Someone stole the hard drive from the car of one of the vendor’s employees, according to the letter. UH was informed of the theft Aug. 8, and the hospital system has been determining the exact information that was on the drive since then, said hospital spokeswoman Janice Guhl. 

Link to full story

http://www.cleveland.com/healthfit/index.ssf/2013/11/uh_notifies_7100_patients_of_l.html

The post UH notifies 7,100 patients of stolen hard drive with personal medical information on it appeared first on Security Wandering.

Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

linked from:
 http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

it was just a matter of time before microcode injections into the controller on various sub systems of a computer would be targeted.
This is a very troubling discovery for many people. 

The post Ultrasonic more then bugs talking…….or “bab bios” or should it be sound gaps not air gaps appeared first on Security Wandering.

End users still have the the keys to the kingdom and malware and phishing have clearly marked them for targeting.  The Standard number of targeted phishings at my employer is well over 20 a month.  The human element is still opening email from “DEAD cousin NED”  and we apparently all have a “Nigerian relative that needs our help”.

I was just at a security conference were David Kennedy  aka rel1c the author of SET the founder of truestedsec was presenting. His talk was on burning down security as we know it and his demo did not work because of the OSX maverick upgrade. OR as I see it Steve jobs from the great beyond,  the demo portion of these talks used to be the real value of security conferences.  They provide good stories and the proof of what we all know and a way to show the risk.  Over the last Year FUD and good stories have really gone the way of the dinosaurs.  Having to prove that something bad could and does happens seems to have gone from a lot of proof  and good stories to just de facto accepted thanks to Adobe and their issues…… and Dave on the Katie Couric show  .

Oh yeah back to Steve Jobs and his hate for all things Adobe…
As a senior checkpoint executive said at the same conference Steve dies and 6 months later Apple is softer on Adobe and he see on his home network from a mac his first malware/trojanware.

How very odd java is getting harder to manipulate but Flash and Air maybe it’s replacement for the darkside who generally also want your browsers cookies…Or yes they have cookies…

till later

The post Well it’s been a year or so since I last mused about security and it’s still appeared first on Security Wandering.

“

Security researchers disclosed critical vulnerabilities in routers from Chinese networking and telecommunications equipment manufacturer Huawei at the Defcon hackers conference on Sunday.

The vulnerabilities — a session hijack, a heap overflow, and a stack overflow — were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.

“

The post Hackers reveal critical vulnerabilities in Huawei routers at Defcon appeared first on Security Wandering.

” SQL Injection Attacks Up 69%Source ZDNetLink | Favorite | Comments (0)Close”

The post SQL Injection Attacks Up 69% ? Packet Storm appeared first on Security Wandering.

“ChapCrack and CloudCracker reveal sensitive corporate communications — including passwords — protected by the popular PPTP encryption protocol, which is based on an algorithm from Microsoft, a researcher says at Defcon.“

The post Tools boast easy cracking of Microsoft crypto for businesses appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

CNET News Security & Privacy Flame malware: So big, so overlooked The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?

by Michael Lee May 29, 2012 4:53 AM PDT 8 CommentsFacebook24Twitter71Linked In19More

The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it? Several security research firms, including Symantec, Kaspersky, and McAfee, have been hard at work analyzing a specific piece of malware in the past few days after the Iranian Computer Emergency Response Team posted an alert about malicious code designed to steal and exfiltrate information from infected computers back to a network of at least 10 command and control servers. However, as Budape”

The post Flame malware: So big, so overlooked | Security & Privacy – CNET News appeared first on Security Wandering.

<<< Tuesday, May 8, 2012 >>>   Java Drive-by Generator Posted by Karmina @ 15:27 GMT | Comments Ran across quite an interesting infection today. I visited a site that prompted me with a security warning about a ‘Microsoft’ application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.

After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.

The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.

Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around f”

The post Java Drive-by Generator – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

Breaking news Oracle v. Google jury returns partial verdict, favoring OracleShare: CNET News Security & Privacy New malware strain locks up computers unless ransom is paid A type of ‘ransomware’ hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog.

by Lance Whitney May 7, 2012 8:50 AM PDT 20 CommentsFacebook54Twitter71Linked In23More (Credit: abuse.ch) A campaign of ‘ransomware’ is locking people out of their computers unless they pony up the right amount of money. Spotted by security blog abuse.ch, the malware taps into an exploit kit known as ‘Blackhole.’ Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software'”

The post New malware strain locks up computers unless ransom is paid | Security & Privacy – CNET News appeared first on Security Wandering.

“Skip the navigation

Computerworld White Papers Webcasts Newsletters Solution Centers Events Magazine Twitter Facebook RSS

Topics News In Depth Reviews Blogs Opinion Shark Tank IT Jobs More IT Verticals Security App Security|Business Continuity|Cybercrime and Hacking|DRM and Legal Issues|Data Security|Malware and Vulnerabilities|Privacy|Security Hardware and Software

74  

3   1 Submit 6 Email

Home > Security > Malware and Vulnerabilities News Microsoft detects new malware targeting Apple computers Apple users should be sure their Mac version of Office has up-to-date patches

By Jeremy Kirk May 2, 2012 12:18 AM ET2 Comments . What’s this? IDG News Service – Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, wrote Jeong Wook Oh of Microsoft’s Malware Protection Center. But it does show that hackers pay attention if it’s found pe”

The post Microsoft detects new malware targeting Apple computers – Computerworld appeared first on Security Wandering.