<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/15/2019



US Health Network, Supplier Expose PII, PHI Data in Breaches

Select Health Network and Solara Medical Supplies disclosed data incidents caused by breaches of their employees' email accounts that lead to exposure of both personally identifiable information (PII) and protected health information (PHI). In both cases, the number of individuals who had their information exposed was not disclosed, however current and former members, patients, and, in some cases, employees are known to be affected.


APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims

The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, linked to its own command-and-control (C2) server, comprises a small group of up to a dozen infected computers.

Two Charged Over Crypto Theft via SIM Swapping, Death Threats

Two men from Massachusetts were arrested and charged by the Boston U.S. District Court with stealing high-value social media accounts and hundreds of thousands worth of cryptocurrency from at least ten victims by using SIM swapping, death threats, and hacking. Eric Meiggs and Declan Harrington, the two defendants, were charged with one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse, and one count of aggravated identity theft in an 11-count indictment unsealed today.


Silly Phishing Scam Warns That Your Password Will be Changed

A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same. As people get better at spotting the phishing scams pretending to be shipping information, receipts, and voicemails, scammers need to come with new methods to get people to click the links in their emails. Such is the case with a new phishing email that states you need click on the "Keep same password" button or your password will expire.


Qualcomm Bug Exposes Critical Data on Samsung, LG Phones

Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. Top smartphone brands like Samsung, LG, or Motorola rely on Qualcomm's implementation of the Trusted Execution Environment (TEE) based on the TrustZone technology from ARM to store and handle sensitive information in a secure area inside the main processor.

Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns

With the checkra1n iPhone jailbreak now available, security experts are urging mobile-device managers to keep on their toes as the powerful new tool becomes available to hackers and iPhone users who may recklessly use it. Jailbreaking is the process of hacking these devices to bypass DRM restrictions, allowing users to run unauthorized and custom software, and to make other tweaks to iOS.