Twitter | Search | |
@mikko Feb 18
Big medical data breach today in Sweden.
Reply Retweet Like
@mikko Feb 18
Replying to @b9AcE
Phone calls to the MEDICALL help service were stored as WAV audio files on an unsecured server. Picture via .
Reply Retweet Like
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ
Was a bit more on that server to go through though: - Enterprise & normal Owncloud instance - Slick bootstrap admin template: - "itell" ? - "prebus" ? - "snow" ? Server seems to have been up for years, oldest file is from August 2013..
Reply Retweet Like More
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ Feb 18
Replying to @mikko @b9AcE @RiskIQ
The first time the scanners started picking up the open directory on 188[.]92[.]248[.]19 was in December 2018, someone messed up a configuration change it seems.
Reply Retweet Like
📊⌨️Tiago Henriques Feb 18
Replying to @ydklijnsma @mikko and 2 others
which is the max query we allow on historical via API timewise, when looking back
Reply Retweet Like
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ Feb 18
Replying to @Balgan @mikko and 2 others
Yeah not sure if there was some kind of change around that time, we had it (emptier) back in 2016 but no hits in-between. Not sure why....
Reply Retweet Like
📊⌨️Tiago Henriques Feb 18
Replying to @ydklijnsma @mikko and 2 others
Reply Retweet Like
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ Feb 18
Replying to @Balgan @mikko and 2 others
Erhm, that server has been hosting through DNS resolution since September 2014... the first files on the server are from 2013. What are the odds its been there -that- long...
Reply Retweet Like
📊⌨️Tiago Henriques Feb 18
Replying to @ydklijnsma @mikko and 3 others
website also looks dodgy af.
Reply Retweet Like
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ Feb 18
Replying to @Balgan @mikko and 3 others
The company behind it is "Voice Integrate" which owns a whole AS... AS49292 specifically. It's not a super large pool but still:
Reply Retweet Like
Yᴏɴᴀᴛʜᴀɴ Kʟɪᴊɴsᴍᴀ Feb 18
Replying to @Balgan @mikko and 3 others
I have a feeling this is far from over, their asterix call system f.e is hosted at medicall.applion[.]se -> 103.13.228.97:5060 Bunch of interesting subdomains with more behind it:
Reply Retweet Like