War on WikiLeaks - This week in cybersecurity
An NHS hospital group which suffered in May's WannaCry outbreak has fallen victim to another ransomware attack and has been forced to cancel a number of patient appointments as a result. Malware was detected in NHS Lanarkshire IT systems on Friday, August 25th and the cyber attack has since been identified as a new variant of Bitpaymer ransomware. Read more.
Thanks to a coding error with the CVS app, the massive U.S. retail pharmacy has been inadvertently sharing users' locations with more than 40 web servers, privacy experts say. The app for the drug store allows you to get coupons as well as refill your prescription and find nearby pharmacies. The store-locator feature contains the privacy flaw, which has resulted in the app sending out GPS coordinates to outside entities, said Serge Egelman, director of security and privacy research at the International Computer Science Institute. Read more.
Security researchers have devised a way to offer steep discounts or steal goods by hacking vulnerable point-of-sale systems. The researchers at cybersecurity firm ERPScan—which has a commercial stake in the space—found that SAP's point-of-sale (POS) systems don't authenticate or check internal commands, allowing anyone with access to the store's network unrestricted access to the checkout system. Read more.
The personal details of up to two million customers of technology and video games retailer CeX may have been compromised in a data breach. Information including names, addresses, email contact details, and phone numbers of CeX customers in the UK who supplied their data to the retailer through online forms has been accessed in a "sophisticated breach", the company has warned. Read more.
A huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Read more.
Almost half a million pacemakers have been recalled by the U.S. Food and Drug Administration (FDA) due to fears that their lax cybersecurity could be hacked to run the batteries down or even alter the patient’s heartbeat. Read more.
WikiLeaks’ website appears to have been hacked by a group called OurMine, whose previous hacks have targeted tech CEOs, companies, and news sites. Read more.