At a glance.
- iPhone widgets aren't spying on users.
- Blackbaud victims expand.
- Healthcare breach at Medisys.
- UHS ransomware update.
- Data exposure at e-learning vendor.
- Cloudflare on privacy.
Good news: contrary to what you're reading in social networks, new iPhone widgets are not spying on users.
A conspiracy theory claiming that the widgets in the iPhone’s new iOS 14 are spying on users has been debunked, reports 9to5Mac. The theory, which claims that the widgets are logging users’ keystrokes, started on Facebook, where it was screenshotted and went viral once shared on Twitter and Instagram. Much of the supposed evidence is not only unfounded, but is linked to new features, not flaws, of the operating system, like a security code autofill feature and push notifications warning users about possible data breaches. Furthermore, explains creator Widgetsmith, the widgets have built-in limitations that would make them inefficient key loggers, as they are incapable of running in the background long enough to collect the necessary data. According to Widgetsmith developer David Smith, “Widgetsmith was built from the ground up with complete privacy in mind and collects essentially no data about its users.”
Inova Health is latest victim of Blackbaud attack.
US-based healthcare provider Inova Health is the latest institution to be affected by the Blackbaud ransomware attack, reports WJLA. Inova sent letters to patients possibly affected and released a statement announcing that patient and donor data might have been compromised in the breach. Blackbaud, a third-party donor fundraising service provider for educational institutions, suffered a ransomware attack between February and May of 2020 that has had wide-reaching effects for its clients all over the world.
Medisys suffers ransomware attack.
Canadian healthcare provider Medisys has suffered its own ransomware attack, reports Global News. Medisys met the hacker’s demands in order to regain access to the data, but about five percent of its clients, or approximately 60,000 people, were affected by the breach.
Update on the UHS incident.
Hospitals operated by Universal Health Services continue to work through the difficulties imposed by the ransomware attack the system suffered over the weekend. The ransomware, probably Ryuk, has forced the hospitals to revert to manual systems and to reschedule surgeries and other procedures. Hospitals are hoping that the incident amounts only to a disruption of IT services and not the theft of data. Ransomware, however, has evolved since last year to the point where data theft and the additional leverage and revenue stream stolen information brings with it are now a routine part of criminal practice.
Database exposure affects e-learning vendor.
Security researchers at Safety Detectives report that Bangalore-based e-learning vendor Edureka was operating an unsecured Elasticsearch server. About twenty-five gigabytes of personal information belonging to some two-million users were exposed. The data included the following elements:
- “First names
- “Email addresses
- “Phone numbers
- “Country of residence (implied from phone number info)
- “Login activity records,” and
- “Miscellaneous Auth token information”
The data have now been secured.
Cloudflare makes privacy a priority.
On the heels of introducing Durable Objects, a tool intended to help developers navigate ever-changing data privacy regulations, web services company Cloudflare is now offering a less-invasive competitor to GoogleAnalytics, reports Fortune. GoogleAnalytics has long been the leading web behavior tracker, but it has also been criticized for invading user privacy, as it uses the data collected to offer customized advertising. Cloudflare’s alternative, which they’re calling Cloudflare Web Analytics, is the latest installment in the company’s annual tradition of giving back by offering a new, free service, often privacy-related. This focus on user privacy is proving especially useful to customers in the EU, where heightened privacy restrictions have made it illegal for organizations to track users without their consent.