healthcare.jpg

Healthcare hacks should have everyone’s full attention where there have been 111,802,842 victims of exposed health-related records so far in 2015. In other news, malware seem to be getting thirsty for a twist of PoS dropping to the bottom of the glass of the food and beverages industry. Malware is also taking a bite into Apple’s premadonna’s image with the advancement of sophisticated malware having the ability to tamper with Mac’s secure infrastructure.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

 

Healthcare Breaches

The U.S. Department of Health and Human Services Office for Civil Rights is required by the HIPAA to publish any breaches containing unsecured protected health information that affect 500 or more people.

Why is this signficant?

  1. This published report, indicates that even if there is not a press release acknowledging healthcare breach/es, this report gives clarity to the number of occurrences that actually transpire.
  2. The format of this report is very comprehensible with frequent updates and has records of breaches starting from Oct. 2009.
  3. In 2015, Motherboard points out that there were 55 healthcare breaches affecting 111,802,842 victims

Receive the full data on HHS' breach portal

 

Malware

The owner of the restaurant chain, Elephant Bar, stated that there was a security breach in their PoS systems.  Elephant Bar’s payment card services was infected with a malware that affected many of its locations in seven states. 

Why is this signficant?

  1. The breach went undetected from Aug. 12 and Dec. 4, and forensics regarding the scope of the breach is still ongoing.           
  2. The malware has been removed, but the investigation continues and has narrowed the breach down to twenty nine locations spanning across seven states.
  3. Customers that  dined at Elephant Bar within this time period are encouraged to verify the locations that were affected.

Read the full story on SC Magazine

Apple’s reputation of having high security walls, too high in recent years for threat actors to penetrate are now in jeopardy of malware reaching their OS X’s according to Symantec’s latest report.

Why is this signficant?

  1. The Symantec  files from 2006-2011 indicated OS X had one to seven new threats annually and the updated report from 2011-present Symantec have recorded an increase to fifteen threats per year. 
  2. Mac users are falling victim to adware and Potentially Unwanted Applications (PUAs) as the most detrimental.

  3. In March 2015, Symantec detected over 600,000 installations of corrupt software.  Since March, the number of corrupted software has stood still at more than 150,000 a significant increase from what was reported in 2014. 

Read the full story on Laptop Mag

Vulnerabilities

A critical vulnerability appearing in various Anti-Virus (AV) products has the potential to turn the Anti-Virus to an attack-enabler tool. 

Why is this signficant?

  1. Microsoft places several measures in Windows to mitigate the exploitation of vulnerabilities. A couple of such mitigations are Address Space Layout Randomization (ASLR) which randomizes the address space layout  to prevent an attacker from making assumptions about the address space layout of a process when developing an exploit; and Data Execution Prevention (DEP) which prevents attackers from being able to execute data as if it were code.
  2. Anti-virus companies, however, allocated memory regions in predictable addresses – and gave them Read, Write and Execute (RWX) permissions. By allocating memory in such a way, they rendered Microsoft’s mitigations useless.
  3. This memory allocation is performed for various user-mode processes belonging to third parties such as browsers and Adobe Reader. Without this type of vulnerability, a threat actor would need to take several complicated steps, from the moment it triggers a vulnerability in one of these third party products until actually achieving full compromise of the underlying Windows systems. However, by leveraging anti-virus, or other intrusive products, vulnerable to exploitable constant RWX addresses, the threat actor is removed from the excessive efforts required to take complete control of the victim’s system.

Read the full story on enSilo's blog