A huge database of fitness app information found unprotected, Olympus describes attempted malware attack and security patches released.
Welcome to Cyber Security Today. It’s Wednesday, September 15th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Another company has failed to ensure its employees properly secure the data they’re working on. This time it’s an American company called GetHealth. It makes an API that collects data from fitness wearables like Fitbit, Apple Healthkit, Google Fit and others. GetHealth apparently helps users collate that data on their computers. But security researchers found a non-password-protected database of GetHealth’s on the internet that held over 61 million unencrypted records of users around the world. Some of the data held personally identifiable information including names, dates of birth. According to the news site Website Planet, which made the discovery, GetHealth’s website says it complies with American federal health data protection law.
Olympus, which makes optical equipment for industrial and medical use, says it was hit by an attempted malware attack last week. The sales and manufacturing networks for Europe and the Middle East were impacted. There is no evidence of data loss, the company said. However, a source told the Tech Crunch news site that Olympus found a ransomware note claiming data had been encrypted.
There are a number of important new security updates you need to know about and install:
-Google Chrome users need to update to the latest version of the browser. That’s because two high severity vulnerabilities have been found. The version you should be running starts with 93 and ends with .82;
-Apple has issued security updates for devices running its iOS and macOS operating systems. That means iPhones, iPads, iPods and Macs. One of the updates fixes a vulnerability discovered by the University of Toronto’s Citizen Lab. It has been exploited by a company that sells security software to governments and police departments who have been known to use it for compromising devices of political activists and reporters;
-And because yesterday was the monthly Patch Tuesday, Microsoft issued a bunch of updates for Windows and other products. Among the more important ones is a fix to a problem I reported last Friday in a Windows browser rendering component called MSHTML. As always, make sure Windows updates are installed quickly.
Owners of HP computers with the OMEN Gaming Hub hopefully paid attention to a security alert and installed a patch sent to them at the end of July. That’s because it involves a serious software vulnerability. News stories are only popping up now because SentinelOne, the cybersecurity company that discovered the flaw, has released a detailed report on it. It’s not uncommon for companies to release reports like this for IT experts weeks or months after a patch has quietly been released in hopes that most devices have already been patched.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.