Menu
The Tech News Blog

August 18, 2014

4.5 Million Patient IDs Compromised in Hospital Hack

Security Password Hack One of the country's biggest hospital operators, Community Health Systems, on Monday announced that its computer network was the "target of an external, criminal cyber attack" which saw the compromise of patient identification data for "approximately 4.5 million individuals."

The attacker or attackers are believed to have originated in China, according to Community Health Systems and its IT security contractor, Mandiant.

Community Health Systems, which operates more than 200 hospitals in the United States, revealed the breach in a Form 8-K filing with the U.S. Securities and Exchange Commission.

The hack of the computer network occurred in July, the publicly traded company said. Data stolen in the breach "did not include patient credit card, medical, or clinical information," Community Health Systems said, but did include "patient names, addresses, birthdates, telephone numbers, and social security numbers," which are protected under the Health Insurance Portability and Accountability Act (HIPAA).

Community Health Systems said Mandiant, serving as the company's forensic expert for the breach, believed "the attacker was an 'Advanced Persistent Threat' group originating from China who used highly sophisticated malware and technology to attack the company's systems."

The intruder or intruders behind the attack is known to federal authorities, according to Community Health Systems.

"The company has been informed by federal authorities and Mandiant that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data," the SEC filing said.

However, the July intrusion focused on "non-medical patient identification data related to the company's physician practice operations," Community Health Systems said.

Attorney Nick Akerman, a partner at international law firm Dorsey and Whitney with a specialization in computer crimes, said the scope of the breach was very concerning.

"The danger here is not only in the patient's privacy but the fact that they could be victims of identity theft because of the credit card information that was stolen," Akerman said. "It is unlikely that the Chinese hackers care about the health information. What is key is the financial information on the patients."

Community Health Systems said it was "providing appropriate notification to affected patients and regulatory agencies." The company said it has finished removing the malware installed by the attackers in its computer systems and was working with Mandiant on other remediation and preventative measures to avoid future intrusions.



August 15, 2014

Report: Apple to Store User Data on Chinese Servers

China flag Apple has reportedly moved the personal data of some of its Chinese users onto servers stored in the country.

The move is noteworthy since a number of tech companies have avoided storing data in China because of censorship and privacy concerns, Reuters said.

But Apple wants to move customers' data closer to the actual customers, in the hopes of improving the speed and reliability of its iCloud service, where folks store content like documents, photos, and emails.

To do so, it has teamed up with China Telecom, the country's third-largest wireless carrier, to keep data inside the country.

"Apple takes user security and privacy very seriously," Apple told Reuters. "We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland China."

All user data is encrypted, Cupertino explained, adding that even China Telecom does not have access to content stored on its servers. An anonymous source confirmed to Reuters that Apple's encryption keys will be kept offshore and not made available to China Telecom.

"After 15 months of stringent tests and evaluation … China Telecom has become Apple's only cloud service provider in China," the company said in a statement, published by The Wall Street Journal.

Neither Apple nor China Telecom immediately responded to PCMag's request for comment.

This announcement comes after a July dispute, which began when China Central Television (CCTV) called the iOS 7 "frequent locations" function a "national security concern." Apple denied the charges, but Chinese officials later dropped 10 Apple products from its approved government procurements list.

Tagged as: , , ,


August 7, 2014

Report: Chinese Government Drops Apple Products Over ‘Security Concerns’

Apple logo Apple's inroads into China may have suffered a setback with the reported exclusion by Beijing of iPads, MacBooks, and other Apple products from approved government procurement lists.

Ten products made by Apple, including the "iPad, iPad Mini, MacBook Air, and MacBook Pro," were "omitted from a final government procurement list distributed in July, according to officials who read it and asked not to be identified because the information isn't public," Bloomberg reported on Wednesday.

Notably absent from Bloomberg's partial list of products purportedly banned for public purchase in China was the iPhone.

The news comes just days after antivirus vendors Symantec and Kaspersky were reportedly dropped from China's approved roster of software suppliers for government purchases.

In May, Beijing reportedly banned Microsoft's Windows 8 operating system on government PCs.

The Bloomberg report cited unnamed Chinese government sources as saying "security concerns" were the reason for the removal of Apple products from the ranks of computer products which can be purchased with public money in China. Sources discussing the reported ban of Symantec and Kaspersky products also pointed to Beijing's concern over electronic security in the aftermath of former NSA contractor Edward Snowden's revelations about U.S. spying.

Symantec and Kaspersky have both denied that their products had been "banned" by China. Apple has yet to comment on the report about its products.

The Chinese government also had a run-in this week with another U.S. tech giant, Microsoft, reportedly telling Redmond not to interfere in its anti-trust investigation of the software giant. Last month, Chinese government officials showed up unannounced at Microsoft offices in China as part of that probe.

Apple, meanwhile, has appeared in recent months to be progressing steadily in its agenda of opening up more of the massive, lucrative Chinese market to its products. As Bloomberg noted, about some 16 percent of Apple's $37.4 billion in revenue from its last fiscal quarter were generated by sales in China.

This after CEO Tim Cook, the first Apple chief executive to personally visit China, spent a good chunk of 2013 courting the country's largest carrier, China Mobile, an effort that culminated in the long-awaited launch of the iPhone on China Mobile plans in January.

Apple also does a tremendous amount of business with Asian contract electronics manufacturers like Foxconn which run factories in mainland China where iPhones, iPads, and other Apple products are built.



July 23, 2014

WSJ Computer Systems Offline After Hack

What to Expect When You've Been Hacked

The Wall Street Journal's new computers were taken offline this week following an attack by outside parties, according to publisher Dow Jones & Co.

There are no reports of damage or tampering with news graphics database housed on the hacked computers.

"We are investigating an incident related to wsj.com's graphics systems," a Journal spokeswoman said in a Tuesday announcement. "At this point we see no evidence of any impact to Dow Jones customers or customer data."

The hacker, who goes by the name w0rm, boasted about the attack via Twitter, writing "wsj.com #hacked" with a screenshot of his work.

According to the Journal, w0rm claims to be selling user information, as well as the credentials necessary to control the server. That, according to IntelCrawler CEO Andrew Komarov, would allow buyers to "modify articles, add new content, insert malicious content in any page, add new users, delete users and so on."

The LA-based cybersecurity firm was the first to bring the hack to the Journal's attention, confirming the ability to access any database on the wsj.com server. Komarov's team has been monitoring the alleged attacker, whose former alias was Rev0lver.

The Journal did not immediately respond to a request for comment.

W0rm also claimed to have hacked other media organizations, including Vice Media, which assured PCMag that the issue—a security exploit used to access a list of vice.com content management systems— was "minor." The exploit has since been patched and passwords reset.



July 21, 2014

XP Users Can Still Get Effective Antivirus Protection

XP Users Can Still Get Effective Antivirus ProtectionAs of April this year, Microsoft officially ended support for Windows XP. Those still using XP won't get any more security patches. Well, there was one in May for an egregious Internet Explorer bug, but that's not likely to happen again. An XP system without antivirus protection is a sitting duck, ripe for attack. On the plus side, the latest test results from AV-Test Institute show that many popular security products remain quite effective under XP.

Three-Part Test
AV-Test regularly releases lab test results organized into three categories: protection, performance, and usability. Products can earn up to six points in each category, in half-point increments, with a maximum possible score of 18 points. In order to receive certification, a product must achieve a total of ten points, with no category score below one point.

To measure protection, AV-Test researchers install each antivirus on a clean system and then expose that system to malware in a variety of ways. For testing, they use both very new zero-day malware and a collection of very widespread malware. Quite a few products managed 100 percent protection in both parts of this test. A few clunkers dragged down the overall average to 97 percent for zero-day samples and 98 percent for widespread samples. Microsoft Security Essentials (included as a baseline) and AhnLab both turned in scores below 80 percent protection.

Nobody wants antivirus protection at the expense of system performance. AV-Test's team measures how long it takes for a standard clean system to perform 13 actions reflective of real-world computer use, such as downloading files, running popular applications, and installing programs. They run these same tests after installing the antivirus and note any slowdown. About a third of the tested programs scored slightly worse on this test than on the previous test, which used Windows 7.

For a perfect usability score, an antivirus product must completely avoid identifying any valid website or file as malicious. At best, false positive warnings can confuse users and diminish their faith in an antivirus product's effectiveness. At worst, the antivirus might prevent installation of a legitimate application. All of the tested products scored 5.5 or 6.0 points in this test, with the exception of Comodo. Comodo's over-enthusiastic behavior-based blocking system knocked its score down to 4.0 points.

Three Champions
In all the time I've been tracking AV-Test, I've rarely seen a perfect score, and I don't think I've ever seen three at once. Yet that's exactly what happened in this test. Bitdefender, Kaspersky, and Panda all earned six points in each of the three categories. If you're stuck using XP, consider one of these three champions to protect your system.



July 9, 2014

Patch Tuesday Closes 29 Vulnerabilities in IE and Windows

Microsoft Patch TuesdayMicrosoft fixed 29 vulnerabilities in Internet Explorer and supported versions of Windows as part of July Patch Tuesday. The lion's share of the vulnerabilities fixed this round were in Internet Explorer.

Of the six security bulletins released, only two of them—for Internet Explorer and Windows Journal—are  rated as critical, according to Microsoft's Patch Tuesday advisory. Three are rated as important, and the final bulletin has only a moderate rating. Both the IE and Windows Journal bulletins address remote code execution flaws. The important bulletins fixed elevation of privilege flaws in the on-screen keyboard, ancillary function driver, and DirectShow, and the moderate bulletin fixed a denial-of-service bug in the Microsoft service bus.

Microsoft said it had not observed any attacks in the wild targeting any of these flaws.

IE Oh My
Microsoft fixed 24 flaws in Internet Explorer (MS14-037), one publicly disclosed bug and 23 privately reported ones. This is after Microsoft patched 59 vulnerabilities in Internet Explorer last month. The issues are critical for Internet Explorer 6 to Internet Explorer 11 on Windows machines, but just moderate on Windows servers.

Attackers can exploit the IE bugs by tricking users into visiting a specially crafted malicious site. Once the attack succeeds, the attacker would have the same user rights as the compromised user. Users with fewer rights—not logged in as Administrator, for example—would be less impacted.

"It remains to be seen if Microsoft has cleaned up the Internet Explorer vulnerability closet for the next few months or if this is the new normal," said Marc Maiffret, CTO of BeyondTrust.

Obscure Windows Software
The issue with Windows Journal (MS14-038) could allow attackers to remotely execute malicious code. Windows Journal is installed by default on all supported versions of Windows, from Vista to 8.1, but isn't commonly used. Windows Journal can be used on touch-enabled devices as well as non-touch Windows computers to capture handwritten notes. The vulnerability was in how Windows opened files saved in the Windows Journal (.jnt) format.

The Windows Journal bug is a "great example of how unused software can be abused by attackers," stated Craig Young, a security researcher at Tripwire.

Windows Journal is not installed on Windows Server versions.

Maiffret recommending treating the file extension as if it was an executable and block it on the Web and email gateways.

If there is a reason why the two critical patches can't be installed immediately, uninstalling Windows Journal and switching to a different Web browser are sufficient workarounds. "While a patch is always preferred, limiting the attack surface is a good backup," said Tyler Ranguly, manager of security research for Tripwire.

Remaining Patches
The bulletins rated important fixed bugs uncovered during the pwn2own contest back in March. The local elevation of privilege issues can be exploited to give unprivileged users greater access to the vulnerable system. They can be used in chained attacks to compromise the system, suggested Ross Barrett, senior manager of security engineering at Rapid7. "Given the nature of their disclosure, [they] must be known to have exploit code," Barrett warned.

The ancillary function driver bug can be paired with "something like the Internet Explorer vulnerabilities from this month to allow for drive-by web attacks that result in execution of code in the kernel," Maiffret said.



June 16, 2014

AT&T Confirms Security Breach

AT&T Logo Building AT&T has confirmed an April breach in which the personal information of an unknown number of users was improperly accessed.

"We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," AT&T said in a statement. "This is completely counter to the way we require our vendors to conduct business."

"We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously," AT&T continued. "We have taken steps to help prevent this from happening again, notified affected customers, and reported this matter to law enforcement."

Social Security numbers and call records were accessed between April 9 and 21, according to CNET. AT&T did not say how many customers were affected, but CNET pointed out that California law requires the disclosure of incidents that affect at least 500 local customers.

The data was reportedly breached in order to reveal the request codes that can unlock AT&T phones. AT&T currently will unlock a device for any customer whose account has been active for at least 60 days, whose account is in good standing and has no unpaid balance, and who has fulfilled his or her service agreement commitment.

Late last year, AT&T joined the nation's top wireless carriers—Sprint, T-Mobile, U.S. Cellular, and Verizon Wireless—in an effort to make it easier for consumers to unlock their devices.

The companies committed to a number of services, including posting information about unlocking policies, unlocking the phones of customers who have satisfied their contract, notifying users when their phone is eligible for unlocking, and unlocking devices for deployed military personnel.



June 1, 2014

Microsoft Cautions Against Using Registry Trick for Windows XP Updates

Why You Should Ditch Windows XP Now

Well, that was easy. News of a new hack for Windows XP users has been making the rounds this week — and trust us, it's a good thing if you're one of those holdouts who is now using the operating system in the Wild, Wild, West. Which is to say, you're still running your day-to-day operations on Windows XP, even though we've passed Microsoft's cutoff date for support, patches, updates, and what-have-you.

According to numerous sources, a simple registry tweak allows you to fool Microsoft into thinking that your version of Windows XP is actually a version of "Windows Embedded POSRready 2009" In doing so, you'll set yourself up to receive updates from Microsoft all the way through April 9, 2019. That all said, the company hascaught on that this trick is in use, and it has an as-you-might-expect warning for anyone giving the registry tweak a shot:

"We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1," reads Microsoft's statement.



May 27, 2014

Australian iOS Users Reporting Hijacked Devices

iPhone 5S

Several iOS users in Australia have been locked out of their devices and received messages that demand money before their gadgets will be unlocked.

Complaints began yesterday on the Apple forums when a Melbourne-based user reported having his iPad lock up while he was using it. "I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR."

One Oleg Pliss known in the tech community is an engineer at Oracle, but as the hacked user noted, "I was pretty sure that whoever Oleg Pliss is, it's not really the name of the person who hacked my iDevices."

Soon other users started chiming in. Most are from Australia, though one affected user posted this morning that he lives in the U.S. and has never been to Australia, while another is in the U.K.

"I have the same problem, with the exact same message. Affecting both my iPhone and iPad," wrote a Perth-based Apple user.



May 27, 2014

Spotify Hacked, Urges Android Users to Upgrade

Get Organized: How to Organize Spotify Playlists

Music-streaming service Spotify is the latest company to report a security breach.

In a Tuesday blog post, Oskar Stål, Spotify's CTO, said it has identified "unauthorized access to our systems and internal company data."

According to Spotify, the breach affected just one user. "This did not include any password, financial or payment information. We have contacted this one individual," Stål wrote. "Based on our findings, we are not aware of any increased risk to users as a result of this incident."

Still, as a "general precaution," certain Spotify users will be signed out and asked to re-enter their usernames and passwords over the coming days.