Daily Archives: June 7, 2019

Weekly Update 142

Weekly Update 142

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting:

But that wasn't all, there was also the European Security Blogger awards a couple of days earlier:

And just a general absolutely jam-packed, non-stop week for both Scott and I. We talk about what we've been up to in London, Scott's weird cert adventures and a couple of massive data breaches back home in Australia. I'm publishing this just before I head off to Oslo so I'll come from there next week solo, then with Scott again the week after from the NDC conference. Until then, here's this week's update:

Weekly Update 142
Weekly Update 142
Weekly Update 142


  1. Scott had a cert unexpectedly issued for one of his domains (interesting series of events that led to it, documented in that Twitter thread)
  2. Scott tweeted about a weird security decision by Emirate... and got into "Twitter trouble" (we only ever - ever - see this sort of behaviour online, never in person)
  3. Westpac's PayID was the target of a mass enumeration attack (apparently 100k Aussies had personal data exposed by this "feature")
  4. The Australian National University got seriously pwned (19 years worth of historical data - how much of that did they actually still need?)
  5. I'm sponsored by Varonis this week - watch their DFIR team investigate a cyberattack using their data-centric security stack

Cyber News Rundown: Medical Testing Service Data Breach

Reading Time: ~ 2 min.

Quest Diagnostics Customers Affected by Third-Party Breach

The medical testing organization Quest Diagnostics has fallen victim to a third-party data breach that could affect nearly 12 million of their patients. AMCA, a collections agency that works with Quest Diagnostics, noticed unauthorized access to their systems over an eight-month period from August of last year through March 2019. The majority of data targeted were Social Security Numbers and other financial documents, rather than patient’s health records. The market offers a premium for such data.

Adware Installed by Millions of Android Users

Until recently, there were over 230 apps on the Google Play store that had been compromised by a malicious plugin that forced out-of-app advertisements on unsuspecting victims. Globally, over 440 million individuals have installed at least one of these compromised applications and have been affected by overly-aggressive advertisements. While this SDK has been used legitimately for nearly a year, sometime during 2018 the plugin began performing increasingly malicious behaviors, until other developers caught on and began updating their own applications to remove the plugin. 

Chinese Database Exposes Millions of Records

A database belonging to FMC Consulting, a headhunting firm based in China, was recently found by researchers to be publicly available. Among the records are resumes and personally identifiable information for millions of individuals, as well as company data with thousands of recorded messages and emails. Unfortunately for anyone whose information is contained within this database, in the two weeks since being notified of the breach FMC has yet acknowledge the breach or take steps to secure it.

Restaurant Payment Systems Infected

Customer who’ve patronized either Checkers or Rally’s restaurants in recent months are being urged to monitor their credit cards after the chain announced that they discovered card stealing malware on their internal systems. While not all restaurant locations were affected, the company is still working to determine the extent of the compromised payment card systems and has offered credit monitoring services to customers.

University of Chicago Medicine Server Found Online

Researchers have found a server belonging to University of Chicago Medicine with personal information belonging to more than 1.6 million current and past donors. The data includes names, addresses, and even marital and financial information for each donor. Fortunately, the researcher was quick to inform the university of the unsecured ElasticSearch server and it was taken down within 48 hours.

The post Cyber News Rundown: Medical Testing Service Data Breach appeared first on Webroot Blog.