What you need to know for your personal cyber security life…
Number twentyone in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the loop.
# # #
Factoring new technologi
es into healthcare risk analysis
- By Patrick Ouellette
- Health IT Security
- February 26, 2014
The HIMSS14 Conference down in Orlando this week will present an opportunity for vendors of all different sizes and specialties to display their offerings to their user audience. New technologies are being announced on what seems like an hourly basis and organizations are implementing them with hopes of efficiency, compliance and better patient care. Simultaneously, the Office for Civil Rights (OCR) is in the early stages of determining the scope of its 2014 HIPAA audits has made it abundantly clear that covered entities and business associates (BAs) use of risk analysis will factory heavily into the audits.
Organizations shouldn’t rely solely on new products to make them HIPAA compliant, nor should they avoid technology that will help secure patient data more efficiently and effectively. Achieving equilibrium between the two ends of the spectrum is the best-case scenario when conducting a risk analysis, according to David Holtzman, CynergisTek Vice President of Privacy. Holtzman and Mac McMillan will present at HIMSS14 today at 10 a.m. on “Understanding Risk Analysis“.
HealthITSecurity.com asked Holtzman how new technologies such as virtual desktop infrastructure (VDI) or other virtualization technologies that can help take physical storage of data on devices out of the equation should impact organizations’ views on risk analysis. Holtzman explain that even though new technology requires a different set of considerations, the need for risk analyses remains the same.
# # #
Apple releases OS X 10.9.2 update, patches severe SSL bug
- By Adrian Kingsley-Hughes
- ZDNet News
- February 25, 2014
Apple has released OS X 10.9.2 update for all Maverick users, which, amongst other things patches the SSL bug in the operating system that could allow full transparent interception of HTTPS traffic.
This vulnerability not only affected Safari, but also other installed applications relying on an encrypted channel to the internet. However, third-party browsers such as Chrome and Firefox rely on different implementations of SSL/TLS, which means that they aren’t subject to the vulnerability.
The bug, which has apparently gone unpatched since iOS 6’s release in 2012, resides in a piece of open source code used by Apple.
Aldo Cortesi, CEO and founder of security consultancy firm Nullcube, claimed to have intercepted iCloud data, including KeyChain enrolment and updates, data from Calendar application, and traffic from apps that use certificate pining, such as Twitter.
# # #
First contagious WiFi computer virus goes airborne, spreads like the common cold
- By Giuseppe Macri
- The Daily Caller
Computer science researchers have demonstrated for the first time how a digital virus can go airborne and spread via WiFi networks in populated areas at the same pace as a human diseases.
The “Chameleon” virus, designed by a University of Liverpool team, showed a remarkable amount of intelligence by avoiding detection and breaking into personal and business WiFi networks at their weakest points — spreading at an alarming rate.
Network Security Professor Alan Marshall said the virus doesn’t try to damage or disrupt established networks — instead, the virus slips in unnoticed to collect the data and log-in information of all users connected to the network via WiFi, and seeks other WiFi networks through them — a much more subtle, sinister and dangerous objective.
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” Marshall said in a ScienceBlog report. “It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks — but we demonstrated that this is possible and that it can spread quickly.”
# # #
360 million newly stolen credential
s on black market: cybersecur ity firm
- By Jim Finkle
- February 25, 2014
A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access.
The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.
Alex Holden, chief information security officer of Hold Security LLC, said in an interview that his firm obtained the data over the past three weeks, meaning an unprecedented amount of stolen credentials is available for sale underground.
“The sheer volume is overwhelming,” said Holden, whose firm last year helped uncover a major data breach at Adobe Systems Inc in which tens of millions of records were stolen.
Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.
# # #
Marussia Formula 1 team’s race testing disrupted by Trojan malware
- By John E Dunn
- 25 February 2014
The Marussia Formula 1 racing team has admitted losing an entire day’s race testing in Bahrain last week after the computer systems used for in-car telemetry were disrupted by Trojan malware.
The UK-based Russian-sponsored team didn’t specify which Trojan caused the problems nor why it caused such a headache but the fact it was even mentioned suggests that the incident was significant.
“It started off with the first disaster, which was a computer Trojan-type virus in the racks, which cost us the best part of the day,” team principal John Booth told the motoring magazine Autosport. “That set the tone for the week.”
The team reportedly completed only 29 laps in the entire four days, the least of any team. Most of that was completed on day two when 17 laps were completed. The Trojan hit on day three which turned it into a write-off.
# # #
FTC: Identity theft is the plague of the country
- By Michael Cooney,
- Network World
- February 27, 2014
Network World – The Federal Trade Commission today issued its annual look at what consumers in the United States are complaining about the most.
And for the 14th consecutive year the winner, or loser really, for 2013 was identity theft, receiving over 290,000 or 14% of the agency’s 2 million overall complaints. Thirty percent of these incidents were tax- or wage-related, which continues to be the largest category within identity theft complaints, the FTC stated.
The identity theft totals were actually down from 2012 when the agency said it got 369,132 or 18%, of the complaints were related to identity theft. Of those, more than 43% related to tax- or wage-related fraud, the agency stated.
Florida has the highest per capita rate of reported identity theft and fraud complaints, followed by Georgia and California for identity theft complaints, and Nevada and Georgia for fraud and other complaints, the FTC noted.
The IRS recently included identity theft as its No.1 scam in its annual Dirty Dozen tax scams for 2014. In many cases, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund.
The Top 10 complaints are:
- Identity Theft
- Debt Collection
- Banks and Lenders
- Imposter Scams
- Telephone and Mobile Services
- Prizes, Sweepstakes, and Lotteries
- Auto Related Complaints
- Shop-at-Home and Catalog Sales
- Television and Electronic Media
- Advance Payment for Credit Services