CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Baby, it’s cold outside

Baby, it’s cold outside
September 25, 2015


Identity thieves have a new target: newborns. Bad guys know that their chances of being caught are slim, and since newborns don’t have a credit or financial history, they’re starting with a clean slate. They can do irreparable damage before anyone catches on. Parents should get a copy of their own credit reports and do the same for a newborn. A few months after birth, it may make sense to pull a credit report to make sure that no one applied for credit in the baby’s name. In addition, pay particular attention to any letters you receive for the newborn from banks and other institutions. It may be a sign that an identity thief is at work. Source: Hometown Life

Going behind Siri’s back

sh_pass code_280A video making the rounds claims to disclose an iOS 9 security flaw that bypasses a pass code-protected lock screen to grant access to a device’s photos and contacts. Jose Rodriguez’s proof-of-concept video of the procedure uses an apparent bug related to Siri lock-screen access and iOS 9’s five-attempt lockout policy. Under a specific set of circumstances, invoking Siri from an iPhone or iPad’s lock screen grants limited system access. Rodriguez confirmed that he does not own the iPhone used in the demonstration, nor were his fingerprints registered with Touch ID. AppleInsider independently confirmed the bypass’ validity in a series of tests. Only devices protected by four- or six-digit pass codes are vulnerable to attack, while those with long alphanumeric passwords remain unaffected. Source: AppleInsider

A case of healthy skepticism

A federal audit finds the government stored sensitive personal information on millions of health insurance customers in a computer system with basic security flaws. The Obama administration says it acted quickly to fix all the problems identified by the Health and Human Services inspector general. But the audit raises questions about the government’s ability to protect a vast new database. The $110 million system is called MIDAS, the central electronic storehouse for information collected under President Obama’s health care law. MIDAS doesn’t handle medical records, but it does include names, Social Security numbers, birth dates, and phone numbers of customers on Source: The Associated Press via U.S. News

Keep fit, or we’ll charge you more

sh_activity monitor_280A Swiss health insurer is considering setting premiums partly by customers’ fitness as gauged by personal activity monitors. Peter Ohnemus of Dacadoo, a company specializing in collecting health data, says that digital tools could be useful to insurers and could push people to take responsibility for their health. “There’s no solidarity if someone who does a lot of sports and takes care of their health has to pay the same high premiums as someone who smokes, drinks and drives, and does not play sports,” he said. The project from the Swiss insurance company, CSS, is tracking the steps taken by 2,000 participants to determine whether and how insurers can tailor their products to customers, which could imply that those who refuse to be monitored could face higher premiums. Source: AdAge

No matter what, they’re in the money

Despite stock-market turmoil and unease in the venture-capital community, cybersecurity companies are raising large sums from investors, whose appetite for high-tech defenses against cyber attacks is not expected to shrink even in a volatile market. In the latest example, Bit9 + Carbon Black, a company that detects and protects servers from threats, is raising a fresh round of funding. One investor estimates the company will raise approximately $50 million, on top of the roughly $120 million it already has raised. “Financial markets are supporting companies like us really well,” said Chief Executive Officer Patrick Morley. So far this year, the sector raised more than $2.3 billion globally, according to industry data, on a pace to top last year’s total, and it is expected to remain a hot spot for big-dollar financing deals even during an economic downturn. “One of the very few times a CEO is fired is when you are exposed to a security breach,” said Venky Ganesan, managing director at Menlo Ventures. “This will be the last thing cut on the budget because nobody wants to lose their job.” Source: Fortune

Health data could be in more places than you think

sh_online medical records_750Medical data is legally shared with more third parties than many Americans realize, said Ifeoma Ajunwa, an assistant professor of law at the University of the District of Columbia. Sensitive information about  prescriptions and conditions can bounce from one company to the next as part of routine billing or administrative processes. “Prescription databases … provide ample opportunities for invasions of privacy,” Ajunwa said. They also are prone to mistakes. The medical-data industry is projected to surpass $10 billion by 2020, according to McKinsey & Co. Obamacare penalizes health care providers that don’t shift to electronic records, and it funds statewide exchanges to share the records. The goal is that digitization eventually will allow patient information to quickly synchronize between pharmacies, doctors’ offices, hospitals and data suppliers, so that a person who normally picks up a medication in San Francisco could get the needed drug if she were to become ill in a Los Angeles emergency room. However, the emergence of shared medical records makes errors all the more dangerous because they can propagate more easily between providers. Source: Bloomberg Business

Spending up front really saves

While many government agencies are turning to virtualization to lower costs, savings could disappear with a single security breach. Enterprises pay an average of more than $800,000 to recover from a cybersecurity breach involving virtual infrastructure, according to a recent survey by Kaspersky Lab—twice as much as a recovery from physical infrastructure security breaches. The number is even higher—closer to $1 million when indirect costs such as staff training to prevent future attacks are included. Organizations tend to use virtual infrastructure for their most mission-critical or sensitive information. That means an attack on the virtual infrastructure is much more likely to result in the temporary loss of important data and an inability to operate core services, the report said. And many organizations erroneously believe a virtual infrastructure is safer than a physical one (42 percent). Only slightly more than half are fully prepared to deal with a virtual breach, or fully understand the risks. And just 27 percent have installed a security solution specifically for their virtual operations. Source: GCN

Now hear this: There is no Facebook ‘dislike’ button

sh_facebook_220Facebook CEO Mark Zuckerberg has said the social network will roll out a new button to let people express, in a single click, some sentiment other than “like.” Though he made it clear that the new, more empathetic button would not say “dislike,” people are calling it that—and they can’t wait to get it. Enter the scammers. Picking up on anticipation for a “dislike” button, a scam circulating on Facebook prompts users to click to “get newly introduced Facebook dislike button on your profile.” Showing up in people’s news feeds, the post claims the dislike button is an invite-only feature. It brings users to a page designed to look like it is branded by Facebook and instructs them to share the page, then send it to five groups to activate the button, according to Sophos security researchers said that clicking on the links brought them to two different scam sites, “neither of which had anything to do with Facebook, or a dislike button, and both of which wanted us to sign up by giving away personal information.” Source: CBS News Patch me up Cisco has pushed out its semiannual round of patches this week for IOS, the software the company uses for most of its routers and switches. Security advisories addressed four vulnerabilities, three of which could lead to denial of service situations, and another that could have let an attacker bypass user authentication. Cisco patches IOS in bundles, twice a year, in March and September. Source: CBS News

No man—or school—is an island

Holland College, on Prince Edward Island, Canada, says no confidential information was compromised after its website was hacked Thursday. The college’s usual website was replaced by a message from a group calling itself Blood Sec Hackers, saying the school had been warned and should update its security if it is really concerned about confidential information. IT manager Richard MacDonald said the website was quickly restored. “I’m very confident that no information was compromised,” he said. MacDonald said the school is working to identify the security vulnerability. Source: CBC News

Patch me up

sh_cisco-280Cisco has pushed out its semiannual round of patches this week for IOS, the software the company uses for most of its routers and switches. Security advisories addressed four vulnerabilities, three of which could lead to denial of service situations, and another that could have let an attacker bypass user authentication. Cisco patches IOS in bundles, twice a year, in March and September. Source: ThreatPost

The post Baby, it’s cold outside appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started