Security News
An unknown threat actor that is likely sponsored by a nation state is believed to be behind a recent phishing campaign targeting the COVID-19 vaccine cold chain, IBM Security reported on Thursday. The targets appear to be associated with the Cold Chain Equipment Optimization Platform of Gavi, the Vaccine Alliance, whose main goal is to improve access to vaccines in poor countries.
IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain in a large scale spear-phishing campaign that has started three months ago, in September 2020. Cold chain orgs are an essential part of storing and delivering the COVID-19 vaccine at safe temperatures, minus 70 degrees Celsius for the one made by Pfizer and minus 20 Celsius for the one developed by Moderna.
Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of medical-related healthcare cyberattacks for the new year. These cyberattacks will have ramifications for geopolitics, with the "Attribution of attacks entailing serious consequences or aimed at the latest medical developments is sure to be cited as an argument in diplomatic disputes."
For many of us stuck working from home for most of the year, the lines between work and home activities have blurred. Similar to how social distancing can help prevent the spread of COVID-19, keeping a 'six foot distance' between our digital home life and digital work life can go a long way when it comes to safeguarding our most sensitive data, too.
A security vulnerability in the infrastructure underlying Germany's official COVID-19 contact-tracing app, called the Corona-Warn-App, would have allowed pre-authenticated remote code execution. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Lab was chasing down RCE vulnerabilities on the platform and found one in the infrastructure supporting CWA for Android and OS. The team said it worked with SAP to mitigate the issue, adding as a server-side issue, the mobile apps themselves were not impacted, and that no data was collected beyond a device's IP address.
There's nothing quite like eating your own dog food, as Test and Trace chief Baroness Dido Harding has learned after being instructed to self-isolate by the NHS COVID-19 contact-tracing app overnight. In a tweet this morning, Harding said she was feeling well, and that there's "Nothing like personal experience of your own products." A screenshot posted to Twitter shows Harding with nine days remaining in her isolation period.
Over the past two weeks, global biotech firm Miltenyi has been battling a malware attack on its IT infrastructure, the company said in a recent disclosure to its customers. The firm is currently supplying SARS-CoV-2 antigens for researchers working on treatments for COVID-19.
Public health officials in Delaware on Sunday disclosed that the personal information of thousands of people who were tested for the coronavirus this summer was mistakenly shared with an unauthorized individual. The state's Division of Public Health said the data breach happened when a temporary staff member sent two unencrypted emails in August that included files with the test results, names, dates of birth and phone numbers of 10,000 people.
Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. "The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States."
A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. The Citizen Lab's report is the latest example of how the COVID-19 pandemic has spurred a host of security problems for the healthcare sector to deal with - including securing data and ransomware attacks.