Friday Five: 8/12 Edition
It's Friday! Catch up on the top infosec headlines with our weekly news roundup.
1. Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected by Robert Abel
A new type of healthcare breach could affect 3.3 million people from a variety of health insurance providers, including Blue Cross Blue Shield. A hacker entered the database of service provider Newkirk Products through a third party’s admin portal, gaining access to all information that Newkirk provides on the health insurance cards that it issues. This is the most recent hack targeting health-related companies, including branches in Arizona, Ohio, and other areas of the United States. For more details on the Newkirk breach, read the original article.
Researchers at the University of Birmingham have discovered new flaws in Volkswagen‘s keyless entry system. One vulnerability would allow hackers to remotely unlock all cars produced by the company in the past twenty years, while another affects Volkswagen’s sub-brands. The research group, led by computer scientist Flavio Garcia, previously uncovered a vulnerability that would allow a hacker to remotely start and drive the car without the use of a key. This is not the first time that keyless entry systems have been found to be vulnerable, but it is one of the largest flaws revealed so far. For more information, and for access to the paper published by the researchers, read the full article.
3. Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea by Chris Williams
Microsoft has unwittingly created a leak that affects everyone who cannot disable Secure Boot on Windows computers. The company released special keys that allow for the installation of non-Redmond operating system. Microsoft has released a patch with additional policies in an attempt to prevent people from unlocking their devices, but experts believe that it will be impossible to completely recall the policy because it has already leaked onto the internet. For more information on Secure Boot and Microsoft’s keys, read the complete article.
According to the Australian Bureau of Statistics, The Australian census website was shut down by a chain of attacks from overseas hackers. Prime Minister Malcolm Turnbull assured the citizens that their personal information was not compromised. What people saw while on the website was a denial of service attempt. This year, an estimated 1/3 of the Australian population was predicted to complete the census online. Many of these citizens were frustrated that they were told to complete the census this past Tuesday, and were unable to do so. The investigation is still ongoing. For more information on this hack, read the full article on BBC.
An error in the Transmission Control Protocol that has been used by Linux since 2012 poses a serious threat to internet users, no matter if they use Linux or not. This weakness allows attackers to takeover users’ internet communications remotely. This access could then be used to launch targeted attacks to terminate communication, track users’ online activity, and lower the privacy guarantee. Linux uses Transmission Control Protocol to transfer data from one place to another. The problem is that there are now “side channels” that allow hackers to interfere with internet users’ communication. For more information about this opportunity for hacks, read the full article on CSO.