Tuesday, November 19, 2024

Apple Updates November 19, 2024

 Major updates to Apple Products software today. November 19, 2024.

iOS 18.1.1, iPadOS 18.1.1, Sequoia 15.1.1 and others


UPDATE: Apple fixes/updates released today (November 19) address at least 2 vulnerabilities currently being exploited in the wild.
It is highly recommended to apply updates to any and all Apple devices for which updates are available. Initial reports of only Intel based Macs are thought to be untrue.

Details are scarce implying the threat is high. 

Saturday, November 16, 2024

Six US Banks report potential security breaches of debit cards November 15, 2025

 The US banks reporting security breaches of debit cards:
Mainstreet Bank, Savers Bank, The Village Bank, Watertown Savings Bank, Webster Five Cents Savings Bank and Eagle Bank say some debit cards may have been compromised following a security breach at
a merchant's payment card platform.

Breach notification

Says Savers Bank,

“We have been notified by MasterCard International of a suspected security breach of a merchant’s network, transactions that may have compromised some of Savers Bank’s debit card numbers.”

Affected customers at Eagle Bank and Savers Bank will receive new cards automatically.

Webster Five Cents Savings Bank offers fewer details on the source of the breach, but says it’s also issuing mandatory new debit cards.

Watertown Savings Bank is asking customers to be vigilant, issuing new cards upon request.

“The breach included the capture of some of your personal information, such as your name and card number…

…we do ask that you remain vigilant on monitoring your account activity for the next 12 to 24 months and report any unusual or suspicious activity immediately. If you prefer that we issue a new card please contact the bank.”

Mainstreet Bank says the breach occurred “June 28, 2023 through April 26, 2024” and involved personally identifiable or protected data.

Tuesday, October 29, 2024

Yet another Insurance service provider breached - Liberty Bankers Insurance Group.

 Serving American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.

Data compromised: names, addresses, dates of birth, social security numbers/tax identification numbers, driver’s license numbers/government-issued ID numbers, financial information such as credit card numbers, and medical and health insurance information.

Persons affected: individuals who at one time were a producer, policy-owner, insured, beneficiary, or payor for insurance policies which Landmark administered, or continues to administer, for Liberty Bankers Insurance Group.

Filings with the Texas and Maine attorneys general indicate 68,000 Texas affected. 

This information gives scammers the ability to provide personal information that allows persons to trust the scammers.

Friday, October 11, 2024

Mozilla Firefox Browser Emergency Update

 Mozilla Firefox browser has issued an emergency update to address a zero-day vulnerability.
 Firefox version 131.0.2 has this security update.
The vulnerability is in the Animation timelines with a CVSS of 9.8


 Mozilla has applied this emergency fix to the Extended Support Release editions of Firefox and the Tor browser.
Firefox ESR 115.16.1, Firefox ESR 128.3.1 and Tor 13.5.7

Thursday, October 10, 2024

Apple stops signing iOS 18.0 - to stop users from downgrading from iOS 18.0.1

 The iOS upgrade from 18.0 to 18.0.1 has significant security issues and usability problems 

Fidelity Investments reporting data breach 77,000 customers affected

 Fidelity Investments reporting a data breach affecting 77,000 customers. The attack/breach occurred between August 17 and 19.

 Not accounts - customer information according to Fidelity spokesperson.  Could the customer information stolen be used to access their accounts?

 Consider taking the normal safeguards and increasing vigilance.

Archive.org hacked 31 million users

 Archive.org is the Internet's archive machine.
The Archive.org's user authentication database containing 31 million unique records has been hacked and added to Have i Been Pwned database.

The Archive.org site has been online and offline recently.
A possible DDoS attack.

The data stolen contains: email addresses, screen names, password change timestamps, hashed passwords, and other data.

Data indicates the data was stolen September 28, 2024.