News

More than 120,000 Health Alliance Plan (HAP) clients' personal and protected medical information may have been compromised in a security breach, the Detroit Free Press reported on Tuesday. Letters notifying customers of the breach were sent last week by Wolverine Solutions Group, a Detroit-based company HAP hired to manage its mailing services. The letters said the security problem occurred on or around Sept. 23, when Wolverine Solutions Group "experienced a ransomware incident—a malicious software that attacked and locked up our servers and workstations." Source: Fierce Healthcare

Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the latest Email Security Risk Assessment (ESRA) report, an aggregated analysis of tests that measure the efficacy of widely used email security systems. This quarter’s report found that email delivered with malicious URLs, a recently added part of the testing, has increased by more than 125 percent in comparison to last quarter’s results. The data was analyzed and, as in past periods,...

Gemalto, the world leader in digital security, today announced the availability of three new cloud-based Hardware Security Module (HSM) services, HSM On Demand for CyberArk, HSM On Demand for Hyperledger and HSM On Demand for Oracle TDE. Each service is available through the SafeNet Data Protection on Demand platform, a marketplace of cloud-based HSM, encryption and key management services that easily integrates with most widely used cloud services and IT products to protect data wherever...

CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today announced ground-breaking new capabilities to simplify the continuous discovery and protection of privileged accounts in cloud environments. The CyberArk Privileged Access Security Solution v10.8 is the first-of-its-kind to automate detection, alerting and response for unmanaged and potentially-risky Amazon Web Services (AWS) accounts. This version also features new industry-leading Just-in-Time capabilities that deliver flexible user access to cloud-based or on-premises Windows systems. According to Gartner,...

Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.Discovered by security researchers Ran Locar and Noam Rotem, the database contains what appears to be the app's entire data, from user personal details to activity logs. Source: ZDNet

Mobile users have been targeted by almost twice as many attacks using malicious software during 2018, going up from 66.4 million in 2017 events detected during 2017 to 116.5 million until the end of last year according to a report by Kaspersky Lab.Despite this large increase in the number of malicious mobile software attacks, only 5,321,142 installation packages containing malware samples were identified throughout the entire year, down 409,774 when compared to the 2017 stats. Source: Bleeping Computer

A new Ransomware-as-a-Service called Jokeroo is being promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server.A Ransomware-as-a-Service is when a developer creates a ransomware and a payment site and allows affiliates to sign up and distribute the ransomware. As part of this deal, the affiliates and the developer will split the payments that are received from victims. Source: Bleeping Computer

Attack traffic observed by F-Secure’s network of decoy honeypots in 2018 increased by 32 percent over the previous year and increased fourfold in the latter half of 2018 compared with the first half of the year, the Finnish cybersecurity company has shared. Source: Help Net Security

There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found.TLS certificates are sold individually and packaged with a wide range of crimeware. Together these services deliver machine-identities-as-a-service to cybercriminals who wish to spoof websites, eavesdrop on encrypted traffic, perform man-in-the-middle attacks and steal sensitive data. Source: Help Net Security

HACKERS are offering software to drone owners who want to bypass "no fly zone" technology.Anyone can easily find these websites in just a few clicks on Google – and then crack their drones to remove vital safety features. Source: The Sun