The Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.
Amazon.com Inc. in June pitched its facial recognition technology — which can identify people from surveillance footage using image databases — as a tool for U.S. Immigration and Customs Enforcement, showing that Amazon continued to push the software to law enforcement agencies as criticism swirled from the company’s workforce and civil liberties groups. Employees in the Amazon Web Services cloud-computing unit met with the federal agency in California to present its artificial intelligence tools, according to emails obtained by the nonprofit Project on Government Oversight.
As the midterm elections get closer, government officials are focusing on election security. CBS has learned the Military’s Cyber Command Unit launched its first offensive against Russian meddling in the midterms this week. U.S. Intelligence officials said they have not seen the same level of activity from the Russians compared to 2016 but they are concerned about voting machines getting hacked. The Department of Homeland Security said it is constantly monitoring hacking attempts. They also plan to set up a virtual command center on Election Day for local officials to report suspicious activity.
Cathay Pacific has been hit by a data breach affecting 9.4 million passengers of Cathay and Hong Kong Dragon Airlines, a serious exposure that shows—not for the first time—that the focus of airline security can’t be limited to airport terminals and aircraft cabins. First discovered in March, and confirmed in May of this year, the Cathay Pacific hack exposed 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, and 27 credit card numbers with no CVV card verification code, according to Reuters.
Children’s Hospital of Philadelphia victimized twice by phishing attacks | Health Data Management
Children’s Hospital of Philadelphia has reported two data breaches that occurred in August and September of 2018. The hospital on August 24 discovered that hacker had accessed a physician’s email account on August 23 via a phishing attack. A second breach found on September 6 revealed unauthorized access to an additional email account on August 29. The organization began an investigation with a forensics firm and found that compromised data could have included patient names, dates of birth and clinical information in the neonatal and/or fetal care units, affecting the children and parents. Financial and credit information, as well as Social Security numbers, were not affected.
A Maryland consulting firm that handles political fundraisers for the Democratic Party has left fundraiser data and passwords to databases storing voter records exposed online via an unsecured network attached storage (NAS) device. The exposed data was found last week by Bob Diachenko, Director of Cyber Risk Research at Hacken, a cyber-security research firm, during a cursory Shodan search. Diachenko tracked down the exposed NAS to Rice Consulting, a consulting firm that claims to have raised over $4.32 million over the 2017 fundraiser season for Maryland Democrats.