WhatsApp, the popular instant messaging app announced a hack and the exposure of a security flaw this week. The flaw injected malware onto users’ phones, potentially exposing their otherwise encrypted data and messages. WhatsApp allows users to instant message and make phone calls throughout the world. The app features described on its website include simple, … Continue Reading
I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support … Continue Reading
So this week’s blog article takes a page from my very own “smart” home devices. Monday morning at about 3:42 a.m. our entire household woke up because every “smart” lightbulb in the house came on at the same time! It was a bit distressing and once we got up and shut off all the lights, … Continue Reading
Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading
Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 … Continue Reading
The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading
Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading
California lawmakers have taken the lead in trying to address privacy and security issues with Internet of Things (IoT) devices (which we have been writing about for years), by passing the country’s first IoT security bill, which is now headed to Governor Brown’s desk for signature by September 30. One of the issues addressed by … Continue Reading
Data breaches continue to plague the health care industry, and July 2018 was the worst month so far this year in the number of data breaches reported to the Office for Civil Rights (OCR). Thirty-three data breaches were reported by covered entities and business associates in July, with the largest one reported by UnityPoint Health, … Continue Reading
We reported last week that a spyware maker compromised users’ and victims’ sensitive information [view related post]. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its product to “spy” on their partners and children, has reportedly leaked the passwords, call logs, text messages, location data, … Continue Reading
An old trick is coming back and working. It is a wire fraud scheme targeted at homeowners instead of businesses, and it is happening at an alarming rate. Here’s how it works: An individual is in the process of purchasing a home. Most of the communication in real estate transactions these days is done via … Continue Reading
It has been reported that a hacker was able to break into the servers of TheTruthSpy, a company that is described as “one of the most notorious stalkerware companies out there” (Motherboard, August 2018) and was able to steal logins, audio recordings, text messages, and pictures of victims. Motherboard has issued a series of stories that … Continue Reading
In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
Bithumb, located in South Korea and ranked the seventh largest cryptocurrency exchange, has confirmed that it was hacked and that the thieves absconded with approximately $32 million in coins, including the XRP token issued by Ripple. Following the hack, the exchange stopped processing cryptocurrency deposits and withdrawals and moved assets offline. Bithumb has reported that … Continue Reading
As a frequent traveler, both personally and professionally, this bit of research unnerved me. Of course, it makes sense when you think about it, and none of us should be surprised, but it is a good reminder for those of us who are on the road a lot. Security researchers at F-Secure in Finland report … Continue Reading
In what is being called a systematic targeting of large health care organizations, pharmaceutical companies, and IT companies and equipment manufacturers that service the health care industry, Symantec has reported that a new hacking group, dubbed “Orangeworm,” is carefully selecting its targets and strategy prior to launching an attack. According to Symantec, the hackers have … Continue Reading
Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading
Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked. The statement says that Orbitz uncovered evidence earlier … Continue Reading
The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading
Oklahoma State University Center for Health Sciences (OSUCHS) has notified 279,865 patients that their protected health information may have been compromised as a result of a hacking incident. OSUCHS has determined that an unauthorized individual gained access to its system housing Medicaid billing information on November 7, 2017, but it is unable to determine whether … Continue Reading
Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016. The report analyzed the self-reporting database of the Office for Civil Rights (OCR) … Continue Reading
The Federal Bureau of Investigation (FBI) issued a warning to parents in the past about the concerns with connected toys. Many parents recently bought the newest gadgets for their kids over the holidays, without realizing the capabilities of these toys to collect, maintain, sell and use personal information. As I chat with people about the … Continue Reading
