Month: September 2019

Researchers at Greenbone Networks vulnerability analysis and management company analyzed 2,300 Picture Archiving and Communication System (PACS) systems. Of the 2,300, 590 archiving systems were accessible from the Internet, exposing 24 million medical records from 52 countries. They contained 737 million images linked to this patient data, around 400 million of which are accessible or can be easily downloaded from the internet.

Many of these servers were set up and then forgotten about, or weren’t patched regularly.

Read more about it here.

Security researcher Avinash Jain discovered more than 8,000 Google Calendars exposed online, that were indexed by the Google search engine.

The issue isn’t new, however users may not be aware of it. It occurs when users make the Google calendar public.

“While this is an intended setting by the user and intended behavior of the service,” Jain says, “the main issue here is that anyone can view any public calendar by making a single Google search query, and without the calendar link being shared with them.”

Users should review their calendar sharing options – see https://support.google.com/a/answer/60765?hl=en.

Read more about it here.

According to internet security firm vpnMentor. 20.8 million records of Ecuadorian citizens had their data exposed by an unsecured Elasticsearch server run by an Ecuadorian marketing and analytics firm.

The country’s population is only 16.6 million. Most likely, the data leakage included duplicate records and data of deceased citizens.

The personal information leaked online included full names, dates of birth, national identity card numbers, tax identification numbers, employment information, names of family members, and more.

The database was secured on September 11, 2019, after vpnMentor notified its discovery to the Ecuador CERT (Computer Emergency Response Team) team.

Read more about it here.