dna - X-Industry - Red Sky Alliance2024-03-29T09:47:05Zhttps://redskyalliance.org/xindustry/feed/tag/dna23andMe Slapped with Class-Action Suithttps://redskyalliance.org/xindustry/23andme-slapped-with-class-action-suit2023-12-20T13:25:00.000Z2023-12-20T13:25:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12330394290,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12330394290,RESIZE_400x{{/staticFileLink}}" width="250" alt="12330394290?profile=RESIZE_400x" /></a>The DNA testing company <a href="https://www.23andme.com/">23andMe</a> was served with a class action lawsuit in California after cyber thieves gained access to personal data for at least a million clients. The lawsuit claims the popular <a href="https://radaronline.com/p/al-pacino-demanded-dna-test-noor-alfallah-pregnancy-sources/">DNA</a> company “intentionally, willfully, recklessly, or negligently” failed to implement adequate safety measures to protect its customers whose birth year, location and ancestry trees were exposed during the attack. “On no later than 6 October 2023, unauthorized third-party cybercriminals gained access to the Class members’ and, on information and belief, Plaintiff’s PII (personally identifiable information) as hosted with Defendant, with the intent of engaging in the misuse of the PII, including marketing, disseminating, and selling Plaintiff’s and the Class members’ PII (<a href="https://radaronline.com/exclusives/2016/11/hillary-clinton-email-scandal-russians-hacked-leak-huma-abedin-anthony-weiner/">the 'Data Breach'</a>),” stated the lawsuit filed in <a href="https://www.occourts.org/">Orange County Superior Court.</a><a href="#_ftn1">[1]</a></p>
<p> <a href="{{#staticFileLink}}12330394859,RESIZE_584x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}12330394859,RESIZE_584x{{/staticFileLink}}" width="500" alt="12330394859?profile=RESIZE_584x" /></a>“The total number of individuals who have had their data exposed due to Defendant’s failure to implement appropriate security safeguards is unknown at this time but is estimated to be approximately 1,000,000 individuals at a minimum. An undoubtedly nefarious third party that seeks to profit off this disclosure by defrauding Plaintiff and the Class members in the future.” The lawsuit was filed in Orange County because the lead plaintiff and alleged victim, Dhaman Gill, lives in <a href="https://www.visitnewportbeach.com/">Newport Beach</a> CA, according to the claim.</p>
<p><a href="{{#staticFileLink}}12330394491,RESIZE_584x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}12330394491,RESIZE_584x{{/staticFileLink}}" width="500" alt="12330394491?profile=RESIZE_584x" /></a>“Plaintiff, as a result of the <a href="https://radaronline.com/p/twitter-hacked-data-5-million-emails-phone-numbers/">Data Breach</a>, has increased anxiety for his loss of privacy and anxiety over the impact of cybercriminals accessing, using, and selling his PII,” the lawsuit stated. Plaintiff has suffered imminent and impending injury arising from the substantially increased risk of fraud, identity theft, and misuse resulting from, on information and belief, his PII being placed in the hands of unauthorized third parties/criminals.” The San Francisco area based company reported the breach to the US <a href="https://www.sec.gov/">Securities and Exchange Commission</a> and claimed hackers used old passwords to first breach about 14,000 profiles. From there the cyber crooks branched out and siphoned data from millions of other customers.</p>
<p><a href="{{#staticFileLink}}12330395065,RESIZE_584x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}12330395065,RESIZE_584x{{/staticFileLink}}" width="500" alt="12330395065?profile=RESIZE_584x" /></a>“<a href="https://radaronline.com/exclusives/2018/12/cool-facts-discover-23andme-ancestry-kits/">23andMe</a> is in the process of providing notification to users impacted by the incident as required by applicable law,” the firm stated in its disclosure report to the SEC. While no company can ever completely eliminate the risk of a cyber-attack, the Company has taken certain steps to further protect its users’ data. For example, on October 10, 2023, 23andMe required all users to reset their passwords, and on 6 November 2023, 23andMe required all new and existing users to login into the 23andMe website using two-step verification going forward.”</p>
<p><a href="{{#staticFileLink}}12330394891,RESIZE_584x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}12330394891,RESIZE_584x{{/staticFileLink}}" width="500" alt="12330394891?profile=RESIZE_584x" /></a>The lawsuit, which seeks unspecified compensatory damage, also demanded that 23andMe scrub its client’s personal information to prevent future attacks or prove it can protect the stored data. “Defendant (must) delete and purge the PII of Plaintiff and the Class members unless Defendant can provide to the Court reasonable justification for the retention and use of such information when weighed against the privacy interests of Plaintiff and the Class members.”</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.msn.com/en-us/news/other/23andme-slammed-with-class-action-lawsuit-after-cyber-attack/ar-AA1lKnnS">https://www.msn.com/en-us/news/other/23andme-slammed-with-class-action-lawsuit-after-cyber-attack/ar-AA1lKnnS</a></p></div>23andMe Users' DNA Data Stolenhttps://redskyalliance.org/xindustry/23andme-users-dna-data-stolen2023-10-31T12:00:00.000Z2023-10-31T12:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}12278611098,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12278611098,RESIZE_400x{{/staticFileLink}}" width="250" alt="12278611098?profile=RESIZE_400x" /></a>My question is, “Who has not stolen my personal information?” Equifax, Home Depot, Target, Anthem, and the OPM have already lost my PII. I recently declined an invitation to register with ID.me, <a href="https://www.id.me">https://www.id.me</a> . ID.me is an American online identity network company that allows people to provide proof of their legal identity online. ID.me digital credentials can be used to access government services, healthcare logins, or discounts from retailers. This potential theft will allow an unknown person to verify that they are me.</p>
<p>In a recent and alarming incident, famous genetic testing company 23andMe fell victim to a data breach, compromising the sensitive information of millions of its users. The breach came to public attention when a cybercriminal claimed to possess a substantial amount of customer data from 23andMe, boasting about selling "the most valuable data you'll ever see." The data reportedly included details from users who had opted into the company's "DNA Relatives" service, allowing individuals to connect with genetic relatives and delve into their family histories.<a href="#_ftn1">[1]</a></p>
<p>According to reports, the attackers accessed individual accounts through credential-stuffing techniques. This method involves using login credentials leaked from other online platforms to gain unauthorized access to user accounts where individuals have reused the same usernames and passwords.</p>
<p>The compromised accounts were those enrolled in the "DNA Relatives" feature, inadvertently revealing unexpected privacy consequences associated with such services. The stolen information reportedly included users' display names, profile photos, gender, birth years, geographical locations, predicted relationships to genetic matches, the percentage of DNA matches, the number of shared genetic segments, and details about genetic ancestry, such as haplogroups. A haplotype is a group of alleles, an allele is a variation of the same sequence of nucleotides at the same place on a long DNA molecule in an organism that is inherited together from a single parent, and a haplogroup is a group of similar haplotypes that share a common ancestor with a single-nucleotide polymorphism mutation.</p>
<p>One particularly troubling aspect of the 23andMe data breach was the targeting of specific ethnic groups, notably Ashkenazi Jews. The cybercriminals behind the breach released an initial data sample containing 1 million data points exclusively about Ashkenazi Jews, indicating a deliberate focus on this particular community.</p>
<p>This targeting raises severe concerns about the potential for the stolen data to be used maliciously, possibly for identity theft, hate crimes, or other forms of discrimination. It also underlines the importance of addressing not just the immediate cybersecurity implications but also the broader ethical considerations associated with targeted attacks on specific communities within genetic data.</p>
<p>23andMe responded promptly, confirming the incident and acknowledging that certain customer profile information was accessed without authorization. The company emphasized that there was no evidence of a breach within its systems but rather, the attackers utilized credentials leaked from other platforms to compromise accounts. 23andMe reiterated its commitment to user privacy and security, encouraging all users to enable multi-factor authentication (MFA) and avoid reusing passwords across different platforms.</p>
<p>As investigations into the breach continue, affected users are urged to take immediate steps to enhance their online security, such as enabling MFA and using strong, unique passwords.</p>
<p> </p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.secureworld.io/industry-news/23andme-users-dna-hack">https://www.secureworld.io/industry-news/23andme-users-dna-hack</a></p></div>Puzzling DNA Vulnerabilitieshttps://redskyalliance.org/xindustry/puzzling-dna-vulnerabilities2019-07-26T13:20:17.000Z2019-07-26T13:20:17.000ZJonathon Sweeneyhttps://redskyalliance.org/members/JonathonSweeney<div><p><a href="{{#staticFileLink}}3385921593,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3385921593,RESIZE_710x{{/staticFileLink}}" width="346" alt="3385921593?profile=RESIZE_710x" /></a></p><p> </p><p> </p><p> </p><p> </p><p> </p><p>DNATools Inc. application dnaLIMS is a “state-of-the art web-based laboratory information management system used to track and manage (scientific DNA research)”. It is commonly used by researchers in labs and universities around the world. In 2017, multiple vulnerabilities were discovered in this software. After the vendor was notified, their response indicates these vulnerabilities will not be fixed. It has been confirmed that these vulnerabilities still exist in the software and attackers have recently been observed exploiting these vulnerabilities for nefarious purposes.</p><p>In March 2017, multiple vulnerabilities for dnaLIMS software were publicly disclosed after DNATools and authorities had been notified. The vulnerabilities identified in this device are as follows<a href="#_ftn1">[1]</a>:</p><ul><li>CVE-2017-6526: Improperly Protected Web Shell</li><li>CVE-2017-6527: Unauthenticated Directory Traversal</li><li>CVE-2017-6528: Insecure Password Storage</li><li>CVE-2017-6529: Active Session Hijacking</li><li>Cross-Site Scripting</li></ul><p><a href="{{#staticFileLink}}3385902536,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3385902536,RESIZE_710x{{/staticFileLink}}" width="646" alt="3385902536?profile=RESIZE_710x" /></a></p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p>When properly exploited, the vulnerabilities will allow attackers to execute code remotely, hijack active user sessions, and steal data including but not limited to DNA hash information and user credentials.</p><p>Reconnaissance of these devices is easy and requires little more than a specific search using advances search queries. Because the exploit does not involve sophisticated knowledge of these devices or additional equipment, hacking into these systems requires very little skill. A Metasploit module is freely available for these exploits and increases the odds that low-level hackers will take advantage of the weaknesses in this system.</p><p>Recently, security researcher Ankit Anubhav discovered that these devices are being targeted by hackers operating from an Iranian IP address (2.176.78.42) located on the Shahed Telecommunications network on the Iraqi/Iranian border. Approximately 1/6th of the devices on this network (~5,500 devices) have botnet tracker hits in our collections, with the large majority being Anubis, Avalanche, and Andromeda.</p><p>By sending a specific POST request to cgi-bin/dna/sysAdmin.cgi on the server, attackers are able to gain unauthorized administrative access to the dnaLIMS system where they can view plaintext password files on the system, view test results/configuration data, and exfiltrate data or use the system as a pivot point on the network for further attacks.</p><p><a href="{{#staticFileLink}}3385914583,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3385914583,RESIZE_710x{{/staticFileLink}}" width="434" alt="3385914583?profile=RESIZE_710x" /></a></p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p>Due to the low skill level required, and low reward for successful exploitation, it is unlikely that these are nation-state attacks coming from Iran. It is less likely that attackers are looking for DNA information and more likely that they are taking over the devices for botnet or crypto mining operations. Credentials stolen from this system are not useful outside of the system, unless a user re-uses the same credentials on other systems.</p><p>Although DNA hash data is not useful to the average attacker, this data may be used to gain access to biometric access controls in the future. If hackers alter the data, it may result in misleading researchers to incorrect conclusions, leading to false and inaccurate medical research and a delay in medical breakthroughs and discoveries.</p><p>When asked in December 2016 what are the solutions to mitigate these risks, the vendor replied, “…Yes, we have a plan. Please gather a DNA sequence, PO Number, or Fund Number and go to your local grocery store and see what it will buy you,” indicating the company has no interest in fixing these vulnerabilities. It is unlikely any patches will be produced to prevent these attacks moving forward.</p><p>Although the repercussions for these vulnerabilities do not appear major on the surface, the lack of mitigations, ease of exploitation, and the data contained in these systems, successful exploitations can lead to delayed scientific research, credential exposure, and an overall decrease in performance from these systems. With biometric systems being used in more access controls, the future consequences of these attacks could be more severe.</p><p> </p><p><a href="#_ftnref1">[1]</a> <a href="https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/">https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/</a></p><p><a href="#_ftnref2">[2]</a> <a href="https://www.ankitanubhav.info/post/dnashell">https://www.ankitanubhav.info/post/dnashell</a></p><p> </p><p> </p></div>