4.5 Million Patient IDs Compromised in Hospital Hack

One of the country’s biggest hospital operators, Community Health Systems, on Monday announced that its computer network was the “target of an external, criminal cyber attack” which saw the compromise of patient identification data for “approximately 4.5 million individuals.”

The attacker or attackers are believed to have originated in China, according to Community Health Systems and its IT security contractor, Mandiant.

Community Health Systems, which operates more than 200 hospitals in the United States, revealed the breach in a Form 8-K filing with the U.S. Securities and Exchange Commission.

The hack of the computer network occurred in July, the publicly traded company said. Data stolen in the breach “did not include patient credit card, medical, or clinical information,” Community Health Systems said, but did include “patient names, addresses, birthdates, telephone numbers, and social security numbers,” which are protected under the Health Insurance Portability and Accountability Act (HIPAA).

Community Health Systems said Mandiant, serving as the company’s forensic expert for the breach, believed “the attacker was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack the company’s systems.”

Source:
http://www.pcmag.com/article2/0,2817,2463242,00.asp?kc=PCRSS03069TX1K0001121

Posted in Internet, Privacy, Security | No Comments

Yes, Google Maps is tracking you. Here’s how to stop it

Google is probably logging your location, step by step, via Google Maps.

Want to see what kind of data it has on you? Check out Google’s own location history map, which lets you see the path you’ve traced for any given day that your smartphone has been running Google Maps.

In the screenshot above, it shows some of my peregrinations around Paris in June of this year.

This location history page has actually been available for several years, since Google first rolled it out as part of Latitude, its now-defunct location-sharing app. Cnet noticed it in December, 2013, TechCrunch picked it up a few days later, and now Junkee.com noticed it last week.

We’re highlighting it again because it’s trivially easy to turn off Google Maps location-tracking, if you want to.

In fact, I checked the location history page this morning and had difficulty finding any location data at all, because I’ve had location tracking turned off for months, with a few exceptions.

Source:
http://venturebeat.com/2014/08/17/yes-google-maps-is-tracking-you-heres-how-to-stop-it/

Posted in Internet, Mobile, Privacy, Software | No Comments

NSA-Proof “Blackphone” Gets Rooted Within 5 Minutes

Source:
http://thehackernews.com/2014/08/nsa-proof-blackphone-gets-rooted-within_11.html

Posted in Hardware, Mobile, Privacy, Security | No Comments

Click Fraud Malware Found Lurking Inside Image Files

Researchers have discovered click fraud malware designed to “hide in plain sight” and evade traditional security tools by embedding data into an image file.

Lurk is a downloader which uses digital steganography – the art of hiding information in images, audio or video files, according to a Dell SecureWorks Counter Threat Unit (CTU) Threat Intelligence paper by Brett Stone-Gross.

“Lurk specifically uses an algorithm that can embed encrypted URLs into an image file by inconspicuously manipulating individual pixels. The resulting image contains additional data that is virtually invisible to an observer,” he wrote.

“It is unlikely that existing IPS/IDS devices could detect data that is concealed with digital steganography. As a result, Lurk may be able to evade network defenses and hide in plain sight.”

Lurk is comprised of two parts – a dropper DLL and a payload DLL, with the former’s main job being to extract and load the latter, he added.

Once the main payload DLL executes, it checks the victim computer for 52 different security products and apparently won’t install if it discovers one of 21 specific products.

Source:
http://www.infosecurity-magazine.com/news/click-fraud-malware-inside-images/

Posted in Internet, Privacy, Security | No Comments

Microsoft increases IE security, starts blocking old ActiveX controls

As part of Microsoft’s ongoing effort to improve the security of its Internet Explorer browser, the company has started blocking outdated ActiveX plugins from being enabled.

ActiveX controls have been a feature of Internet Explorer for a very long time and help in enabling interactive content through the browser. Most third-party plugins such as Adobe Flash and Java make use of ActiveX to present content. However, it has been observed that these controls often have security vulnerabilities which can be exploited by hackers. Recently, Microsoft has started working on making IE secure and is now shifting its focus towards third-party plugins which can compromise the browser.

According to Microsoft, Java exploits comprised 84.6% to 98.5% vulnerabilities throughout 2013. Although, the plugins have been updated to fix the vulnerabilities, users sometimes ignore the updates, leaving the system at risk.

Source:
http://www.neowin.net/news/microsoft-increases-ie-security-starts-blocking-old-activex-controls

Posted in Internet, Security, Windows | No Comments