This Week in InfoSec (09:55)

With content liberated from the “today in infosec” twitter account

10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicating computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots.

https://twitter.com/todayininfosec/status/1193706921733189632

Rant of the Week (14:24)

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

According to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. 

In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.

Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. 

Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. 

The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption. 

Billy Big Balls of the Week (21:18)

Hack leaves fertility clinic medical data at risk

The Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients.

Industry News  (27:32)

Ukraine Unmasks Armageddon Group as FSB Officers

Facial Recognition Firm Could Be Ordered to "Close" in UK, Warn Experts

One in Three Workers Monitored by Their Employers

Robinhood Data Breach Hits Seven Million Customers

US to Charge Suspects Over Kaseya Ransomware Attack

Class Action Against Google Blocked

Anglers Redirected to Pornhub

Scam PACs Allegedly Stole $3.5m from Trump Voters

Researchers Uncover Prolific Hacker-for-Hire Group

Tweet of the Week (35:44)

https://twitter.com/bcmerchant/status/1457849195738451975

https://twitter.com/sherrod_im/status/1458460638561382401

Come on! Like and bloody well subscribe!