Millions affected in major health data breach caused by a missing password
Researchers from Cybernews have reported finding a huge database containing sensitive customer information from the Mexican healthcare sector left unprotected online. The team discovered a misconfigured Kibana instance with a “tremendous volume” of information, later attributed to eCaresoft, a software company behind two cloud-based Hospital Information Systems – Cirrus and Anytime. These platforms are used by more than 65 hospitals, 110 outpatient care centers, and more than 30,000 doctors, to help manage different aspects of work, such as inventory management, medicine management, appointment booking, and more.
Four cyber companies fined for SolarWinds disclosure failures
Four cybersecurity companies have been fined millions of dollars for lackluster disclosures following the Russian cyberattack on software company SolarWinds in 2020. The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result of a years-long investigation into public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity.
A new iMessage safety feature prompts kids to report explicit images to Apple
Apple is adding a new child safety feature that lets kids send a report to Apple when they are sent photos or videos with nudity, according to The Guardian. After reviewing anything received, the company can report messages to law enforcement. The new feature expands on Apple’s Communication Safety feature, which uses on-device scanning to detect nudity in photos or videos received via Messages, AirDrop, or Contact Poster and blur them out. In addition to blurring the photo or video, Apple also shows a pop-up with options to message an adult, get resources for help, or block the contact.
Linus Torvalds affirms expulsion of Russian maintainers
Linux creator Linus Torvalds on Wednesday affirmed the removal last week of about a dozen kernel maintainers associated with Russia. On October 18, Linux kernel developer Greg Kroah-Hartman published a message to the Linux kernel mailing list showing that a handful of Linux developers in the MAINTAINERS file had been removed. His explanation was vague. “Remove some entries due to various compliance requirements,” Kroah-Hartman wrote. “They can come back in the future if sufficient documentation is provided.”
New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks
New rules from the White House on the use of artificial intelligence by US national security and spy agencies aim to balance the technology’s immense promise with the need to protect against its risks. The framework signed by President Joe Biden and announced Thursday is designed to ensure that national security agencies can access the latest and most powerful AI while also mitigating its misuse. Recent advances in artificial intelligence have been hailed as potentially transformative for a long list of industries and sectors, including military, national security and intelligence. But there are risks to the technology’s use by government, including possibilities it could be harnessed for mass surveillance, cyberattacks or even lethal autonomous devices.
