Security Alerts & News
by Tymoteusz A. Góral

#1260 US health insurer warns 3.7m after cyber-attack
US health insurer Banner Health has written to 3.7 million customers and healthcare providers to warn that their data may have been stolen, after a cyber-attack.

The breach could have targeted data on patients, physicians and health plans.

An investigation revealed that attackers may have also accessed payment-card data at Banner Health food and drink outlets.

The firm says it has hired a forensics team to help it secure its systems.
#1259 Researchers go inside a business email compromise scam
LAS VEGAS – Poor operational security on the part of Nigerian scammers running a Business Email Compromise (BEC) scheme has given researchers a window into their operations.

Dell SecureWorks today published a report at Black Hat USA 2016 on what the criminals involved call wire-wire, or “waya-waya.” These attackers aren’t particularly sophisticated malware coders, for example, but the operation is adept at targeting executives in certain industries with phishing attacks that ultimately lead to fraudulent wire transfers, resulting in hundreds of thousands of dollars being lost. Manufacturing firms, chemical operations and other high-value organizations have been targeted by these campaigns that go much deeper than simply spoofing emails ordering confirming wire transfers.

The attackers behind these scams are using malware to attack email servers and sit man-in-the-middle style intercepting and redirecting messages in order to score a big pay day.
#1258 Stealing payment card data and PINs from POS systems is dead easy
Lack of authentication and encryption allow attackers to easily steal payment card data and PIN numbers from point-of-sale systems.

Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.

POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers with PIN pads. They also have specialized payment applications installed to handle transactions.

One of the common methods used by attackers to steal payment card data from PoS systems is to infect them with malware, via stolen remote support credentials or other techniques. These malware programs are known as memory or RAM scrapers because they scan the system's memory for credit card data when it's processed by the payment application on the POS system.

But on Tuesday at the BSides conference in Las Vegas, security researchers Nir Valtman and Patrick Watson, from U.S.-based POS and ATM manufacturer NCR, demonstrated a stealthier and more effective attack technique that works against most "payment points of interaction," including card readers with PIN pads and even gas pump payment terminals.
#1257 Beware of ransomware hiding in shortcuts
Even if you haven’t been hit by ransomware yourself, you probably know someone who has.

Most ransomware gets straight to work as soon as it infects your computer: it scrambles some or all of your files and then callously offers to sell you a tool to unscramble them.

If you have a recent backup (one that wasn’t scrambled along with everything else!), you should be able to recover without paying, hopefully without too much trouble.

But if you don’t, and you want your data back, you have little choice but to pay up.

From time to time, the crooks make mistakes, and decryption experts find a loophole so that you can unscramble for free, but that’s unusual.

As a result, many victims end up paying the money, even though it pains them to do it, no matter how hard they try to find another way to recover their files.
#1256 Report: Only 3 percent of U.S. companies pay attackers after ransomware infections
Almost half of all companies have been the victims of a ransomware attack during the past 12 months, according to a new report. And while globally, 40 percent of them have paid the ransom, 97 percent of U.S. companies did not.

Specifically, 75 percent of enterprise victims paid up in Canada, 58 percent in the U.K., and 22 percent in Germany, according to an Osterman Research survey of hundreds of senior executives in the U.S., Canada, German and the U.K.
#1255 What really happened in mass Telegram secure messenger hack
A researchers said that a vulnerability was found within how the company uses SMS text messages to sign up new devices to the service. Anderson and Guarnieri claim that when a user logs into Telegram from a new smartphone, authorization codes are sent via SMS which in turn can be intercepted by the phone company and shared with cyberattackers.

This is particularly a problem when communications providers are heavily monitored or owned by states which want to keep track of their citizens. This year in Iran, for example, the country's government demanded that foreign messaging service providers must store Iranian citizen data within the country -- where law enforcement has easy access.

Once compromised SMS codes have been acquired, the cyberattacker can add new devices to the Telegram account, they can read chat histories and also intercept new messages.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12