” a riff on the established “software as a service” category.


5 Senator Asks NIST to Propose Secure Data Sharing Methods

Senator Ron Wyden has asked the U.S. National Institute of Standards and Technology (NIST) to create and publish a guide for securely sharing sensitive data over the internet. The senator has pointed out that in many government and private organizations employees use password-encrypted ZIP files to share sensitive documents, but these files can in many cases be cracked using widely available hacking tools due to the use of weak encryption. Sen. Wyden wants NIST to create an easy-to-understand guide, noting that while many secure data sharing methods are freely available it’s often difficult for people to decide which one to use.


6 Florida city to pay $600G in ransom to hackers in effort to save records

A Florida city council voted to pay hackers almost $600,000 in ransom after they took over its computer system weeks ago. Riviera Beach city commissioners unanimously voted at a special city council meeting Monday to pay 65 Bitcoins — which nearly equates to the hefty sum — after the hackers requested to be paid in the cryptocurrency. The council had already voted to spend close to $1 million on new computers and hardware after the hack and said they felt they had no choice but to pay the ransom if they wanted to get their records, which the hackers encrypted.


7 Commercial drones can give China critical intelligence on the U.S

Commercial drones are giving Chinese intelligence services another avenue to information gathering on the United States, experts told a Senate Commerce subcommittee on Tuesday. The commercial drone market is predominately made up of Chinese manufacturers, with companies like DJI, Zero Tech and Yuneec leading the market. Experts told the committee that as these drones hover in U.S. skies, detailed land images are being transmitted back to China where citizens are required to support “national intelligence activities.” Those images could be used to create a time-stamped map of critical infrastructure and even national security sites. “That is a cyber and information risk that is at the national level,” Harry Wingo, chair of the cybersecurity department at the National Defense University, told CyberScoop after the hearing.


8 One of NASA’s robotic astronaut helper just flew on its own in space for the first time

NASA’s  very own free-floating Companion Cube equivalent took its own first tentative ‘steps’ in space today, demonstrating its ability to rotate on its own in zero gravity inside the International Space Station. The robot, called ‘Bumble’ and one of a series of Astrobee robots that NASA developed to work along with astronauts on the ISS, is the first ever to fly on its own in space. Bumble’s first flight wouldn’t necessarily wow at an airshow – the robot essentially flew a foot forward and rotated a bit. But they’re important basic maneuvers in terms of making sure the robot’s propulsion system is working and tuned correctly. Eventually, the plan is for these to operate autonomously and do some basic maintenance work, as well as support experiments, so it needs to be operating exactly as intended before it starts freely sharing space with tender human astronauts.


9 Walmart to test driverless vehicles as way to cut shipping costs, boost efficiency

Walmart Opens a New Window. is testing driverless cars to transport goods from warehouse to warehouse as a way of cutting the company’s shipping costs and boosting efficiency, a Wednesday report stated. The retail giant has teamed up with startup Gatik to test drive the vehicles, Bloomberg reported. The goal, via the driverless vehicles, is to get packages closer to the customers’ destination. Analysts told Bloomberg the market for moving items to warehouses and cutting out the middle man could reach $1 trillion. “This area has the least number of obstacles and the most certain return on invested capital in the near term,” Mike Ramsey, an analyst with Gartner Inc., told Bloomberg Opens a New Window. “If you’re looking to start a business where you can actually generate revenue, this has fewer barriers than the taxi market.

Related Posts