United Health Data Leak Confirmed

 The ransomware gang claiming responsibility for the UnitedHealth Group data leak has confirmed the data for sale on the Dark Web is indeed their data on their patients.

 UnitedHealth group Change Healthcare is slowly gaining ground on backlogged payments to health providers.

 "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure" - UnitedHealth Group

 The ransomware group, BlackCat/ALPH, pulled an exit move and left with the ransom. The claim of 6TB of patient and provider data has appeared and disappeared from the Dark Web site selling portions of that data.

 UnitedHealth group is preparing to offer two-years of credit monitoring and identity theft protection to affected parties after the investigation.

“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,”

Omni Hotels and Resorts Data Breach Recent Update

 More information here.

An advantage of data protection services, earlier warnings of data breaches.

Roku Cyber Attack

 Roku announced 500,000 accounts impacted by cyber attack discovered while investigating a data breach affecting 15,000 Roku accounts.

 This second attack, a result of "credential stuffing" allowed attackers to make unauthorized purchases of hardware products and service subscriptions. Roku will reverse charges or refund to the affected accounts.

 Roku has enabled two-factor authentication for all Roku accounts.

AT&T Data Breach Update

 

All 70+ million current and past AT&T customers who are known to have their data for sale may soon get the above email. If you still have the same email you gave AT&T.

The subscription code is for Experian IdentityWorks service. 
We have covered Experian's privacy issues in past Cyber Security SIG recorded presentations.

AT&T had issues with the large amount of emails. Experian had issues with the large number of requests.

MalwareBytes Digital Footprint Scam

 MalwareBytes has a Digital Footprint Scan:

https://www.malwarebytes.com/digital-footprint

This is a result you hope for:

In my testing the passwords/passphrases returned are accurate.

AND have i been pwned?

Google for Privacy?

 Google is not known for their privacy.
Their revenue stream comes from collecting data about us.
We know that!

BUT
Did you know you can use that collected data to your benefit also?

You can login to your Google account(s) and
1) Create an alert with search terms.

2) Using Google One you can search the dark web for:

Social Security Number (requires verification)
Name(s)
Physical Addresses
Phone Numbers
Email Addresses
And get results (very disturbing results)

NOTE: The Password results. These are in the clear passwords available on the Dark Web we keep hearing about.
(More like grey web BUT ...)

Invest some time now. Let family, friends, neighbors, and members know.

Apple releasing security fixes today 25-Mar-2024

  Security updates for macOS 14.4.1, macOS Ventura 13.6.6, iOS 16.7.7, and visionOS 1.1.1 join the security patches to iOS 17.4.1 and iPadOS 17.4.1 released 21-Mar-2024.

 These security updates fix vulnerabilities that could lead to arbitrary code execution. Thus important.

Apple Security related Updates today 21-Mar-2024 iOS & iPadOS

 Updates to current iOS and iPadOS releases: 17.4.1

Updates to older releases iOS 15.8.2   iPadOS 16.7.2

This indicates to me these are security related.

iOS iPadOS Emergency Updates

 Apple has stated iOS 17.4 updates due to comply with the EU DMA regulations. Those updates were released today March 5, 2024 a few days prior to the deadline.

 However, the 17.4 iOS and iPadOS updates also addressed 2 major security flaws. Updates to iPadOS 16.7.6 and Safari 17.3.1 available now.

 Consider these updates as urgent.

Facebook, Instagram, Threads are currently down

 Meta is aware   BUT no updates

Bank of America Data Breach 17-Feb-2024

 Data breach notification filed in Maine. Persons affected used Bank of America's deferred compensation plans. 

The breach occurred at Infosys McCamish Systems.

“It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS.

According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information.”

Williamson County reporting data breach.

 WILLIAMSON COUNTY, Texas — Central Texas residents are being warned about a data breach that happened in 2022.

Officials said they discovered during an investigation that an unauthorized user gained access to an email account with a member of the 277th District Court in Williamson County, who then may have seen or taken certain information.

According to officials, certain people who interacted with the court on or before Nov. 10, 2022, may have their personal information impacted.

Sensitive information impacted varies by person but county officials said it could include names, addresses, Social Security numbers, and more. Officials also said they conducted a review of the attack and plan to reach out to those who may have been affected.

Cybersecurity experts said these types of attacks are not only happening more often but that government entities like Williamson County are also increasingly becoming the target of such attacks.

"Especially for the data that they have, we see that for multiple reasons," Mitchem Boles said. "But any type of data that's taken, according to Verizon's data breach investigation report from last year, 97% of those malicious actors are motivated by financial gain."

Boles also said these types of attacks can be accessed through emails easily when it comes to scam links and phishing fraud across the internet. He also says government agencies are seemingly being attacked more frequently.

"Because of older infrastructure. They're underfunded. They don't necessarily have the protections in place for their data, for their emails and for their users," said Boles. "We know that these kinds of attacks will only increase really in number and sophistication into 2024. So we don't see it slowing down."

KVUE reached out to Williamson County officials for more information, but we were told that no interviews would be conducted at this time.

What to do if you think you were affected

If you think your identity has been stolen, you can place a credit freeze to stop anyone from creating a new credit account in your name.

The freeze can be placed by contacting any of the three major credit reporting agencies: Equifax, Experian or TransUnion. The request can be submitted online, by phone, or by mail.

UPDATE: reports to the Texas Attorney General's office claim 3,763 person's personal information exposed. 
November 2022. Just now being informed.

Read the notification here.

iOS 17.3.1 iPadOS 17.3.1 Sonoma 14.3.1 watchOS 10.3.1 visionOS 10.3.1 Updates released 8-Feb-2024

  Updates to fix bug of text may overlap while typing.

And the potential security related issues. The tell, updates to Sonoma and Safari to 17.3 on older Macs and iPads.

AT&T adding SPAM Detect Feature

 AT&T is starting to provide TruContact Branded Call Display.

A feature in partnership with TransUnion. The delivery to cell customers uses STIR/SHAKEN protocol to authenticate callers.
Callers need to register with TransUnion.

 The incoming calls should display the companies logo, name, phone number and valid number.

 The STIR/SHAKEN protocol uses asymmetric cryptography to validate the information displayed.

 Only a very few companies are using TruContact Branded Call Display currently. 

Apple Updates 22-Jan-2024

 iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3

The updates are large:

12.43GB for macOS

5.62GB for iPadOS

Updates for iPadOS 16.7.5, tvOS 17.3, iOS 16.7.5, Monterey 12.7.3 and higher, iOS 15.8.1

WatchOS 17.3

And Safari 17.3

0-day vulnerability in WebKit  16Vulnerabilities

• iOS 17.3 and iPadOS 17.3
• iOS 16.7.5 and iPadOS 16.7.5
• iOS 15.8.1 and iPadOS 15.8.1
• macOS Sonoma 14.3
• macOS Ventura 13.6.4
• macOS Monterey 12.7.3
• Safari 17.3
• watchOS 10.3
• tvOS 17.3

Apple Store down today 19-Jan-2024 Preparation for Vision Pro Orders

 

Very Very Large password database just released

This slide from the Cyber Security SIG presentation 18-Jan-2024.

Google Chrome 0-day vulnerability 17-Jan-2024

  Google released Chrome updates today. CVE-2024-0519.

Updates to Chrome browser are encouraged

Chrome version 120.0.6099.224/225 for Windows.

macOS version 120.0.6099.234

120.0.6099.224 for Linux

ChromeOS 120.0.6099.235

Google Session cookies a proposed mitigation?

 In the Cyber Security presentation 4-Jan-2024 the new attack targeting Google session cookie reuse was cited.

 Session cookies, if re-validated, allow attackers to logon to Google services without re supplying the password/authentication.

 Not Good!

 A just proposed mitigation: power cycle the device. A further step, sign-out of any/all browser profiles. Even more secure, reset your passphrase and sing-in again.

iPhone 17.3 Developer Beta 3-Jan-2024

  If you one of the few iPhone 17.3 beta testers:

A few are reporting major issues with the just released iOS 17.3 developer beta release. iPhone will loop indefinitely.

A few are reporting.

Update: Apple pulled iOS 17.3 beta due to reported problems.