Welcome to Zero Day's Week In Security, ZDNet's roundup of notable security news items for the week ending September 11, 2015.
From Ars Technica: Antivirus mogul John McAfee to run for president as member of "Cyber Party" "On Tuesday, John McAfee, best known for founding the eponymous software firm McAfee Security (to which is he no longer affiliated), filed paperwork with the Federal Election Commission announcing his intent to run for the office of President of the United States. In his interview with Wired ... McAfee cited government's technological illiteracy as a primary motivation in his decision to run for the US' highest elected office."
From Vice/Motherboard: Hackers Killed a Simulated Human By Turning Off Its Pacemaker "Mike Jacobs, director of the [healthcare] simulations program at University of South Alabama ... provided the iStan ("the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems") to a group of undergraduate students who had been taking a cybersecurity class for a semester. After a few hours, the team of students was able to gain access to most of iStan's functions, which were vulnerable to denial of service attacks, brute force attacks, and security control attacks."
From ZDNet: Europeans to win the right to sue in US courts over privacy breaches "Europeans whose data has been mishandled by US authorities will soon have the right to take legal action in the UScourts. EU citizens' right to seek legal redress in the US comes as part of a new EU-US data protection agreement covering instances where EU citizens' personal data is involved in US criminal and terrorism investigations. The deal brings rights of EU citizens in line with those of US citizens, who can sue in European courts for similar privacy breaches."
From CNET: Data breach exposes 10M health records from New York insurer "More than 10 million records were exposed in a data breach of health insurer Excellus BlueCross BlueShield and a partner company. ... Excellus revealed the breach on Wednesday, telling customers they would receive identity-monitoring services and that the FBI is investigating the crime. The records included Social Security numbers and other identifying information, as well as claims members made to pay for medical care."
From NextGov: Intelligence Chief: OPM Hack Was Not a 'Cyberattack' "The mammoth data breach of millions of background investigation forms at the Office of Personnel Management was one of the largest cybercrimes ever perpetrated against the U.S. government, according to federal officials. But one thing it wasn't? A cyberattack. At least in the true sense of the term, according to Director of National Intelligence James Clapper. ... Data was "simply stolen," he said. "That's a passive intelligence collection activity - just as we do," Clapper added."
From Ars Technica: First-ever monthly Android security updates start to roll out "The [Stagefright] publicity got the Android device ecosystem-Google, OEMs, and carriers-to at least start paying attention to delivering security updates to users in a timely manner. Google, Samsung, and LG scrambled to get fixes out to their flagship devices and promised monthly security updates for their devices. That was 36 days ago. Today, Google has posted the first of those monthly security updates for Nexus device owners."
From ZDNet: [AU] Government commits AU$18.5m for National Biometric Matching Capability "The New York Times on Monday reported that Apple was served a court order by the Justice Department this summer over an investigation involving drug and gun crime, demanding it provide real time access to text messages sent between suspects using iPhones. Apple reportedly said its iMessage system was encrypted and, as a result, it couldn't comply with the order. Consequently, the company can't provide the same interception capabilities to law enforcement officials under US wiretap laws as telecoms operators can."