Waze app, a GPS navigation software backed by Google, is in news, for all wrong reasons. Due to a vulnerability, the app is said to be allowing hackers to sneak into the app software and track down user whereabouts.
Peter Gasper, a security engineer, was the one who discovered the vulnerability in the Waze API. And Mr. Gasper stated that the flaw was allowing the threat actors to track down actual names of users who interacted with the app.
Although Gasper reported the vulnerability in December last year to Google only to earn $1,337 via bug bounty program, the company failed to issue a fix to the flaw for some reason.
Meanwhile, the news is out that the network admin of a US-based VOIP service provider called Broadvoice failed to secure the cloud-based database in which all the data of customers was been stored. Thus, leaking information of more than 350 million customers records from the Elasticsearch database clusters.
Bob Diachenko, a researcher working for Comparitech found that info like voicemails left at financial firms and medical clinics, full caller names, identification numbers, phone numbers, and state and city names were left exposed for access from a trove of 10 databases since October 1st,2020. So, any hacker might access the information to later use it in Phishing attacks argues Comparitech……Very True!
Third, Vastaamo, a Finland based psychotherapy clinic is hitting news headlines for a ransom heist as its patients are found receiving direct threats from cybercriminals as they somehow managed to access all customer information from a November 2018 data breach.
Vastaamo claims that the hackers might have gained access to the electronic patient records during the second cyber incident that occurred in March 2019.
Nixu, a Cybersecurity firm has been pressed into service to deeply investigate the incident and all precautionary measures have been taken to keep the data safe of Vastaamo patients in the future.
Fourth, Oregon-based Sky Lakes Medical Center is said to have fallen prey to a ransomware attack on October 27, 2020. However, the healthcare center has assured that no patient or staff data was compromised in the incident and is confident enough that it will recover all its encrypted information from backed up data.