Hackers Find Blood Donor Info, Attack an Adobe Zero Day and Deface Russian Website

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Australian Red Cross Leaks Info of Half a Million Blood Donors

The personal data of 550,000 blood donors was leaked online because of a human error.

The Australian Red Cross Blood Service said a third party that maintains its website placed a file with donor information in “an insecure environment.” The data may have been available online from Sept. 5 through Oct. 25. The organization was notified by a “person scanning for security vulnerabilities,” who informed the Australian Cyber Emergency Response Team, or AusCERT.

The data included names, addresses and dates of birth, according to the Red Cross. Troy Hunt, who runs the data-breach cataloging site Have I been pwned, wrote his information was compromised and it included more sensitive details, such as blood type and donor eligibility answers.  

“Each donor is asked questions such as whether or not they're on antibiotics, if they're under or overweight and if they've had any recent surgical procedures," Hunt wrote. “They're personal questions, no doubt, but one of them particularly stands out in terms of sensitivity: In the last 12 months, have you engaged in at-risk sexual behaviour?”

The Red Cross statement says all known copies of the data have been deleted and it will continue to work with AusCERT.

Adobe Issues Emergency Patch for Flash Player Zero Day

Adobe plugged a security hole in its Flash Player that was getting attacked in the wild.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10,” the company’s advisory states.

The company issued a critical patch Wednesday for Windows, Macintosh, Linux and Chrome operating systems for versions 23.0.0.185 and earlier, and versions 11.2.202.637 and earlier.

According to Threatpost, Adobe has issued four emergency patches this year for Flash Player vulnerabilities under attack.

Adobe thanked Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting the flaw.

Hacktivist Defaces Russian Ministry of Foreign Affairs' Website

A hacktivist retaliated against Russia for “meddling in U.S. affairs,” according to a blog post.

CNN reported the Jester defaced a Russian Foreign Affairs website Oct. 21 after being frustrated by the massive DDoS attack that crippled the internet that day.

“Things have been simmering on medium heat for a few years now,” the message said. “First the whole Wikileaks thing, then Snowden, after that all the politically motivated hacking, then you snuggled up with Trump and are openly and actively trying to influence another nations election. And now, now you or your proxy buddies are hammering the Dyn DNS provider with a YUGE DDoS attack, causing all manner of problems.”

A foreign ministry spokeswoman confirmed the attack, saying “specialists are working on it.”

The Jester, reportedly a former soldier who fought in Afghanistan and currently works in the cybersecurity and intelligence field, made a name by hacking websites that he considers threatening to the U.S., and specifically soldiers. His targets in the past included jihadist websites, WikiLeaks, the Westboro Baptist Church and the hacking group LulzSec.

The attack exploited an XSS vulnerability and didn’t damage or breach the site, according to Jester’s blog.

“This was the cyber equivalent of driving by the Ruskie Embassy and flipping them the bird. You know like Mav & Goose so righteously did in Top Gun,” the post said.