I want to raise your awareness to 3 pieces of important security news this week. Investigative journalist Brian Krebs exposed unlawful surveillance of Android and IOS users in the US. Samsung disclosed critical vulnerabilities on millions of mobile devices and the details of the United Healthcare data breach came to light with the disclosure of 100 million US citizens’ personal and health data.

Mobile Phone Privacy:

Brian Krebs goes into great detail in his article about how US marketing companies track people around the country using mobile phone identifiers and mobile advertising systems to make people’s’ names and location information available to almost anyone. Users should take action to limit their exposure and protect themselves as best as possible.

Samsung Vulnerabilities:

Samsung disclosed critical vulnerabilities in their mobile devices under active exploitation. This means attackers are using this vulnerability to take over Samsung devices such as the Galaxy S10, S20 and Note. Applying patches to these devices is critical to ensuring their security.

United Health Data Breach:

United Healthcare, the owner of Change Healthcare, a health tech company that suffered a Ransomware attack in February, began detailing the full extent of the data loss and exposure from the incident. The breach now looks to be the largest digital theft of US medical records and one of the biggest data breaches in history. The exposed data includes personal and medical records of more than 100 million US citizens. People need to be aware of the breach and take action to protect themselves from fraud. The exposed data can be weaponized to perpetrate fraud and take advantage of vulnerable people.

What do I need to do?

• Mobile Phone Privacy: 
  • Users should take action to update their mobile phone privacy and location settings. Brian Krebs goes into detail on the best course of action in his article here.
  • Do not post your mobile phone number publicly or post in public directories. If you require sharing your mobile phone number publicly or semi-publicly, consider setting up Google Voice number that can be more safely published.
• Samsung Vulnerabilities:
  • If you or your staff have Samsung mobile devices, make sure to check for and install the latest patches using these linked instructions.
• United Health Data Breach:
  • Make sure the people around you know about the breach and to be on the defense against schemes using disclosed private information to manipulate and defraud them.
  • The best protection we have to safeguard our finances is establishing a credit freeze. EVERYONE should do it. There is no cost to enabling a credit freeze, it’s easy to do and ensures your credit and identity are protected from further or future compromise.
    • Equifax Credit Freeze: https://www.equifax.com/personal/credit-report-services/credit-freeze/
    • Experian Credit Freeze: https://www.experian.com/freeze/center.html
    • TransUnion Credit Freeze: https://www.transunion.com/credit-freeze

Additional Resource and Details:

• Mobile Phone Privacy: https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/#more-69216
• Samsung Vulnerability: https://www.pcmag.com/news/update-now-some-samsung-devices-have-urgent-security-flaw
• Samsung Vulnerability: https://www.forbes.com/sites/zakdoffman/2024/10/22/new-google-warning-for-samsung-users-update-to-galaxy-s24-z-fold6-z-flip6/
• United Health Breach: https://techcrunch.com/2024/10/24/unitedhealth-change-healthcare-hacked-millions-health-records-ransomware/
• United Health Breach: https://techcrunch.com/2024/02/21/change-healthcare-cyberattack/

As always if you have any questions or concerns about this latest security disclosure, please feel free to reach out.