Personal Cybersecurity #21: Daily news

What you need to know for your personal cyber security life… 

Number twentyone in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the loop.  

evil inside

# # #

Factoring new technologies into healthcare risk analysis

  • By Patrick Ouellette
  • Health IT Security
  • February 26, 2014

The HIMSS14 Conference down in Orlando this week will present an opportunity for vendors of all different sizes and specialties to display their offerings to their user audience. New technologies are being announced on what seems like an hourly basis and organizations are implementing them with hopes of efficiency, compliance and better patient care. Simultaneously, the Office for Civil Rights (OCR) is in the early stages of determining the scope of its 2014 HIPAA audits has made it abundantly clear that covered entities and business associates (BAs) use of risk analysis will factory heavily into the audits.

Organizations shouldn’t rely solely on new products to make them HIPAA compliant, nor should they avoid technology that will help secure patient data more efficiently and effectively. Achieving equilibrium between the two ends of the spectrum is the best-case scenario when conducting a risk analysis, according to David Holtzman, CynergisTek Vice President of Privacy. Holtzman and Mac McMillan will present at HIMSS14 today at 10 a.m. on “Understanding Risk Analysis“. asked Holtzman how new technologies such as virtual desktop infrastructure (VDI) or other virtualization technologies that can help take physical storage of data on devices out of the equation should impact organizations’ views on risk analysis. Holtzman explain that even though new technology requires a different set of considerations, the need for risk analyses remains the same.


# # #

Apple releases OS X 10.9.2 update, patches severe SSL bug

  • By Adrian Kingsley-Hughes
  • ZDNet News
  • Security
  • February 25, 2014

Apple has released OS X 10.9.2 update for all Maverick users, which, amongst other things patches the SSL bug in the operating system that could allow full transparent interception of HTTPS traffic.

This vulnerability not only affected Safari, but also other installed applications relying on an encrypted channel to the internet. However, third-party browsers such as Chrome and Firefox rely on different implementations of SSL/TLS, which means that they aren’t subject to the vulnerability.

The bug, which has apparently gone unpatched since iOS 6’s release in 2012, resides in a piece of open source code used by Apple.

Aldo Cortesi, CEO and founder of security consultancy firm Nullcube, claimed to have intercepted iCloud data, including KeyChain enrolment and updates, data from Calendar application, and traffic from apps that use certificate pining, such as Twitter.


# # #

First contagious WiFi computer virus goes airborne, spreads like the common cold

# # #

 360 million newly stolen credentials on black market: cybersecurity firm

  • By Jim Finkle
  • Reuters
  • February 25, 2014

A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access.

The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.

Alex Holden, chief information security officer of Hold Security LLC, said in an interview that his firm obtained the data over the past three weeks, meaning an unprecedented amount of stolen credentials is available for sale underground.

“The sheer volume is overwhelming,” said Holden, whose firm last year helped uncover a major data breach at Adobe Systems Inc in which tens of millions of records were stolen.

Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.


 # # #

Marussia Formula 1 team’s race testing disrupted by Trojan malware

  • By John E Dunn
  • Techworld
  • 25 February 2014

The Marussia Formula 1 racing team has admitted losing an entire day’s race testing in Bahrain last week after the computer systems used for in-car telemetry were disrupted by Trojan malware.

The UK-based Russian-sponsored team didn’t specify which Trojan caused the problems nor why it caused such a headache but the fact it was even mentioned suggests that the incident was significant.

“It started off with the first disaster, which was a computer Trojan-type virus in the racks, which cost us the best part of the day,” team principal John Booth told the motoring magazine Autosport. “That set the tone for the week.”

The team reportedly completed only 29 laps in the entire four days, the least of any team. Most of that was completed on day two when 17 laps were completed. The Trojan hit on day three which turned it into a write-off.


# # #

FTC: Identity theft is the plague of the country

  • By Michael Cooney,
  • Network World 
  • February 27, 2014 

Network World – The Federal Trade Commission today issued its annual look at what consumers in the United States are complaining about the most.

And for the 14th consecutive year the winner, or loser really, for 2013 was identity theft, receiving over 290,000 or 14% of the agency’s 2 million overall complaints. Thirty percent of these incidents were tax- or wage-related, which continues to be the largest category within identity theft complaints, the FTC stated.

The identity theft totals were actually down from 2012 when the agency said it got 369,132 or 18%, of the complaints were related to identity theft. Of those, more than 43% related to tax- or wage-related fraud, the agency stated.

Florida has the highest per capita rate of reported identity theft and fraud complaints, followed by Georgia and California for identity theft complaints, and Nevada and Georgia for fraud and other complaints, the FTC noted.

The IRS recently included identity theft as its No.1 scam in its annual Dirty Dozen tax scams for 2014.  In many cases, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund.  

The Top 10 complaints are:

  1. Identity Theft
  2. Debt Collection
  3. Banks and Lenders
  4. Imposter Scams
  5. Telephone and Mobile Services
  6. Prizes, Sweepstakes, and Lotteries
  7. Auto Related Complaints
  8. Shop-at-Home and Catalog Sales
  9. Television and Electronic Media
  10. Advance Payment for Credit Services


# # #

Updated: March 8, 2014 — 6:08 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.