Bad guys target hurricane victims with fake insurance calls

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Scam­mers are using robo­calls to try to fleece sur­vivors of Hur­ri­cane Har­vey. The robo­calls tell peo­ple that their pre­mi­ums are past due and that they must send mon­ey imme­di­ate­ly or else have their flood insur­ance can­celed. “That is pure fraud. You should only be tak­ing infor­ma­tion from trust­ed sources,” said Roy E. Wright, direc­tor of the Nation­al Flood Insur­ance Pro­gram at the Fed­er­al Emer­gency Man­age­ment Agency. Saun­dra Brown, who han­dles dis­as­ter response for Lone Star Legal Aid in Hous­ton, described a typ­i­cal move by dis­hon­est con­trac­tors: They ask a sur­vivor to sign a con­tract for repairs on a dig­i­tal tablet, but when print­ed out, the bid is thou­sands of dol­lars high­er. Or the sur­vivor may have unwit­ting­ly assigned FEMA dis­as­ter aid over to the scam­mer. Source: The Wash­ing­ton Post

Pacemaker patients could be at risk for hack

Near­ly a half-mil­lion pace­mak­er patients could be at risk for cyber attacks thanks to a known secu­ri­ty vul­ner­a­bil­i­ty, accord­ing to an alert from the Food and Drug Admin­is­tra­tion. The FDA issued an alert regard­ing man­u­fac­tur­er Abbott Lab­o­ra­to­ries’ recall notice affect­ing six pace­mak­er devices. The FDA has issued safe­ty com­mu­ni­ca­tions recalls like this in the past, but this is the first to affect implant­ed devices, said Josh Cor­man, direc­tor of the Cyber State­craft Ini­tia­tive at the Atlantic Coun­cil. Abbott said it would issue updates to reduce the risk of its St. Jude heart implants being hacked and to warn patients that the devices’ bat­ter­ies may run down ear­li­er than expect­ed. Sources: FCW, Reuters

Some Instagram users’ phone numbers, emails exposed

Insta­gram, the 700 mil­lion-user pho­to-shar­ing ser­vice owned by Face­book, informed some users that hack­ers gained access to phone num­bers and emails of high-pro­file accounts. The attack came through Instagram’s API, or its soft­ware that allows oth­er sites and apps to con­nect with it. The com­pa­ny said the bug was fixed with­in a few hours of being iden­ti­fied. Source: CNet

Secretary of State confirms plans to close cybersecurity office

Sec­re­tary of State Rex Tiller­son has out­lined a reor­ga­ni­za­tion plan that would close the State Depart­ment office charged with pro­mot­ing U.S. cyber­se­cu­ri­ty inter­ests abroad. In a let­ter to Sen­ate For­eign Rela­tions Com­mit­tee Chair­man Bob Cork­er, R-Ten­nessee, Tiller­son con­firmed his pro­pos­al to elim­i­nate the posi­tion of cyber­se­cu­ri­ty coor­di­na­tor and fold the func­tions of the cyber office into a bureau in charge of busi­ness and eco­nom­ic affairs. Source: The Hill

Hackers steal 2 million CEX customers’ data

Hack­ers broke into the sys­tems of gam­ing store CEX and stolen the details of 2 mil­lion cus­tomers, includ­ing per­son­al infor­ma­tion and some finan­cial data. CEX, which sells sec­ond­hand elec­tron­ics and video games, said it was con­tact­ing 2 mil­lion cus­tomers of its WeBuy.com online shop who poten­tial­ly could have been affect­ed by the cyber attack. The infor­ma­tion stolen includ­ed names, address­es, email address­es and some phone num­bers, as well as a small num­ber of encrypt­ed cred­it card details. Source: The Tele­graph

Siemens partnership aims to protect automated equipment

Siemens is enter­ing into a glob­al part­ner­ship with the Inter­na­tion­al Soci­ety of Automa­tion to devel­op cyber-pro­tec­tion con­cepts for indus­tri­al plants. The glob­al tech­nol­o­gy com­pa­ny plans to share exper­tise in pro­tect­ing the automa­tion envi­ron­ment based on IEC 62443, the world­wide stan­dard for secu­ri­ty of the Indus­tri­al Automa­tion & Con­trol Sys­tems in the Oper­a­tional Tech­nol­o­gy domain of an orga­ni­za­tion. Source: Port Tech­nol­o­gy

DHS wants to strengthen cyber-product supply chains

The Home­land Secu­ri­ty Depart­ment is try­ing to alle­vi­ate con­cerns about where com­mer­cial cyber­se­cu­ri­ty prod­ucts are devel­oped. DHS is adding more rig­or to ven­dor sup­ply chains for a gov­ern­men­twide cyber­se­cu­ri­ty ini­tia­tive. Kevin Cox, pro­gram man­ag­er of the con­tin­u­ous diag­nos­tic and mit­i­ga­tion pro­gram at DHS, said an updat­ed sup­ply chain risk-man­age­ment plan should help agen­cies be more con­fi­dent in the cyber­se­cu­ri­ty prod­ucts and ser­vices they are buy­ing. Source: Fed­er­al News Radio

Spambot program exposes 711 emails, some passwords

A spam­bot com­put­er pro­gram, which har­vests email address­es to send spam mes­sages, has exposed 711 mil­lion email address­es and a num­ber of pass­words. Secu­ri­ty researcher Troy Hunt said it was the largest set of data he has ever uploaded to his site, “Have I Been Pwned?” The site allows peo­ple to enter their email or user­name to see if they have been com­pro­mised. “Just for a sense of scale, that’s almost one address for every sin­gle man, woman and child in all of Europe,” Hunt said. Source: NBC News

Aetna accidentally discloses some patients’ HIV status

Insur­er Aet­na inad­ver­tent­ly revealed the HIV sta­tus of some clients in a mail­ing about med­ica­tion for the dis­ease sent to about 12,000 peo­ple. The begin­ning of the let­ter, inform­ing patients about options under their Aet­na plan when fill­ing their HIV pre­scrip­tions, was in some cas­es vis­i­ble below the person’s name and address on the enve­lope, through a large plas­tic win­dow. The insur­er, which informed cus­tomers of the breach in a sec­ond let­ter and apol­o­gized, said a ven­dor, which it didn’t iden­ti­fy, was respon­si­ble for the July 28 mail­ing. Source: Time mag­a­zine

Soccer team Real Madrid’s Twitter account hacked

Real Madrid’s offi­cial Twit­ter account was hacked, with a false post wel­com­ing Lionel Mes­si to the club on their feed. Days after Barcelona’s account was tak­en over by hack­ers Our­Mine, which announced Angel Di Maria had joined the club as a hoax, the group was at it again. A post on Real’s Twit­ter said: “Benvingut Mes­si! B!Bienvenido Mes­si! Wel­come Mes­si! Bien­v­enue Mes­si! £Messi.“The post went viral, with over 27,000 retweets in 45 min­utes. Source: The Inde­pen­dent

Uber backs off plan to track users after they get out of cars

Uber will reverse a con­tro­ver­sial deci­sion to col­lect users’ loca­tion infor­ma­tion after their trip ends. Chief secu­ri­ty offi­cer Joe Sul­li­van said the com­pa­ny would restore the abil­i­ty of users to share loca­tion data only when they are using the Uber app. The post-trip track­ing fea­ture was enabled by Uber last Novem­ber, after an app update asked users to choose between being tracked always or nev­er, instead of the pri­or abil­i­ty to share loca­tion only “when using the app.” Users select­ing “nev­er” would have to man­u­al­ly enter all their pick-up and drop-off locations—meaning opt­ing out of the fea­ture result­ed in a sig­nif­i­cant­ly degrad­ed user expe­ri­ence. Source: Tech Crunch

Software upgrade at hospital results in breach of patients’ data

As many as 8,862 peo­ple may have had their per­son­al infor­ma­tion com­pro­mised because of a data breach at Sil­ver Cross Hos­pi­tal in New Lenox, Illi­nois. Sil­ver Cross dis­cov­ered in June that some patient infor­ma­tion may have leaked onto the inter­net after a ven­dor that man­ages parts of its web­site upgrad­ed its soft­ware. The upgrade may have recon­fig­ured some secu­ri­ty set­tings, result­ing in the breach. Source: Chica­go Tribune

Selena Gomez, Justin Bieber latest celebrities to be embarrassed in hack

 Sele­na Gomez’s Insta­gram account was hacked, and used to post nude pic­tures of her ex-boyfriend Justin Bieber. The account was quick­ly shut down, and then rein­stat­ed after remov­ing the explic­it images. Source: CBS News