Breach at Premera Blue Cross Affects 11 Million

Hackers wriggled their way into the servers of health insurance provider Premera Blue Cross 10 months ago, and potentially exposed the information of 11 million members, employees and other associates. The provider announced yesterday that customer information, including names, dates of birth,...

Two Million Cars Using Wireless Insurance Dongle Vulnerable to Hacking

2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronical...

Holes in Progressive Dongle Could Lead to Car Hacks

A device that a popular car insurance company sends to customers to keep track of their driving and reduce their rate may be insecure and could be used to take control of a user’s vehicles. Progressive manufactures the device, a dongle called Snapshot that plugs into the OBD-II diagnostic port on...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, or 3 notes parameter to the client page; 4 insuname or 5 price parameter to the addinsurancecat page; or 6 status parameter to the...

CVE-2014-7102

The Car Insurance Quote Comparison aka com.seopa.quotezone application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Car Insurance Quote Comparison aka com.seopa.quotezone application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7102

The CVE-2014-7102 vulnerability affects the Car Insurance Quote Comparison (com.seopa.quotezone) Android app, version 2.3. The root cause is that the app does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

CVE-2014-6979

The MiWay Insurance Ltd aka com.MiWay.MD application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The MiWay Insurance Ltd aka com.MiWay.MD application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6979

The CVE-2014-6979 entry refers to the MiWay Insurance Ltd Android app (version 1.2) failing to verify X.509 certificates when connecting to SSL servers. This certificate validation bypass enables man‑in‑the‑middle attackers to spoof servers and obtain sensitive information via a crafted certifica...

CVE-2014-6979

The MiWay Insurance Ltd aka com.MiWay.MD application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Obamacare Marketplaces Could Improve Information Security

The health insurance marketplaces instituted by the Affordable Care Act and through which tens of millions of Americans have signed up for medical coverage, aren’t doing a bad job of securing sensitive personal information but they could certainly be doing a better job, according a new analysis. ...

Home Depot Data Breach Put 56 Million Cards at Risk

Home Depot confirmed this afternoon that the breach of its systems put approximately 56 million unique payment cards at risk, considerably more than the Target data breach. The giant home retailer disclosed on Sept. 2 that hackers had been on its network since April; by comparison, the Target...

Community Health Systems APT Data Breach Medical Espionage

At first blush, the Community Health Systems data breach by Chinese hackers seems to be an anomaly. State-sponsored attackers generally target intellectual property for the purposes of military or economic gain; stealing healthcare credentials and personal patient records seems incongruous. But...

What are Insurers really covering?

Across the country, executives and their boards saw the data breaches that occurred at large, well-run retailers and immediately began asking the right questions about their own systems and protections. The challenge for the insurance industry is that the plan for many of these companies seems to...

General Michael Hayden Talks about the Future of Cybersecurity at MIRcon 2013

When you've got some of the cybersecurity industry's best and brightest practitioners in one room, just how do you top the conversations they're having across the breakfast table? By getting one of the foremost experts on cybersecurity to deliver a top notch speech on the future of the industry,...

Threat Outbreak Alert: Fake Insurance Document Scan Email Messages on November 6, 2013

Medium Alert ID: 31659 First Published: 2013 November 6 17:35 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an insurance document for the recipient.The text in the email message attempts to convince the recipient to op...

CVE-2013-6284

Unspecified vulnerability in the Statutory Reporting for Insurance FSSR component in the Financial Services module for SAP ERP Central Component ECC allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."...

Nationwide, Allied Insurance Breach Hits 1.1 Million Users

An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes. The breach took place Oct. 3 and was discovered the same day...

Sensitive information of 1 Million people breached at Nationwide Insurance

Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued th...