NEWS THIS WEEK: Scammers target hurricane victims; pacemakers at risk of being hacked; Tillerson signals closure of cybersecurity office

September 2nd, 2017

By Byron V. Acohido

Scammers are using robocalls to try to fleece survivors of Hurricane Harvey. The robocalls tell people that their premiums are past due and that they must send money immediately or else have their flood insurance canceled. “That is pure fraud. You should only be taking information from trusted sources,” said Roy E. Wright, director of the National Flood Insurance Program at the Federal Emergency Management Agency. Saundra Brown, who handles disaster response for Lone Star Legal Aid in Houston, described a typical move by dishonest contractors: They ask a survivor to sign a contract for repairs on a digital tablet, but when printed out, the bid is thousands of dollars higher. Or the survivor may have unwittingly assigned FEMA disaster aid over to the scammer. Source: The Washington Post

Pacemaker patients could be at risk for hack

Nearly a half-million pacemaker patients could be at risk for cyber attacks thanks to a known security vulnerability, according to an alert from the Food and Drug Administration. The FDA issued an alert regarding manufacturer Abbott Laboratories’ recall notice affecting six pacemaker devices. The FDA has issued safety communications recalls like this in the past, but this is the first to affect implanted devices, said Josh Corman, director of the Cyber Statecraft Initiative at the Atlantic Council. Abbott said it would issue updates to reduce the risk of its St. Jude heart implants being hacked and to warn patients that the devices’ batteries may run down earlier than expected. Sources: FCW, Reuters

Some Instagram users’ phone numbers, emails exposed

Instagram, the 700 million-user photo-sharing service owned by Facebook, informed some users that hackers gained access to phone numbers and emails of high-profile accounts. The attack came through Instagram’s API, or its software that allows other sites and apps to connect with it. The company said the bug was fixed within a few hours of being identified. Source: CNet

Secretary of State confirms plans to close cybersecurity office

Secretary of State Rex Tillerson has outlined a reorganization plan that would close the State Department office charged with promoting U.S. cybersecurity interests abroad. In a letter to Senate Foreign Relations Committee Chairman Bob Corker, R-Tennessee, Tillerson confirmed his proposal to eliminate the position of cybersecurity coordinator and fold the functions of the cyber office into a bureau in charge of business and economic affairs. Source: The Hill

Hackers steal 2 million CEX customers’ data

Hackers broke into the systems of gaming store CEX and stolen the details of 2 million customers, including personal information and some financial data. CEX, which sells secondhand electronics and video games, said it was contacting 2 million customers of its WeBuy.com online shop who potentially could have been affected by the cyber attack. The information stolen included names, addresses, email addresses and some phone numbers, as well as a small number of encrypted credit card details. Source: The Telegraph

Siemens partnership aims to protect automated equipment

Siemens is entering into a global partnership with the International Society of Automation to develop cyber-protection concepts for industrial plants. The global technology company plans to share expertise in protecting the automation environment based on IEC 62443, the worldwide standard for security of the Industrial Automation & Control Systems in the Operational Technology domain of an organization. Source: Port Technology

DHS wants to strengthen cyber-product supply chains

The Homeland Security Department is trying to alleviate concerns about where commercial cybersecurity products are developed. DHS is adding more rigor to vendor supply chains for a governmentwide cybersecurity initiative. Kevin Cox, program manager of the continuous diagnostic and mitigation program at DHS, said an updated supply chain risk-management plan should help agencies be more confident in the cybersecurity products and services they are buying. Source: Federal News Radio

Spambot program exposes 711 emails, some passwords

A spambot computer program, which harvests email addresses to send spam messages, has exposed 711 million email addresses and a number of passwords. Security researcher Troy Hunt said it was the largest set of data he has ever uploaded to his site, “Have I Been Pwned?” The site allows people to enter their email or username to see if they have been compromised. “Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” Hunt said. Source: NBC News

Aetna accidentally discloses some patients’ HIV status

Insurer Aetna inadvertently revealed the HIV status of some clients in a mailing about medication for the disease sent to about 12,000 people. The beginning of the letter, informing patients about options under their Aetna plan when filling their HIV prescriptions, was in some cases visible below the person’s name and address on the envelope, through a large plastic window. The insurer, which informed customers of the breach in a second letter and apologized, said a vendor, which it didn’t identify, was responsible for the July 28 mailing. Source: Time magazine

Soccer team Real Madrid’s Twitter account hacked

Real Madrid’s official Twitter account was hacked, with a false post welcoming Lionel Messi to the club on their feed. Days after Barcelona’s account was taken over by hackers OurMine, which announced Angel Di Maria had joined the club as a hoax, the group was at it again. A post on Real’s Twitter said: “Benvingut Messi! B!Bienvenido Messi! Welcome Messi! Bienvenue Messi! £Messi.”The post went viral, with over 27,000 retweets in 45 minutes. Source: The Independent

Uber backs off plan to track users after they get out of cars

Uber will reverse a controversial decision to collect users’ location information after their trip ends. Chief security officer Joe Sullivan said the company would restore the ability of users to share location data only when they are using the Uber app. The post-trip tracking feature was enabled by Uber last November, after an app update asked users to choose between being tracked always or never, instead of the prior ability to share location only “when using the app.” Users selecting “never” would have to manually enter all their pick-up and drop-off locations—meaning opting out of the feature resulted in a significantly degraded user experience. Source: Tech Crunch

Software upgrade at hospital results in breach of patients’ data

As many as 8,862 people may have had their personal information compromised because of a data breach at Silver Cross Hospital in New Lenox, Illinois. Silver Cross discovered in June that some patient information may have leaked onto the internet after a vendor that manages parts of its website upgraded its software. The upgrade may have reconfigured some security settings, resulting in the breach. Source: Chicago Tribune

Selena Gomez, Justin Bieber latest celebrities to be embarrassed in hack

 Selena Gomez’s Instagram account was hacked, and used to post nude pictures of her ex-boyfriend Justin Bieber. The account was quickly shut down, and then reinstated after removing the explicit images. Source: CBS News

This article originally appeared on ThirdCertainty.com