Jan 192018

Jessica Davis reports:

Maryland-based CareFirst has filed a final appeal to the U.S. Supreme Court to hear its data breach case, arguing that without a high court review, companies in every sector will be hit with a “flood” of data breach lawsuits in the future.

The appeal stems from a decision by the U.S. Court of Appeals in the District of Columbia in August that allowed the 1.1 million members impacted by CareFirst’s data breach in 2014 to pursue a lawsuit against the company.

Read more on Healthcare IT News.

Jan 192018

Those of you who are old enough to remember the Rebecca Schaeffer murder may see some similarities in this case.

Jiji Press reports:

A branch of Yokohama District Court on Monday ordered the city of Zushi, Kanagawa Prefecture, to pay ¥1.1 million in damages for leaking information that led to the murder of a 33-year-old woman by a stalker.

The victim, Rie Miyoshi, was stabbed to death at her home in Zushi on Nov. 6, 2012. The stalker, her former boyfriend, obtained her address from the city government through a private detective. The stalker, 40, killed himself at the murder scene immediately after taking her life.

Read more on The Japan News.

Jan 192018

More entities are falling prey to SamSam ransomware. Hannah Grover reports:

The city of Farmington is returning to normal after a variant of the ransomware known as SamSam shut down the computer systems.

The virus encrypts files on a computer network or locks down the entire system. When people attempt to log on, they receive a message informing them that the files have been hijacked and they will have to pay to get them back.

City Manager Rob Mayes said via text message that the FBI advised the city not to pay the 3 bitcoin — worth more than $35,000 — ransom that was demanded. Mayes said the city was able to recover the encrypted information without paying ransom.

Many of the business operations computers were encrypted on Jan. 3 by a variance of the SamSam ransomware.

Read more on Daily Times, who were able to obtain a copy of the ransom message, reproduced below:

Ransom message received by City of Farmington, NM

The city’s press release of January 17, informed the community, but does not seem to disclose how the malware got into the system. Was this another phishing situation? They may not have been able to answer that question yet:

Farmington, NM: The City of Farmington continues to work with the FBI and other outside services to investigate the cause and originating location of the ransom ware that encrypted many business operations computers on January 3, 2018.  Information Technology (IT) personnel have been able to confirm that the City was attacked by a variance of the SAMSAM ransom ware.

The City apologizes for the temporary inconvenience our customers may have experienced during this time.  Nearly all business systems related to customer service operations have been restored.

While the FBI has confirmed that attacks like this are happening all over the world on a daily basis, the City would like to emphasize:

  • No City customer or employee personal information was extracted
  • The City’s public administration system was not affected
  • There was no breach of any electric utility operations systems
  • There was no interruption of any public safety services
  • City email systems were not affected and are safe

The City of Farmington invests significant resources in the latest technology in virus defense, including specific ransom ware software and multiple levels of virus protection. The City has enlisted additional outside resources to review security protocols and make recommendations regarding any improvements that may be implemented.

via @CampusCodi, who provides additional details on the profit the criminals seem to be reaping since December.

Update:  The Allscripts incident has also now been confirmed to have involved SamSam, and as also covered previously on this blog, we know that the Hancock Regional Hospital and Adams Memorial Hospital incidents also involved SamSam.

Jan 182018

Tara Seals reports:

MailChimp, the bulk email company responsible for sending millions of newsletters, promotional mail and other mass communiques every day, has been leaking respondents’ email addresses.

Security researcher Terence Eden found what he termed “an annoying privacy violation,” adding that the issue can expose personal information. The issue is this: When a respondent clicks a link in a MailChimp email, the browser opens the link and sends the newly visited webpage what is known as a “Referer Header” (the misspelling is intentional).

“This says, ‘Hello new site, I was referred here by this previous website,’” said Eden, in a blog. “This has some privacy implications – the administrator of a website can see which website you were on. Usually this is fairly benign, but it can leak sensitive information.”

Read more on InfoSecurity.

Jan 182018

A friend tweeted to me tonight:

Indeed we do.

Carly Page reports:

One in four ethical hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.

That’s according to HackerOne’s ‘2018 Hacker Report‘, which surveyed 1,698 members of the hacking community – making it the largest documented survey ever conducted of the ethical hacking community.

One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).

This doesn’t mean the hackers don’t try – with HackerOne noting that many attempt to contact firms via social media and email but are “frequently ignored or misunderstood.”


Read more on Inquirer.net.  And keep in mind that the rate of reporting will drop and/or be chilled if law enforcement treats ethical hackers or greyhats like blackhats and attempts to prosecute them.  Our federal hacking statute, CFAA, needs updating and revision and the revisions need to provide protection to researchers who attempt to responsibly disclose what they have found.