Wednesday, July 31, 2024

Health Equity reports data breach 30-July-2024

 HealthEquity - non-bank health savings trustee responsible for administrating HSA accounts reporting a massive data breach in March 2024.

 Personal information that may have been accessed, but not limited to:
Name, Employee IDs, employers, addresses, phone numbers, social security numbers, dependent contact information.

 4.3 million persons may be affected. Breach reported beginning of July. HealthEquity services HSA, FSA, HRA and 401K.

 Affected persons should be notified beginning in August.

 As with any data breach, increase vigilance, act quickly, REPORT.

Monday, July 29, 2024

Apple Updates July 29, 2024

  Updates available for iOS 17.6, iPadOS 17.6, and Sonoma 14.6

iOS 15.8.3, iOS 16.7.9, iPadOS 16.7.9, Monterey 12.7.6, Ventura 13.6.8, watchOS 10.6, tvOS 17.6, visionOS 1.3

Only reported new features: News+ for home and lock screen.
 Messages app ability to filter unknown senders if they are international numbers.

 And bug fixes and security updates.
US 
Cybersecurity and Infrastructure Security Agency (CISA) urging people to update their Apple devices immediately. 

Apple Private Relay outage resolved July 29, 2024

  Apple reports the problem with Private Relay for Safari on iDevices has been resolved.

 Reported July 26 and lasting for 56 hours service was restored 10:59pm Eastern July 28.

 iCloud Private Relay hides your Internet IP address for privacy and security.

Saturday, July 27, 2024

Evolve Bank & Trust and associated financial firms data breach - Customer data now available on the Dark Web

 The July 4, 2024 Cyber Security presentation recording mentioned the data breach at Evolve Bank and Trust. At the time of the report a sample set of the customer data appeared to be genuine. Ransom negations were known to be ongoing. 

 A recent posting on the dark web indicates a very large number of those customer records are available for sale.

 Several firms that have worked with Evolve Band & Trust may have had their customer's data stolen and available for sale on the Dark Web as well. Affirm, Affirm Card, Wise, Bilt, Marqeta, Mercury, and EarnIg are a few examples. The data set reports 7,640,112 customers data to include but not limited to: name, SSN, bank account numbers, phone numbers, email addresses, ...

 Please use extra caution, inform friends, family, neighbors.

Friday, July 19, 2024

Global Outage 19-July-2024 Due to security vendor's update

  Large global outages due to a software security update.
Yes, it is not only you. This can and did happen on a global scale.
The outage started 19:00 GMT July 18, 2024.

 Major sites/businesses are down for a period of time until the affected machines can be physically visited, the root cause removed, and a reboot.

 So, some time to resolve.

 CrowdStrike update appears to be the root cause. 

 Major industry sectors are experiencing outages.

 From hospital rumor: It might get worse. Take cash





Wednesday, July 17, 2024

Changes to Social Security Account Login requirements

  The federal government is planning to change how people will login to access their social security accounts. 

 Current access via email/username and password will change to require a Login.gov or ID.me account. 

 The process is easy. If you have an existing Login.gov or ID.me account you can link your social security account. 

 If you do not, use your existing my SSN account and follow the detailed instructions to create either a Login.gov or ID.me account.
Then link your social security account. 

 More information:

https://blog.ssa.gov/changes-are-coming-to-how-you-access-social-securitys-online-services/

Friday, July 12, 2024

UPDATE MASSIVE AT&T customers call & text records data breach

 July 12   CNN Report

AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022.

The data was the metadata: Phone numbers called, call duration, number of times called/messaged. But cell tower site identification records may have been released.

 The FCC is investigating according to their social media posts on X (formerly Twitter).

 This data breach is not related to the March 2024 incident (73 million customer's PII on the dark web).

Department of Justice delayed public disclosure. National Security and public safety concerns

An advisory/notice from AT&T:

https://www.att.com/support/article/my-account/000102979


I requested my information, got the response that day. Very little detail. 

News services are reporting the hacker was paid about $300,000 to erase the data stolen.

The data was stolen from an unsecured cloud server. The stolen data was stored on a cloud server. Cloud servers do backups and replication. Consider the data still available. I easily requested my data. Anyone can request your data with a little effort. Use multi-factor authentication protections on accounts.

Thursday, July 11, 2024

Apple issues new spyware attack warning to iPhone users

  Some users in 98 countries may receive warnings on their iPhones of a potential for spyware loaded on their devices. 

 This the second such warning. Little is known of the need for this warning.

 “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” 

A zero-click attack allowing the attacker(s) complete control of the device including reading encrypted messages and data.

 If you are a high profile user or rely on encryption protections, consider Lockdown mode.

 Turning your iPhone off nightly might be helpful.

 Applying updates is now so important.

Critical vulnerability in Outlook

  Microsoft Outlook. Outlook is Microsoft email system. Server, client, application. Part of several Microsoft subscriptions.

 The vulnerability, tracked as CVE-2024-38021, allows an attacker to take control of the system it is running on, no user interaction, no authentication, full control, no click, remote code execution. 

 The vulnerability along with 142 others was patched with the July 9 Microsoft Patch Tuesday monthly security patch release. Thus very important to apply security updates. Recall June had a fix for the very critical Microsoft Windows wireless driver stack.

 You may have other email systems/clients BUT outlook may be started as part of Windows startup.

Wednesday, July 10, 2024

Apple and others released Cyber Security Guidance

   A LARGE increase in attacks against iPhone and other devices recently (July 6 and since). has prompted Apple to release guidance to protect against this increase. Other technology and security companies are also warning customer and consumers.

 With this LARGE increase of cyber activity you will receive warnings to change your password, move your money, and other common scams. LARGE increase. BE MORE AWARE. Some of those warnings are from the scammers/criminals.

 The Computer Club's Special Interest Groups, Announcements, Wiki, emails provide information to help residents cyber safer. The Cyber Security SIG, Scams and Computer Safety, Internet of Things, MUG, Windows and other presentations are recorded and available.

 Please use these and other resources. The NRO Anti-Fraud Group.
Not one more resident a victim of cyber crime!

 https://support.apple.com/en-us/102568

Friday, July 5, 2024

Critical July Android Security Patch

  Goggle issues Android patches on a monthly basis. For July one patch for CVE-2024-31320 is rated critical by Google.

 Android updates are issued to all manufactures who use Android for their devices. Smartphones, smart tablets, TVs, streamers, etc.
Those manufactures then integrate the updates into their products, apply vendor specific updates, test, then release the update to their customers. Google Pixel and Samsung are quick to release. 

 Exploitation of this vulnerability could allow an attacker to take complete control of an android device. 

 Android 12 and 12L are most impacted, but the July Android update fixes 25 issues across the varied Android versions.

 On Android: Settings > System or Software Update
Check for Updates
Follow instructions for the update
If not available, check again soon

For more information:

Android Security Bulletin July 2024

Thursday, July 4, 2024

regreSSHion vulnerability.

 Discovered this week (July 1) an unauthenticated remote code execution flaw that grants exploiter full root access with the ability to create a root-level shell, affects default configuration, with no user interaction.
 This discover will RAPIDLY be weaponized. 
 A bit of good news. This is race condition flaw so not as easy to exploit.
 This is breaking news. More information to follow.