This week in Infosec takes us back to when having a virus meant something Rant of the week proves that size doesn’t matter Billy Big Balls delivers on its promise Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is from the Infosec branding department where your security may go up as well down
This Week in InfoSec (09:55)
With content liberated from the “today in infosec” twitter account
10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicating computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots.
https://twitter.com/todayininfosec/status/1193706921733189632
Rant of the Week (14:24)
EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms
According to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed.
In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.
Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online.
Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems.
The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption.
Billy Big Balls of the Week (21:18)
Hack leaves fertility clinic medical data at risk
The Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients.
Industry News (27:32)
Ukraine Unmasks Armageddon Group as FSB Officers
Facial Recognition Firm Could Be Ordered to "Close" in UK, Warn Experts
One in Three Workers Monitored by Their Employers
Robinhood Data Breach Hits Seven Million Customers
US to Charge Suspects Over Kaseya Ransomware Attack
Class Action Against Google Blocked
Scam PACs Allegedly Stole $3.5m from Trump Voters
Researchers Uncover Prolific Hacker-for-Hire Group
Tweet of the Week (35:44)
https://twitter.com/bcmerchant/status/1457849195738451975
