10Fold – Security Never Sleeps – 45

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerThe private health information of more than 91,000 Medicaid clients were compromised when an investigation found a data breach that involved two state employees in Washington. Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates.  Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Microsoft has released its latest update for Windows 10 and for the first time is giving details of what specific changes are made each time one updates their Operating System (OS).

Data Breach Compromises Personal Data, Health Information of 91,000 Medicaid Clients Publication: Tech Times Reporter name: Katherine Derla

The private health information of more than 91,000 Medicaid clients were compromised when an investigation found a data breach that involved two state employees. The employees – a brother and sister – swapped emails containing personal data and health information of Medicaid clients for almost two years. The affected clients are currently enrolled in the Apple Health Medicaid Program in the state of Washington. Their emails, which were sent from 2013 and 2015, enclosed the Medicaid clients’ date of birth, Social Security numbers, Apple Health identification numbers and other private health data.


“Huge” number of Mac apps vulnerable to hijacking, and a fix is elusive Publication: ARS Technica Reporter name: Dan Goodin

Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates. The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers. As a result, attackers with the ability to manipulate the traffic passing between the end user and the server—say, an adversary on the same Wi-Fi network—can inject malicious code into the communication.


Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years Publication: The Register Reporter name: John Leyden

Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Poseidon’s weapon of choice is custom malware, digitally signed with rogue certificates to bypass security checks and designed to steal sensitive data from infected systems. The code is written to hijack English- and Brazilian-Portuguese-language Windows PCs, a first in malware created by a gang for targeted attacks, according to security researchers at Kaspersky Lab. Once a computer is compromised, the malware reports to the command-and-control servers before rifling through the network. This phase will often involve automatically and aggressively collecting a wide array of information including login credentials, group management policies, and system logs to fine tune follow-up attacks. The hacking crew targets financial institutions as well as telecommunications, manufacturing, energy and media companies. Victims of this group have been found in the the United States, France, India and Russia, but the vast majority of marks are located in Brazil.


Windows 10 updates still largely opaque Publication: ZD Net Reporter name: Larry Seltzer

Microsoft has released its latest update for Windows 10 and for the first time is giving details of what specific changes are made each time one updates their Operating System (OS) . The Windows Update KB 3135173 also addresses a security problem in Edge along with the Internet Explorer 11 that allows dubious websites to run malicious codes and install malware. Some examples of the updates include: fixed issue that delayed the availability of songs added to the Groove Music app in Windows 10 Mobile, improved security in the Windows kernel, improved Silverlight performance, and fixed issue that didn’t allow a Windows 10 PC to remotely configure a server. That bulletin file and its associated KB file have a lot more information on the bug, reported to Microsoft by Rohit Mothe of VeriSign iDefense Labs, and on the update, such as what versions of Windows it affects, prior updates it replaces, whether there are workarounds and the specific files included in the update.