Tag: data privacy

Homeland Security Warns Of Expanding Medical Device Attacks

A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

Data Breach For Dummies: Simple Hacks, Hackers Are The Norm

In spite of widespread media attention to the problem of “advanced persistent threats” and nation-backed cyber espionage, most cyber attacks that result in the theft of data are opportunistic and rely on unsophisticated or non-technical means, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). Verizon said that its analysis of 47,000 security incidents and 621 confirmed cases of data loss showed that three-quarters were “opportunistic” – not targeted at a specific company or individual – and financially motivated. Around 20 percent of attacks were linked to what Verizon termed “state affiliated actors” conducting cyber espionage. Verizon’s annual Data Breach Investigations Report presents the results of investigations conducted by Verizon’s RISK investigators, the U.S. Department of Homeland Security, US-CERT as well as by law enforcement agencies globally. In its sixth year, it is a highly regarded and oft-cited benchmark of malicious activity and threats to organizations. In a press release […]

Continue Reading

ACLU Complaint Shows Android Insecurity Getting Political

The American Civil Liberties Union has filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the Federal Government to take action to stem an epidemic of unpatched and insecure Android mobile devices – a public scourge that the ACLU blames on recalcitrant wireless carriers. The civil liberties group’s complaint for injunctive relief with the FTC, noting that “major wireless carriers have sold millions of Android smartphones to consumers” but that “the vast majority of these devices rarely receive software security updates.” Calling the unpatched phones “defective and unreasonably dangerous,” the ACLU says that carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to” third parties. “A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have […]

Continue Reading

That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.

Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]

Continue Reading
1 125 126 127 128 129 131