So should we expect a critical mass of consumers to walk away from organizations because their mobile health apps
do not have the level of security protection they expect? Based on these research findings, perhaps. When put to the
test, the majority of mobile health apps failed security tests and could easily be hacked. Among 71 popular mobile
health apps tested for security vulnerabilities, 86% were shown to have at least two OWASP Mobile Top 10 Risks

Such vulnerabilities could allow the apps to be tampered and reverse-engineered, put sensitive health information in the
wrong hands and, even worse, potentially force critical health apps to malfunction. Surprisingly, US Food and Drug
Administration (FDA)-approved apps and formerly UK National Health Service (NHS)-approved apps were among the
vulnerable mobile health apps tested, indicating that there is more work to be done by governing bodies to better
understand the cybersecurity threats to mobile apps and improve the minimum acceptable security standards or
regulations for mobile app development.

Source: State_of_Application_Security_2016_Healthcare_Report.pdf

(pdf)

The French government has rejected an amendment to its forthcoming Digital Republic law that required backdoors in encryption systems.

Axelle Lemaire, the Euro nation’s digital affairs minister, shot down the amendment during the committee stage of the forthcoming omnibus digital bill, saying it would be counterproductive and would leave personal data unprotected.

“Recent events show how the fact of introducing faults deliberately at the request – sometimes even without knowing – the intelligence agencies has an effect that is harming the whole community,” she said according to Numerama.

“Even if the intention [to empower the police] is laudable, it also opens the door to the players who have less laudable intentions, not to mention the potential for economic damage to the credibility of companies planning these flaws. You are right to fuel the debate, but this is not the right solution according to the Government’s opinion.”

Source: French say ‘Non, merci’ to encryption backdoors

Het virus sloeg als eerste toe op de afdeling pathologie en verspreidde zich razendsnel over het ziekenhuis-netwerk. Hierdoor moesten veel medewerkers een hoop handelingen handmatig uitvoeren.

Processen als bloed- en weefselverwerking konden niet meer worden uitgevoerd door de computers en ook de verpleegsters moesten samenwerken met de afdeling die het eten verzorgde om ervoor te zorgen dat alle patiënten de juiste maaltijd kregen aangezien de computers, die alle patiëntdossiers bevatte, ook waren besmet.

Source: Chaos en ellende in ziekenhuis dankzij Windows XP-virus

The information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client’s version, compiler, and operating system) allows a malicious SSH server to steal the client’s private keys,” Qualys said in its advisory. “This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly.” There was a second vulnerability patched as well, a buffer overflow in the

Source: OpenSSH Private Crypto Key Leak Patch | Threatpost | The first stop for security news

ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file – for example, KDE Dolphin thumbnail generation is enough. Desktop search indexers (i.e. baloo) could be affected. ffprobe is affected, basically all operations with file that involve ffmpeg reading it are affected

Source: Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines – Updated

The investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015. A small percentage of the at-risk cards were used at spas, golf shops, parking, and a limited number of front desks, or provided to a sales office during this time period. The at-risk window for a limited number of locations began on or shortly after July 30, 2015.The malware was designed to collect payment card data – cardholder name, card number, expiration date and internal verification code – from cards used onsite as the data was being routed through affected payment processing systems

Source: Protecting Customer Information