Someone stole the hard drive from the car of one of the vendor’s employees, according to the letter. UH was informed of the theft Aug. 8, and the hospital system has been determining the exact information that was on the drive since then, said hospital spokeswoman Janice Guhl. 

Link to full story

http://www.cleveland.com/healthfit/index.ssf/2013/11/uh_notifies_7100_patients_of_l.html

The post UH notifies 7,100 patients of stolen hard drive with personal medical information on it appeared first on Security Wandering.

Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

linked from:
 http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

it was just a matter of time before microcode injections into the controller on various sub systems of a computer would be targeted.
This is a very troubling discovery for many people. 

The post Ultrasonic more then bugs talking…….or “bab bios” or should it be sound gaps not air gaps appeared first on Security Wandering.

End users still have the the keys to the kingdom and malware and phishing have clearly marked them for targeting.  The Standard number of targeted phishings at my employer is well over 20 a month.  The human element is still opening email from “DEAD cousin NED”  and we apparently all have a “Nigerian relative that needs our help”.

I was just at a security conference were David Kennedy  aka rel1c the author of SET the founder of truestedsec was presenting. His talk was on burning down security as we know it and his demo did not work because of the OSX maverick upgrade. OR as I see it Steve jobs from the great beyond,  the demo portion of these talks used to be the real value of security conferences.  They provide good stories and the proof of what we all know and a way to show the risk.  Over the last Year FUD and good stories have really gone the way of the dinosaurs.  Having to prove that something bad could and does happens seems to have gone from a lot of proof  and good stories to just de facto accepted thanks to Adobe and their issues…… and Dave on the Katie Couric show  .

Oh yeah back to Steve Jobs and his hate for all things Adobe…
As a senior checkpoint executive said at the same conference Steve dies and 6 months later Apple is softer on Adobe and he see on his home network from a mac his first malware/trojanware.

How very odd java is getting harder to manipulate but Flash and Air maybe it’s replacement for the darkside who generally also want your browsers cookies…Or yes they have cookies…

till later

The post Well it’s been a year or so since I last mused about security and it’s still appeared first on Security Wandering.

” SQL Injection Attacks Up 69%Source ZDNetLink | Favorite | Comments (0)Close”

The post SQL Injection Attacks Up 69% ? Packet Storm appeared first on Security Wandering.

“ChapCrack and CloudCracker reveal sensitive corporate communications — including passwords — protected by the popular PPTP encryption protocol, which is based on an algorithm from Microsoft, a researcher says at Defcon.“

The post Tools boast easy cracking of Microsoft crypto for businesses appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

CNET News Security & Privacy Flame malware: So big, so overlooked The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?

by Michael Lee May 29, 2012 4:53 AM PDT 8 CommentsFacebook24Twitter71Linked In19More

The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it? Several security research firms, including Symantec, Kaspersky, and McAfee, have been hard at work analyzing a specific piece of malware in the past few days after the Iranian Computer Emergency Response Team posted an alert about malicious code designed to steal and exfiltrate information from infected computers back to a network of at least 10 command and control servers. However, as Budape”

The post Flame malware: So big, so overlooked | Security & Privacy – CNET News appeared first on Security Wandering.

<<< Tuesday, May 8, 2012 >>>   Java Drive-by Generator Posted by Karmina @ 15:27 GMT | Comments Ran across quite an interesting infection today. I visited a site that prompted me with a security warning about a ‘Microsoft’ application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.

After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.

The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.

Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around f”

The post Java Drive-by Generator – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

Breaking news Oracle v. Google jury returns partial verdict, favoring OracleShare: CNET News Security & Privacy New malware strain locks up computers unless ransom is paid A type of ‘ransomware’ hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog.

by Lance Whitney May 7, 2012 8:50 AM PDT 20 CommentsFacebook54Twitter71Linked In23More (Credit: abuse.ch) A campaign of ‘ransomware’ is locking people out of their computers unless they pony up the right amount of money. Spotted by security blog abuse.ch, the malware taps into an exploit kit known as ‘Blackhole.’ Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software'”

The post New malware strain locks up computers unless ransom is paid | Security & Privacy – CNET News appeared first on Security Wandering.

<<< Wednesday, May 2, 2012 >>>   Oxford Muses on Mac Flashback: Worst Outbreak Since Blaster Posted by Sean @ 14:25 GMT | Comments So how bad was last month’s Mac Flashback outbreak and who suffered the most? Our guess: it was bad, and university IT help desks. And it looks like our guess might not be far off the mark.

Oxford University Computing Services’ network security team (aka OxCERT) has written that they dealt ‘with what is probably the biggest outbreak since Blaster struck the Windows world all the way back in the summer of 2003.’

OxCERT dealt with around 1000 incidents for Blaster. They’ve seen several hundred Flashback incidents… ‘and they keep on coming.’

Other institutions, such as The University o”

The post Oxford Muses on Mac Flashback: Worst Outbreak Since Blaster – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

” Air Ground Sea Space Spec Ops Spies Weapons Gear News Cyber Wars About

Home » Air » How to Sneak a Claymore Onto a Flight How to Sneak a Claymore Onto a Flight

Well, this is embarrasing. In addition to patting down harmless old ladies and small children in the name of security, the TSA is also really good at letting Claymore antipersonnel mines through its screenings. Yup, TSA agents at Newark International Airport in New Jersey stopped an employee of the Army’s Picatinny Arsenal with two inert Claymores in her carry-on baggage (well done, TSA) but they failed to detect a third mine that was being loaded into the plane’s hold inside her checked bags (doh!).

A: What was she thinking even trying to bring these aboard an airplane

B: Thank God these were inert mines and not real explosives.

This reminds me of an experience I had at Oakland International years ago (actually, it was the day the TSA freaked out about liquids aboard flights) where a TSA agent found an antique lette”

The post How to Sneak a Claymore Onto a Flight | Defense Tech appeared first on Security Wandering.