Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label New York. Show all posts

Medical Firm Data Breach Impacts Nearly 4 million New Yorkers

 

Sensitive personal data belonging to at least 4 million New Yorkers in New York City and Syracuse was compromised in a data breach at Nevada-based Perry Johnson & Associates (PJ&A), a provider of medical transcription services.

PJ&A's systems were first breached in May 2023, although the breach was only recently made public. Hackers gained access to personal information including Social Security numbers, names, addresses, dates of birth, hospital account numbers, medical record numbers, admission diagnoses, dates and times of service, and insurance details in addition to medical and clinical data. 

Attorney General of New York Letitia James warned residents this week to take safety measures against identity theft and fraud if they have received a notification from PJ&A regarding a data breach. Northwell Health, the biggest healthcare provider in New York, and Crouse Health, located in Syracuse, are among the affected healthcare providers. 

There is a risk of confusion when a data breach occurs at a business associate and the business associate publishes notifications. Individuals who receive notification letters are unlikely to be aware that the business associate has access to their data, and they may even dismiss the letter as a scam and take no action. Several people took to Reddit to seek answers after receiving notification letters from PJ&A, as they were unsure whether the letters were legit.

Attorney General James issued an alert to notify those in New York that their data could be misused. “I urge all New Yorkers affected by this data breach to stay alert and take these important steps to protect themselves,” stated Attorney General James. “Bad actors can use the stolen information to impersonate individuals or cause financial harm. Identity theft is a serious issue, and my office will continue to take action to keep New Yorkers safe.” The same warning applies to all Americans who receive a notification letter. 

The recommended courses of action include getting copies of medical records from pharmacies, health insurers, and healthcare providers and examining them for anything that seems off, as it may indicate medical identity theft; using credit monitoring services to track credit reports and generate alerts when a change is made to a credit file; putting a credit freeze on credit reports to guarantee that new credit accounts cannot be opened; and placing fraud alerts on credit reports to inform lenders and creditors to take additional steps to verify an identity before issuing credit.

GPS Warfare: Ukraine-Israel Tensions Raise Alarms

GPS is used for navigation in almost every device in this age of rapid technological development. Israel may have been involved in recent GPS jamming and spoofing occurrences in Ukraine, according to reports that have revealed a worrying trend. These accidents constitute a serious threat to the worldwide aviation sector and a topic of regional concern. 

The New York Times recently reported on the growing instances of GPS disruptions in Ukraine, shedding light on the potential involvement of Israeli technology. According to the report, Israel has been accused of jamming and spoofing GPS signals in the region, causing disruptions to navigation systems. The motives behind such actions remain unclear, raising questions about the broader implications of electronic warfare on international relations. 

The aviation sector heavily relies on GPS for precise navigation, making any interference with these systems potentially catastrophic. GPS jamming and spoofing not only endanger flight safety but also have the capacity to disrupt air traffic control systems, creating chaos in the skies.

The aviation industry relies heavily on GPS for precision navigation, and any interference with these systems can have dire consequences. GPS jamming and spoofing not only jeopardize the safety of flights but also can potentially disrupt air traffic control systems, leading to chaos in the skies.

The implications of these incidents extend beyond the borders of Ukraine and Israel. As the world becomes increasingly interconnected, disruptions in one region can reverberate globally. The international community must address the issue promptly to prevent further escalations and ensure the safe operation of air travel.

Governments, aviation authorities, and technology experts need to collaborate to develop countermeasures against GPS interference. Strengthening cybersecurity protocols and investing in advanced technologies to detect and mitigate electronic warfare threats should be a priority for nations worldwide.

Preserving vital infrastructure, like GPS systems, becomes crucial as we manoeuvre through the complexity of a networked world. The GPS jamming events between Israel and Ukraine serve as a sobering reminder of the gaps in our technology and the urgent necessity for global cooperation to counter new threats in the digital era.

Analyzing Android and iOS Cybersecurity Vulnerabilities

In the ever-evolving landscape of mobile technology, the debate surrounding the security of Android and iOS operating systems continues to captivate the tech community. With cyberattacks becoming increasingly sophisticated, understanding which platform, Android or iOS, is more vulnerable to such threats is a crucial concern for users worldwide.

Making considerable progress in strengthening their security mechanisms over time, both Android and iOS have been shown by a thorough investigation conducted by MakeUseOf. There is a report indicating that Android has a higher attack surface because it is an open-source operating system. This feature may increase its vulnerability to virus assaults and unapproved software installations. Reiterating that Android's open ecosystem can draw the attention of more cybercriminals, top cybersecurity firm Kaspersky supports this idea.

As the Kaspersky information center discusses, iOS, on the other hand, has a strict app review procedure that makes it more difficult for malicious apps to enter the App Store. This thorough screening process helps to create the impression that iOS is a more secure platform by serving as a barrier against potentially dangerous software.

Recent remarks made by well-known businesspeople stoke the controversy even further. According to YourStory, the head of Instagram said that Android had better security than iOS. He cited the flexible security features and strong encryption methods of Android as factors that have improved its security profile. But considering Android's greater user base, it's also crucial to recognize that this viewpoint might be influenced by business reasons.

The Wirecutter of the New York Times highlights in its thorough analysis how crucial frequent updates are to maintaining security. iOS has an advantage here since Apple's closed environment allows it to quickly release updates to its devices. Since multiple manufacturers and carriers are involved in the update process for Android, iOS is able to quickly address security flaws, giving it an advantage over Android.

In terms of cyberattack susceptibility, there is no clear winner between Android and iOS. The security features and vulnerabilities of each operating system are distinct. While iOS's closed environment gives tighter control and faster updates, Android's openness lets it be more flexible but also attracts more dangers. Selecting a platform requires users to take into account their usage habits, preferences, and risk tolerance. Both Android and iOS will probably keep improving their security features as cyber threats continue to change in order to dominate the digital security space.


BreachForums Mastermind Pompompurin Arrested in New York

 


Earlier this week, U.S. law enforcement officials arrested a New York man as part of their efforts to crack down on the infamous hacking forum BreachForums, which was run by an individual who used the alias “Pompompurin.”

According to Bloomberg Law, a federal investigator spent hours inside as well as outside a Peekskill home earlier this week following reports from News 12 Westchester that federal investigators “had spent hours inside and outside a home in Peekskill.”

Several bags of evidence were removed by investigators from the house at one point, according to a local news service based in New York. 

The suspect has been identified as Conor Brian Fitzpatrick as per an affidavit filed by the Federal Bureau of Investigation (FBI). He also admitted to owning the BreachForums website according to the affidavit. 

A special agent of the FBI, John Longmire, stated that the defendant's statements to him on March 15, 2023, showed that: 

a) he was Conor Brian Fitzpatrick; 
b) he referred to himself as 'pompompurin,' and 
c) he owned and administered a website called 'BreachForums.' He was the owner and administrator of that website. 

A conspiracy charge against Fitzpatrick has been filed on behalf of a salesperson in connection with unauthorized access to devices sold by him to individuals. It was announced that the defendant would be released from jail a day later after his parents signed a bond for $300,000. The District Court for the Eastern District of Virginia plans to see him on March 24, 2023, at a hearing scheduled to take place there. 

Along with not being able to obtain a passport or other international travel documents, Fitzpatrick is being prohibited from contacting any of his co-conspirators, or using narcotics or other controlled substances unless he has a prescription from a licensed medical practitioner, among other restrictions. 

A coordinated law enforcement operation in March 2022 led to the seizure of the control of RaidForums and the emergence of BreachForums last year. Security firm Flashpoint said at the time that popompurin stated in the threat actor's welcoming thread that BreachForums was not affiliated with RaidForums in any way. 

Because this forum has been hosting stolen databases belonging to several companies, which often include personal information that can be sensitive, the forum has gained notoriety since it was founded. 

A forum user named Baphomet, who was on the forum after Fitzpatrick's arrest, said they owned the website and that Fitzpatrick was the owner. In their report, they noted that no evidence was found that the breached infrastructure had been accessed or modified in any way by anyone. 

In the latest development, the Cyber Police of Ukraine announced the arrest of a 25-year-old developer who had created what they believe was an "app" for gaming, which infected over 10,000 computers with a remote access Trojan.

New York tax Fraudster Sentenced to 12 years in Prison for Child Data Theft Ring

 

A court in the United States has sentenced New York resident Ariel Jimenez to 12 years in prison for stealing the identities of thousands of children on welfare and using those identities to falsely claim tax credits on behalf of his customers. 

The clients of Jimenez exploited the stolen identity data which included names, dates of birth, and social security numbers to add the children fraudulently as dependents on their tax returns to receive a refund when they filed their taxes. 

Ariel Jimenez, 38, of the Bronx, New York started the fraud ring in 2007 and is believed to have made millions of dollars. With the assistance of his co-conspirators, Jimenez began to sell the identities of hundreds of vulnerable children (siphoned by a New York City's Human Resources Administration fraud investigator) to thousands of people profiting from this fraudulent operation. 

"While working at the HRA, CW-1 obtained children's names and identifying information from the Welfare Management System and sold those names to [..] the defendant," court documents explained. The investigation by IRS-CI has revealed that the defendants engaged in large-scale identity theft and tax fraud schemes through which (a) identifying information of minors, including names, dates of birth, and SSNs, was obtained, including through payments to a corrupt New York City employee." 

The fraudster demanded a cash fee, on top of tax preparation charges, to "prepare and file tax returns that falsely claimed that the individual taxpayer had one or more minor dependents, to take fraudulent advantage of at least one tax credit, thereby inflating the refund paid to the taxpayer." 

He used the profits from his tax fraud operation to acquire millions of dollars of real estate and fund his lavish lifestyle. By his own admission, JIMENEZ spent more than $5.5 million to buy worldwide real estate, cars, jewelry, and in gambling. 

The defendant was first arrested in November 2018 along with multiple co-conspirators, including his sisters Evelin Jimenez and Ana Yessenia Jimenez. He was convicted in February this year of aggravated identity theft, fraud, and money laundering crimes following a two-week jury trial. 

The judge in charge of this case sentenced the fraudster to 12 years in prison on Monday and ordered him to pay $14M in damages, turn over numerous properties, and pay over $44M in restitution. 

"Ariel Jimenez's tax and identity theft crimes cruelly forced his victims to endure bureaucratic snafus and agonizing delays for their much-needed tax refunds," U.S. Attorney Damian Williams stated earlier this year in February. 

"Today's sentence holds Jimenez accountable for brazenly selling the identities of children to his customers for his own profit," Williams further added.

New York Launches $30 Million Shared Services Program to Enhance Cyber Defense

 

Local counties in New York will receive resources and aid to mitigate cyberattacks under a shared services program, Gov. Kathy Hochul announced last week. 

The $30 million shared services program is meant to assist local counties and the State’s preliminary Joint Security Operations Center (JSOC) partners: the Cities of Albany, Buffalo, Syracuse, Rochester, and Yonkers. 

"My administration is laser-focused on providing cyber security resources for local governments," Hochul stated. "By launching this new $30 million program, we are bolstering the state's capabilities to respond to the evolving threat of cyberattacks and strengthening our ability to protect New York's institutions, infrastructure, citizens, and public safety." 

The local counties and JSOC partners will receive CrowdStrike endpoint detection and response services for no cost. The technology offers real-time monitoring of potential cyber threats. 

"We know local governments remain vulnerable to cyberattacks which can cripple critical systems that New Yorkers rely upon," said Jackie Bray, the commissioner of Homeland Security and Emergency Services. "As part of the governor's shared services plan, we are now offering reliable protection services to every county in the state. This is an important step forward in enhancing our cyber defenses and building out our JSOC partnerships." 

The JSOC, launched earlier this year by Governor Hochul, is a Brooklyn-based office staffed by each bodily and digital contributor from throughout the state. The middle is designed to boost defenses by permitting cyber groups to have a centralized viewpoint of risk knowledge, leading to higher collaboration between authorities’ partners on intelligence, response occasions, and remediation within the occasion of a cyber incident. 

With cyberattacks taking place every 40 seconds around the globe, and NYC being frequently targeted, the shared services program will help in boosting the cyber defenses of the state. Last year, Buffalo Public Schools suffered a ransomware attack, exposing students’ and families’ private data to hackers. 

And that’s just a fraction of the entities, small and large, that have been victims of cybercrime in New York. In 2014, the 8,000-person village of Ilion in Herkimer County paid $800 in ransom to regain access to its computer system after innocent-looking emails delivered malware to unsuspecting village employees.

Cyberattack in New York City, Sensitive Data of 820,000 Students was Exposed

After a digital education network used by dozens of city schools revealed hackers acquired access to confidential information of 820,000 present and former classmates during a January breach, the mayor of New York City and several education officials expressed strong outrage. 

The incident occurred in January, according to the city's Department of Education, when an internet grading system and attendance system utilized by many public schools was hijacked. 

Hackers might have gotten names, nationalities, birthdays, first languages, and student ID numbers from those platforms, as well as sensitive data including whether children used special education or free lunch programs.

The hack affected both present and former public school pupils dating back to the 2016-17 scholastic year. 

Officials from the California-based firm behind the system, Illuminate Education, have lambasted it for allegedly falsifying its cybersecurity measures. The corporation hasn't said what, if anything, was done with the information. The Department of Education has requested the NYPD, FBI, and state attorney general examine the incident. 

The regional director of K12 Security Information Exchange, Doug Levin, told the New York Daily News, "It can't remember of another school system which has had a student data leak of magnitude originating from one occurrence." 

The DOE said it will work with Illuminate in the coming weeks to send individualized letters to the families of each of the roughly 820,000 kids affected by the hack, detailing what data was exposed. According to school officials, Illuminate will likely fund a credit-monitoring program for affected kids, and will now be vulnerable to identity theft.

Chancellor of the New York City Schools, David Banks, has asked for a probe of Illuminate Education's cybersecurity safeguards, pushing the state's education agency to inquire into it.

DMV Warns New Yorkers of Text Phishing Schemes

 

The New York State Department of Motor Vehicles cautioned New Yorkers of progressing text message phishing schemes. These counterfeit text messages request that recipients update their driver's license contact data, with the messages connecting to a fake DMV site. Utilizing the progressing adoption of the REAL ID Act of 2005 trying to make the scam sound authentic, the attackers have utilized three explicit text phishing messages, said the New York State Department of Motor Vehicles (DMV). 

The New York DMV released three sorts of text phishing messages that fill in as the initial salvo in this attack.

 • The primary assault message illuminates the recipient in broken English that anybody holding a driver's license must "update their contact to compliance regulation agreements.” 

• The following text phishing message accomplishes something similar, advising the recipient they need to change their mailing and contact data to accelerate compliance with new ID guidelines. This rendition of the plan refers to REAL ID by name.

 • The last text message parrots the past two iterations however utilizes the most broken grammar of the three. 
Each three of the driver's license phishing messages diverts to a phony DMV site intended to steal data. 

New York State DMV cautioned of a similar text phishing assault in October 2020. In that case, threat actors were utilizing scam text messages to divert clients to a phony DMV site. On the off chance that somebody clicked on it, the attackers could target them with identity fraud or malware. In another situation, a text phishing scam utilized a pandemic alleviation payment as a cover story. The assault message informed the recipient, they were qualified for $600 on the off chance that they clicked on the embedded link. These attackers utilized caricaturing strategies to mask their message as true correspondence from New York's Department of Labor. 

These assaults feature the requirement for employers to protect themselves against phishing assaults professing to be government messages. They can do such by putting resources into making a security awareness training program. Seeing phishing assaults in a test setting can teach representatives about some of the most common types of scams being used today, as well as emerging campaigns. Employers can likewise consider utilizing phishing prevention technical controls.

Teen sues Apple for $1 billion over Face-recognition software




A student in New York has sued Apple Inc for $1 billion, over the company’s facial-recognition software which falsely linked him to a multiple of thefts from the Apple stores. 

According to the victim, Ousmane Bah, 18,  he was arrested from his home in November and was charged with stealing from an Apple store. 

In a law suit filed by him on Monday, states that even the photo on the arrest warrant didn’t resembles him, and the theft he was charged with, in Boston, took place on the day in June he was attending his senior prom in Manhattan.

It is not clear yet how real thief is using his identification details in the Apple store. However, he did admit that he lost his a non-photo learner’s permit, which may have been found or stolen by the thief and being used as identification proof in Apple stores. 

As a result, the victim claim that his identification details are  connected to the thief’s face in Apple’s facial-recognition system, which he said the company uses in its stores to track people suspected of theft.

“He was forced to respond to multiple false allegations which led to severe stress and hardship,” states the complaint.