Healthcare Provider ILS Warns 4.2 Million People Of Data Breach
March 15, 2023
Miami healthcare administration provider Independent Living Systems (ILS) suffered a breach after threat actors gained access to parts of their system. The breach occurred between June 30 and July 5, 2022, with threat actors possibly having access to patient names, social security numbers, taxpayer id number, medical information, and health insurance information.
Data Security Perspective: Affected patients should be aware of any fraudulent activity or phishing attempts arising from having their personal information breached.
AT&T Informs 9M Customers About Data Breach
March 10, 2023
Telecommunications company AT&T informed customers of a data breach affecting their Customer Proprietary Network Information (CPNI). The breach occurred when AT&T’s marketing vendor was breached by a threat actor, gaining access to AT&T’s CPNI, which contains subscriber information. Exposed information includes names, phone numbers, email addresses, monthly charges, minutes used, and past due amounts and apparently does not contain financial information.
Data Security Perspective: Data breaches commonly occur due to third-party companies suffering a breach. Companies should ensure they are sharing their information with trusted vendors who have adequate security controls in place.
PeopleGrove Security Lapse Exposed Personal Information
March 10, 2023
PeopleGrove, a platform for higher education and alumni networks formerly known as CampusKudos exposed personally identifiable information of its customers. The exposed database containing over 25 million entries was publicly exposed without authentication. The information included addresses, email addresses, phone numbers, university grades, resumes, and employment details. The company stated the exposed database is part of their development servers and is unsure why production data was there.
Data Security Perspective: Organizations using cloud services to store personal user data must ensure their assets are stored securely. In addition, organizations should be aware of where sensitive data is stored in their environment. A DSPM can determine where, how, and what data is being stored.
Mscripts Cloud Storage Misconfiguration Exposed PHI For 6 Years
February 16, 2023
Mobile pharmacy provider Mscripts announced the exposure of user personal information. The exposure was caused by a misconfigured cloud environment and appears to have been insecure since September 2016. The information of 66,372 patients was exposed, including addresses, birth dates, names, phone numbers, prescription numbers, medications, pharmacy information, health insurance, member IDs, and dependents’ names.
Magpie Tutorial Part 1 - Setup and Configuration
Magpie is an open-source Cloud Security Posture Management tool or CSPM that allows organizations to discover and assess their AWS and GCP infrastructure against industry best practices and community-developed security rules. This is part one of a series on how to use Magpie.
To install and configure Magpie follow these steps:
- Clone the Magpie repo
git clone git@github.com:openraven/magpie.git
- Go into the Magpie folder and build the project
mvn clean package install && mvn --projects magpie-cli assembly:single
This will build the distribution file in magpie-cli/target
- Unzip the distribution zip in magpie-cli/target/magpie-<version>-SNAPSHOT.zip
- Once the distribution is unzipped, go into the snapshot folder.
- Here we will need to change the config.yaml
We can see in this screenshot that by default all AWS services are scanned, however to select specific services we can remove the comment, or add another supported service.
- Magpie can output the results as JSON, CSV, text or persist to a database.
Simply set enabled to true or false depending on your preferred output. For JSON, text and CSV, stdout can be used to save to file.
./magpie.sh > output.json
When persisting to a postgres database, magpie will create all tables at startup.
- Add AWS or GCP credentials as environment variables. For AWS:
export AWS_ACCESS_KEY_ID=””
export AWS_SECRET_ACCESS_KEY=””
export AWS_SESSION_TOKEN=””
export AWS_REGION=””
For GCP:
export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_CREDENTIALS_JSON_FILE
Magpie can now be ran using ./magpie.sh or for discovery alone ./magpie-discovery.sh