TweakTown NewsRefine News by Category:
Following a data breach suffered by Rady Children's Hospital in June 2013, a mother has filed a lawsuit against the company related to a security breach that led her daughter's medical records to be exposed.
The Rady data breach occurred when an employee emailed a spreadsheet containing patient admittance records from July 1, 2012 to June 30, 2013 to four job applicants. The records included patient names, birth dates, primary medical diagnoses, medical record numbers, insurance carrier information, and admittance and discharge dates.
"This is not one or two records dropped in the parking lot," said David A. Miller, an attorney representing the mother, in a statement to the media. "The people they gave this information to didn't even work there. They were job applicants."
USB portable data storage company Kanguru has released an unencrypted USB 3.0 flash drive, utilizing onboard trusted firmware that defends against malicious firmware-based attacks. The drive has read speeds up to 230MB/s with 85MB/s write speed, Kanguru noted. Storage capacities range in size: 8GB, 16GB, 32GB, 64GB and 128GB, with a starting price of $29.95 for the 8GB drive. The flash drive also has a strong aluminum housing to keep it safe from any significant external damage.
"Our Kanguru Defender series of secure, hardware encrypted USB drives is immune to a potential attack like 'BadUSB' because of the digitally signed secure firmware," said Nate Cote, Kanguru EVP, in a press statement. "With the release of the new Kanguru FlashTrust, we now offer this same level of firmware protection to the multi-billion dollar market segment of unencrypted USB device users."
As many users and business workers rely on flash drives, there has been an increase in secure flash drives - IronKey, Kingston secure USB flash drives, Imation Defender, Kanguru, and the Apricorn Aegis secure key, among others. There is a good selection of secure products that can be chosen, using various security protocols to keep data safe.
Amobile Spy recently launched the iKeyMonitor Android Spy App, a custom app designed to help parents track what their children do using their smartphones.
The app has the ability to log passwords and keystrokes, monitor WhatsApp message recording, Web history tracking, capture screenshots, log email reporting and 2-side SMS/call logging. The keylogger monitors everything from Facebook, Twitter, Gmail, Skype, Yahoo Messenger and other popular social media or communication apps.
"iKeyMonitor Android Keylogger offers simple, secure, and secret ways to record the activities on Android devices with incredible monitoring features," said Kyle Davis, Amobile Development Department Manager, in a press statement. "We're also giving users smart features to review the logged data remotely."
A new Chinese malware infected more than 75,000 jailbroken Apple iPhones, with the malware hijacking 22 million advertisements. AdThief, also known as Spad, is the iOS malware and was able to covertly operate around four months - and only works on jailbroken devices. Although originally found by researcher Claud Xiao in March, Fortinet senior mobile researcher Axelle Apvrille took a closer look at AdThief.
Operating on 15 different mobile adkits, the malware changed a developer or affiliate ID so the attacker would collect the revenue. Eight of the adkits are Chinese, and jailbreaking devices is a rather common technique among Chinese consumers. Security experts continually warn users that jailbroken smartphones and tablets pose significant threats to users.
The Chinese hacker, known as Rover12421 did contribute to the code, but denied saying he or she is behind the entire project.
Newer generations of malware are finding their way to virtual machines - and instead of fleeing like before - are still executing when on VM. At least 70 percent of companies plan to utilize server virtualization by the end of 2015, so malware reaching the virtual machines could prove problematic.
In a study of 200,000 malware samples, analyzed on both VM and non-VM machines by Symantec, only 18 percent wouldn't operate on a virtual machine.
"The host server, as well as any virtual machine running on it, needs to be protected against malware," said Liam O'Murch, Symantec Security Response researcher, in a statement to SCMagazine. "To achieve this, advanced malware protection with proactive components that go beyond the classical static antivirus scanner needs to be in place. This can be agentless on the hypervisor or in the guest image themselves."
Suspected foreign-based cyberattackers hit the Tuscaloosa Police Department earlier in the week, disrupting phone lines at the Alabama station for a short time. The distributed denial-of-service (DDoS) attack took place 5:30 p.m. local time on Tuesday, with the phone system slammed by irrelevant phone calls.
Cyberattacks are not uncommon, but are highly disruptive when they hit police and emergency responders. The TPD is working with federal authorities and will no longer allow blocked numbers or international phone numbers to dial non-911 administration lines. The changes will have no impact on 911 emergency lines reaching the call center, officials noted.
Another local business received up to 184 phone calls in a short time before unplugging the phone - with the caller reportedly saying they were trying to collect a debt.
An unnamed 19-year-old software engineering student, identified only as "Li," was arrested just 17 hours after his "Heart App" Google Android malware infected more than 100,000 phones. The malware was able to spread so quickly by relying on the contact lists of compromised devices, with users downloading the fake app, which then sent out a text urging users to download the app as well.
Chinese wireless carriers were quick to block more than 20 million infected messages from being sent out to new users. The 19-year-old will be identified following completion of the investigation by Shenzhen police, where the student went for vacation. It seems the custom malware was designed just as proof of his ability to write code.
To uninstall the malware, Sophos recommends the following: head to Settings | Apps | Downloaded and uninstall XXshenqi app.
Although the U.S. government is desperate to improve its own cyber defense ability, the NSA already has sophisticated cyberwarfare tools at its disposal. A custom program is able to track down cyberattacks from foreign-based criminals, and then can respond with an attack in an automated fashion without a security specialist present.
Dubbed "MonsterMind," the NSA uses the software to identify traffic patterns - likely from Eastern Europe and China - able to block attacks from damaging U.S. infrastructure and automatically respond against attackers.
"The government has used excessive secrecy to prevent real debate over the wisdom and legality of many of its most sweeping surveillance programs," said Alex Abdo, ACLU staff attorney, in an email to ComputerWorld. " This newly described program is just another example of that secrecy. If the government truly is scanning all internet traffic coming into the United States for suspicious content, that would raise significant civil liberties questions."
New "security intelligence" has led Manchester United to ban tablets and laptops from the Old Trafford stadium located in Old Trafford, Greater Manchester. Greater Manchester Police will not be involved in the ban, and includes both smaller and larger tablets. Smartphones that are 5.9" x 3.9" or smaller will still be allowed into the arena without a problem.
Stadium officials noted it would be "impractical" for each fan to power up tablets and laptops as they enter the arena - unlike at airports, where passengers will be able to quickly show that they have a legitimate electronic device.
The first two quarters of 2014 again revealed cyberthreats, data breaches and high-risk cyber vulnerabilities that companies struggle to keep up with, according to a new report from security firm Trend Micro.
Consumers face issues such as data theft of customer names, passwords, email addresses, home addresses, phone numbers, and birth dates. Cybercriminals are finding ways to steal this type of information directly from consumers, or compromising companies.
"Organizations must treat information security as a primary component of a long-term business strategy rather than handling security issues as a tertiary, minor setbacks," said Raimund Genes, Trend Micro CTO, in a press statement. "Similar to having a business strategy to improve efficiency, a well-thought-out security strategy should also improve current protection practices that achieve long-term benefits. The incidents observed during this quarter further establish the need for a more comprehensive approach to security."