Tuesday, October 29, 2024

Yet another Insurance service provider breached - Liberty Bankers Insurance Group.

 Serving American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.

Data compromised: names, addresses, dates of birth, social security numbers/tax identification numbers, driver’s license numbers/government-issued ID numbers, financial information such as credit card numbers, and medical and health insurance information.

Persons affected: individuals who at one time were a producer, policy-owner, insured, beneficiary, or payor for insurance policies which Landmark administered, or continues to administer, for Liberty Bankers Insurance Group.

Filings with the Texas and Maine attorneys general indicate 68,000 Texas affected. 

This information gives scammers the ability to provide personal information that allows persons to trust the scammers.

Friday, October 11, 2024

Mozilla Firefox Browser Emergency Update

 Mozilla Firefox browser has issued an emergency update to address a zero-day vulnerability.
 Firefox version 131.0.2 has this security update.
The vulnerability is in the Animation timelines with a CVSS of 9.8


 Mozilla has applied this emergency fix to the Extended Support Release editions of Firefox and the Tor browser.
Firefox ESR 115.16.1, Firefox ESR 128.3.1 and Tor 13.5.7

Thursday, October 10, 2024

Apple stops signing iOS 18.0 - to stop users from downgrading from iOS 18.0.1

 The iOS upgrade from 18.0 to 18.0.1 has significant security issues and usability problems 

Fidelity Investments reporting data breach 77,000 customers affected

 Fidelity Investments reporting a data breach affecting 77,000 customers. The attack/breach occurred between August 17 and 19.

 Not accounts - customer information according to Fidelity spokesperson.  Could the customer information stolen be used to access their accounts?

 Consider taking the normal safeguards and increasing vigilance.

Archive.org hacked 31 million users

 Archive.org is the Internet's archive machine.
The Archive.org's user authentication database containing 31 million unique records has been hacked and added to Have i Been Pwned database.

The Archive.org site has been online and offline recently.
A possible DDoS attack.

The data stolen contains: email addresses, screen names, password change timestamps, hashed passwords, and other data.

Data indicates the data was stolen September 28, 2024. 

Friday, October 4, 2024

Apple Updates iOS 18.0.1 and iPadOS 18.0.1

 Some minor fixes, BUT 2 security updates.

First, Apple says that iOS 18.0.1 fixes a bug where audio messages in the Messages app could have recorded “a few seconds of audio” before the orange microphone indicator was active in the Dynamic Island and Control Center. This bug only specifically impacted the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max.

Second, Apple says that iOS 18.0.1 and iPadOS 18.0.1 address a security issue where the VoiceOver feature could have read a user’s saved passwords aloud.

Also with security fixes:
watchOS 11.0.1
visionOS 2.0.1
macOS 15.0.1



iOS 18.0.1 and iPadOS 18.0.1 released 10-4-2024

 Reportedly fixes some security issues, touch screen unresponsive, camera may freeze when recording macro mode video in 4K with HDR turned off, Messages may unexpectedly quit, performance may be impacted due to an issue with memory allocations on some iPhone models.
Security issues fixed: microphone access on iPhone 16, and fixes to Passwords app access in all supported iPhone models.
VoiceOver feature could have read a user's password aloud.