CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

More than 1 billion Androids could have bad case of Stagefright

More than 1 billion Androids could have bad case of Stagefright
October 2, 2015

sh_google android _750

Two new critical vulnerabilities in Google’s mobile operating system put more than a billion Android devices at risk of being hacked, meaning “almost every Android device” is affected, from Android version 1.0 to the latest version 5.0, also known as “lollipop,” security researchers said Thursday. Attackers trick users into going to websites that host malicious MP3 or MP4 files. Once a victim previews an infected multimedia file, which commonly packages music or video, that person’s machine can be compromised. The issue involves how Android processes the files’ metadata through a media playback engine named Stagefright. Google says the company already has patches in the queue. Source: Fortune

Calling on T-Mobile customers to watch out

sh_T-Mobile_280Global information services group Experian said one of its business units has been hacked, on a server that contained data on behalf of one of its clients, T-Mobile. The data includes personal information for about a total of 15 million customers and credit applicants in the United States. The company said the incident did not affect its own consumer credit database. In a letter to consumers, T-Mobile CEO John Legere said: “Obviously, I am incredibly angry about this data breach, and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.” Legere also said customers can sign up for two years of free credit monitoring and identity resolution services at Experian’s “Protect My ID” program. Experian said it secured the server, initiated a comprehensive investigation, and notified U.S. and international law enforcement. The data stolen included names, birth dates, addresses and Social Security numbers. No payment card or banking information was acquired, the company said. Source: CNBC

We like our tech; we hate our loss of privacy

An Allstate/National Journal Heartland Monitor poll looking at the impact the digital revolution has had on American’s lives, 39 percent of respondents said that the ability to access information from anywhere has made their lives better. They also cited the ease of working outside of the office and staying in touch as positive outcomes of the digital revolution. Two of the most visible ways that technology has permeated American culture—online shopping and entertainment-streaming services—were amenities Americans cared much less about, with only 7 percent of respondents saying these advances had improved their lives. But there was one thing they were resoundingly negative about: the loss of their privacy. Many questioned whether technology brought the world to their doorstep at the cost of protecting their most essential information. Source: The Atlantic

You do the crime, you do the time

sh_go to jail_280A Raleigh, N.C., man has been sentenced to 12 years in prison on charges of conspiracy to file false claims and identity theft. A Justice Department statement said Christian Rhodes also was ordered to pay more than $1 million in restitution to the Internal Revenue Service. Rhodes pleaded guilty on May 11 to one count of conspiracy to file false claims and one count of aggravated identity theft. Court documents and statements say Rhodes and other co-conspirators recruited individuals to provide personal information, which they used to prepare false federal individual income tax returns. Source: WTVD, Raleigh-Durham, N.C.

That Windows weirdness is nothing to worry about

A suspicious-looking patch in a Windows Update on Windows 7 this week had many assuming that it must have been hacked. Microsoft has confirmed that the platform hasn’t been compromised in any way—but it also admitted that the appearance of the update was due to an error on its part. The update was dated Oct. 1, around 4.3MB in size, and rated “important.” Microsoft said the company had “incorrectly published a test update,” and that it was working to remove it. It’s believed that the patch was delivered only to consumer editions of Windows 7, but it’s not clear exactly how many users saw it. Source: NewWin

When the repair goes terribly wrong

sh_auto repair_280An automotive security researcher is calling attention to a potential inroad into a car’s vulnerability: the auto dealerships that sell and maintain those systems. At the Derbycon hacker conference, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics. Smith’s invention, built with about $20 in hardware and free software, is designed to seek out and help fix bugs in dealership tools that could transform them into a method of hacking thousands of vehicles. If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership’s testing equipment, which would spread the malware to every vehicle the dealership services, attacking critical driving systems such as transmission and brakes, Smith said. Source: Wired

Insurance companies not keeping up

The cyber risk insurance market is developing rapidly, with the rise of global gross written premiums from $850 million in 2012 to an estimated $2.5 billion in 2014, says a report from Timetric. Growing cyber attacks and the increasing reliance of businesses on technology for operational capabilities and storing data are responsible for the traction the cyber risk insurance market is gaining. But insurance firms are responding slowly to this rising demand. “Total global losses from cyber crime stood at $445 billion as of June 2014. With governments becoming increasingly involved in cyber threats, the prospect of compulsory cyber risk insurance could become a reality. It would have a transformative impact upon the market and could create a strong source of future revenues for non-life insurers,” says Jay Patel, insurance analyst at Timetric. Source: PropertyCasualty360

Russians phished for Clinton emails

sh_phish_280Russia-based cyber criminals attempted to hack into Hillary Clinton’s private email server on at least five occasions while she was serving as secretary of state, according State Department emails. The former first lady received multiple phishing emails disguised as speeding tickets in August 2011; it hasn’t been confirmed whether she clicked on the attachments, though the phishing attempts were not sophisticated. Recipients were instructed to print the doctored traffic citation, sent from a fake government account, allowing cyber spies to gain full computer access. “We have no evidence to suggest she replied to this email or that she opened the attachment,” Nick Merrill, a spokesman for Clinton’s Democratic presidential campaign said. “As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.” Source: Daily Caller

Down to the wire

FXCM—an online foreign exchange market broker—said a cybersecurity breach in its systems led to a “small number” of unauthorized wire transfers from customer accounts. In a statement, FXCM said funds were returned to the compromised accounts and the customers were notified. The hacker reportedly sent an email to the foreign exchange broker claiming it had access to customer information. FXCM added that it notified the FBI of the cyber attack, and that it launched its own “full investigation … with a leading cybersecurity firm.” The FBI said the bureau was “aware of the incident and is investigating.” Source: Deutsche Welle

Spackle won’t cover this problem

sh_Home Depot_280The September data breach of Home Depot last year is being used as an example of the astronomical expenses attached to cyber risk, at a time when few insurers are prepared to cover it. According to data released by the retailer, the breach already has cost Home Depot $232 million and is anticipated—by some accounts—to reach into the billions before the episode is done. Much of this is driven by lawsuits, filed by small community banks and credit unions. These lawsuits accuse Home Depot of ignoring warnings from security experts that its computer systems were vulnerable to attack, prior to the theft of approximately 56 million sets of credit and debit card data. Ostensibly, Home Depot’s cyber insurance policy would offset a large portion of these costs. A regulatory filing submitted by the retailer, however, reveals that only $100 million of the breach was covered by insurance. Source: Insurance Business America

From the tool box

Silent Circle has released Blackphone 2, the only mobile phone designed for “privacy without compromise.” Blackphone uses an operating system that is backward compatible with Android, called Silent OS. This means it is capable of running any Android native apps, and comes prepackaged with the Google Play Store. Silent Circle implemented an identity management system that is intended to create strong and clear boundaries between what information apps can access. Building on the idea of giving users full control over their devices and data, Blackphone 2 comes with a Security Center that allows them to choose which resources a given app has permission to access. Source: The Coin Telegraph




The post More than 1 billion Androids could have bad case of Stagefright appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started