CSS News Round-Up: One Billion Phones Vulnerable to Hidden Phone Hack

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecure. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

One Billion Phones Vulnerable to Hidden Phone Hack

An exploit used against mobile phones called Simjacker could affect a billion phones worldwide regardless of cellular carrier, says Naked Security. All it requires is attackers sending a text message that doesn’t even show up for the user. Researchers that discovered the vulnerability state that it is thought to have been used by a hacking group over the last two years. It is likely, however, that it has been used since 2011, the article notes.

Database Exposes Data on Ecuador’s Children, Cars Owners, and More

A misconfigured database left 20.8 million Ecuadorian user records exposed, with 6.7 million of them being children, says ZDNet. The exposed information includes full names, places of birth, addresses, birth dates, work information, phone numbers, and more. Additionally, the article notes, car ownership and financial data were included as well. Records of deceased persons were involved along with recently born children. Researchers were able to track the records back to a company called Novaestrat, who were nearly impossible to contact but eventually secured the database last week, says the article.

Update: According to Dark Reading, consulting firm Novaestrat was confirmed as the owner of the database. The manager of the company, William Roberto G, has been arrested as a result of the incident. The investigation will continue.

737 Million Medical Images Leaked Online

According to Naked Security, researchers found 590 internet-accessible medical archives that possessed 24 million medical records belonging to 52 different nations. 737 million images were included with this data. The images included CT and MRI scans, x-rays, and more, and the majority of them were able to be downloaded and viewed with ease with a software that is readily available. 45.8 million of the medical images were from the United States—far more than the 5,000 that came from the UK, Naked Security says. Medical data exposed related to the images can include names, birth dates, procedure type, investigation scope, physician names, clinic, and more, the article notes.

Cybersecurity Company Employees Found Breaking Into Courthouse

After a courthouse client of a cybersecurity company called Coalfire requested testing of their records system to eliminate vulnerabilities, says Info Security Magazine, two company employees were found breaking into the courthouse at 1:00am. The employees, Gary Edward Demercurio and Justin Lawson Wynn, claimed that they were merely testing the building’s security based on client requests. The courthouse has stated that they had not requested physical security tests and Coalfire is unable to comment yet, the article states. Demercurio and Wynn were released on bond and have a September 23rd court date.

Leader of Major Credit Card Hacking Group Pleads Guilty

Fedir Hladyr, one of the leaders of the hacking group Fin7 pleaded guilty to two federal charges related to wire fraud and hacking computers. The group has stolen 15 million payment cards through spear-phishing attacks against casinos, restaurants, and hotels, according to Bank Info Security. Over a three year period, the article states, the group’s thefts created $100 million in losses. In addition to the charges, Hladyr will pay a restitution payment of $2.5 million. The charges may bring Hladyr’s sentence to 20 years at the most in addition to a five-year penalty.

Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.