Woman reading

InfoSec in the News

2001 and earlier

Most of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

Security Wire Digest


7 June 2012 - Cyber Criminals Using New Tricks for Break-ins
Remember all those phony emails that purport to be from your bank, asking you to click on a link and turn over your account information? Cyber experts say criminals have moved on and are using new methods.

7 June 2012 - Fourteen Arrested for MU Paper Leaks
The Mumbai Police Crime Branch claimed to have cracked the Mumbai University paper leaks and arrested 14 people — five students, five peons, two laboratory assistants and two professors with a Karjat-based engineering college.

6 June 2012 - Russian Hacker Leaks 6.5million LinkedIn Account Passwords
Around six million users of the social networking site LinkedIn have had their passwords stolen, according to technology experts. The website has confirmed that it was hacked after a file containing 6.5million encrypted passwords was published on a Russian hackers' web forum.

6 June 2012 - Massive Password Leaks at LinkedIn and Others
Reports originally surfaced in Norway overnight that about 6.5 million unsalted SHA-1 password hashes had been posted to a Russian site with a request for assistance in cracking them.  Several highly trusted security researchers have confirmed that the hashes posted include those of passwords they use exclusively on LinkedIn. https://isc.sans.edu/diary.html?storyid=13390
How to tell if you are affected:

5 June 2012 - Adobe Releases Updates for Photoshop and Illustrator
Adobe has released updates to address vulnerabilities in Photoshop CS5 and CS 5.1 and Illustrator CS 5 and CS 5.5. Adobe initially told users that to fully protect themselves from attacks that exploited the flaws, they would have to upgrade to the most recently released version of each product, which run about US $200 each. Adobe did not think the flaws merited an "out-of-band" update, but later bowed to users' protests. The updates address nine vulnerabilities in all and are available for both products on Windows and Mac OS X.

4 June 2012 - Tiny Banker Trojan
The recently detected Tiny Banker Trojan horse program, known as Tinba, buries itself in browsers on infected computers and steals online banking data. The malware alters the way online banking websites appear to users on their computer screens and attempts to circumvent authentication measures; its techniques bear some similarity to those of ZeuS. Tinba is notably small, weighing in at just 20KB.

2 June 2012 - To Defend Cyberspace, We Must First Understand It
The video accompanying this article describes the chasm between the complexity of cyberspace and our ability to defend it. Mark Weatherford, Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) at DHS, notes that while the hackers only have to get it right once, we have to be careful all the time. And former CIA director George Tenet said, "We have built our future upon a capability that we have not learned how to protect." The article describes Charlie Miller's and Dionysus Blazakis's efforts to find a zero-day flaw in the iPhone for a contest alongside a brief history of our efforts to understand the "unthinkable complexity" of cyberspace.

21 May 2012 - Cross-Browser Malware Spreading Through Facebook
A new piece of malware called LilyJade spreads through Facebook and can infect computers across browsers and across platforms. LilyJade was created using a Javascript cross-browser extension framework known as Crossrider. It is currently in beta testing and is capable of running on Internet Explorer, Chrome, and Firefox; support for Safari is expected to be available soon. LilyJade appears to be created to launch click fraud schemes.

18 May 2012- Five-Year Sentence for Role in Phishing Scam
A California woman has been sentenced to five years in prison for her role in phishing ring that netted members more than US $1 million.
Nichole Michelle Merzi was convicted last year of bank and wire fraud conspiracy, aggravated identity theft, computer fraud, and money laundering. Merzi was arrested during an international effort dubbed "Operation Phish-Phry," which resulted in charges against 100 alleged hackers in the US and Egypt.

18 May 2012 - Prison Term for Facebook Account Hack
A UK man will spend one year in prison for hacking another person's Facebook account. Gareth Crosskey broke into the Facebook account of an unnamed US citizen in January 2011. The incident was reported to the FSurvey Finds Energy and Utility Industry Companies Weak on Cyber Risk  Management (May 16, 2012) A recent survey of 108 global companies conducted by the Carnegie Mellon University CyLab and sponsored by RSA and Forbes found that those in the financial sector have the best cyber and information risk management practices, while companies in the energy and utility industries have the worst. While more than 90 percent of respondents said that they are actively addressing risk management at their organizations, only 33 percent saidBI, which traced the source of the break-in to the UK and turned the case over to authorities there. Crosskey was arrested in July 2012 and was found guilty of using a computer to gain unauthorized access to a program or data and performing unauthorized acts with intent to impair operation of, or prevent/hinder access to a computer, both offenses under the UK's Computer Misuse Act.

17 May 2012 - Budget Official To Replace Howard Schmidt as White House Cyber Czar
White House Cybersecurity Coordinator Howard Schmidt has announced his retirement from public service. Schmidt has held the position as special assistant to the president since late 2009. In a statement, Schmidt said, "We have made real progress in our efforts to better deal with the risks in cyberspace." When he steps down at the end of May, Schmidt will be succeeded by Michael Daniel, who has worked for 17 years in the Office of Management and Budget's National Security Division, the last 10 of which he has focused on cybersecurity as chief of the Intelligence Branch.

16 May 2012 - Utah CIO Resigns Over Healthcare Data Breach
Earlier this week, Utah State Chief Information Officer (CIO) Stephen Fletcher resigned his position over a data security breach that exposed the Social Security numbers (SSNs) and other personal information of
280,000 Medicaid patients. Utah Governor Gary Herbert announced Fletcher's resignation and said that a third party audit of the state's technology systems is underway. The state has also appointed a new health data security ombudsman.

14 May 2012 - Cards Compromised in Global Payments Breach Used in Fraudulent Transactions
Debit cards that were compromised in a data security breach at Global Payments have reportedly been used to conduct fraudulent transactions. In March 2012, Union Savings Bank (United) in Danbury, Connecticut started noticing debit cards it had issued were involved in fraud. United determined that the location of the fraudulent transactions, a nearby private school, was a customer of Global Payments, so the bank contacted Visa to let them know of a possible breach at the processor. United was then contacted by a fraud investigator from Vons, a chain of grocery stores in the southwestern US, regarding a scam that was being conducted using the stolen card information.

12 May 2012 - Payroll Data for 700,000 People Goes Missing in Mail
The personal details of over 700,000 people involved in California's In-Home Supportive Services are reported to have gone missing in the mail.  Hewlett Packard, which manages the payroll data for the workers in California's In-Home Supportive Services, sent the data in microfiche format via the U.S. Postal Service but the package containing the data arrived at its destination damaged and incomplete. The information contained in the package related to the workers and also the elderly and disabled clients of the service.  The information that may have been compromised includes names, Social Security numbers and salary details dating from October to December 2011.  Oscar Ramirez, a spokesman for the California Department of Social Services said that "The state has opened an internal investigation and notified law enforcement. Notices will be sent to everyone who may be affected, and officials are reviewing policies to prevent future problems."

12 May 2012 - Undercover Investigation in UK Uncovers Trading in Personal Data
An investigation within the UK conducted by the Channel 4 TV station's Dispatches program alleges that private investigators are paying for access to personal details of individuals held in government databases.
The program shows how a private investigation firm sold sensitive data of individuals such as bank account details, social welfare benefit claims and medical details.  The program highlights that up to five members of staff a day are disciplined for data offences at the Department of Work and Pensions.  Under the UK's Data Protection Act, specifically section 55, it is a criminal offence to: "obtain or disclose personal data" without permission or "procure the disclosure to another person".  The report has led to calls for more regulation into the private investigations industry.

11 May 2012 - FBI Returns Server Seized in Univ. of Pittsburgh Bomb Threat Investigation
FBI agents returned a server seized from a New York co-location facility four days after the equipment was taken from the organization. The seizure was related to an investigation into the bomb threats delivered by email against the University of Pittsburgh earlier this year. The people who own the server run an organization that provides a number of web tools, including email and mailing list support; the company also encrypts all data, so users' anonymity is assured. The article provides details of the events surrounding the seizure and the actions taken by the co-location center's owner/operators. It appears that someone linked to the bomb threats used an anonymization service that subcontracted space on a server from an organization that subcontracted server space from the New York company.


11 May 2012 - 47 Arrested in Carding Ring
The Royal Canadian Mounted Police arrested 47 people in a number of raids in Montreal and Ontario in a crackdown on a well-organized international bank card ring responsible for stealing US $ 7 million and potentially hundreds of millions more.  The gang installed skimming devices on ATMs and modified POS terminals so that card data could be gathered remotely.  In one attack lasting just 5 minutes police claim the thieves made 203 transactions using 79 fraudulent cards at 23 different bank machines netting them US $ 30,000. According to Royal Canadian Mounted Police Sargent  Yves Leblanc "This went on once, twice,
three times a day. It went on maybe four or five times a week."  The gang had accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and England. The arrests are the result of an investigation that began in 2008.

9 May 2012 - Business Travelers Warned of hotel Wi-Fi malware scam
The US based Internet Crime Complaints Centre (IC3), a joint initiative between the FBI and the National White Collar Crime Center, has warned business travelers travelling outside the US about malware which attempts to infect computers by installing itself through Wi-Fi connections in hotels.  The warning states ""Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an internet connection in their hotel rooms."  The attack targets a "a widely-used software product" and the IC3 recommends that travelers update all software on their PCs before their journey and to be extra cautious before updating software when away from their office.  No further details were given as to which software the malware targets or the countries or hotel chains the attacks were reported to have occurred.


8 May 2012 - Man Pleads Guilty to US $1.3 Million Phishing Scam
A 31 year old US man from Atlanta, Georgia, pleaded guilty to his part in a phishing ring responsible for defrauding people of over US $1.3 million.  Waya Nwaki, also known as "Shawn Conley," "USAprince12k," and "Prince Abuja", pleaded guilty to charges of wire fraud conspiracy, wire fraud, aggravated identity theft and computer fraud conspiracy.  He could face up to 47 years in prison and a fine of US $ 250,000 for each count.  Sentencing is to take place on August 15th 2012.  According to the indictment filed with the U.S. District Court in New Jersey, Nwaki was part of an international gang of fraudsters with others named in the scheme as Karlis Karklins of Latvia; Charles Umeh Chidi of the United Kingdom; Alphonsus Osuala and Osarhieme Uyi Obaygbona of Atlanta; Marvin Dion Hill of College Park, Ga.; and Olani Yi Jones of Nigeria.

7 May 2012 - Apple Releases iOS Update
Apple has issued an update for iOS, its mobile operating system, to address four security issues in its browser. The flaws affect Safari and WebKit. The most serious flaw is a memory corruption vulnerability that could allow remote code execution. Two other flaws could be exploited in cross-site scripting attacks. The update of iOS to version 5.1.1 affects iPhones and iPads.

5 May 2012 - Ransomware Pretends to be Communication from US Dept of Justice
A newly detected ransomware variant infects users' computer through drive-by download attacks. Once a machine is infected, the malware locks up the computer, making it impossible for users to access their information. A warning is displayed, saying that the user has violated US federal law because the IP address associated with the computer was identified as having visited illicit websites. The message tells users that to unlock their machines, they must pay the US Department of Justice US $100 through a pre-paid money card. The attack also infects computers with malware known as Citadel that enables cyber thieves to steal online banking information.


2 May 2012 - Federal Judge in NY Comes Down Hard on Copyright Trolls
A federal judge in New York has lashed out at copyright trolls, plaintiffs who attempt to sue dozens of anonymous computer users in one case for copyright violations, hoping to get each to settle for several thousand dollars rather than go to trial. Judge Gary Brown points out that it is erroneous to assume that the registered subscriber of an IP address is the same person who uses that address to download content.
Judge Brown also pointed to the "abusive litigation tactics to extract settlements from John Doe defendants." He allowed discovery to proceed against the first defendant in each of the four cases that crossed his desk; the plaintiffs were told that if they wanted to pursue legal action against the rest of the defendants, they would have to pay filing fees for each case.

30 April 2012 - UK High Court Says ISPs Must Block The Pirate Bay
The UK High Court has ruled that internet service providers (ISPs) there must block users' access to The Pirate Bay. Late last year, the British Phonographic Industry (BPI) asked ISPs to block access to the site voluntarily. The BPS's request followed a court ruling that ordered ISPs to block access to Newzbin 2. The ISPs responded to the BPI's request by saying they would not block sites without a court order. Critics observe that for the determined, there are always ways to circumvent blocked sites. Supporters note that the court order serves to underscore the illegality of piracy. Critics have also called the order a slippery slope that could easily lead to further censorship of the Internet.

26 April 2012 - Number of Conficker Infections Increased in 2011
According to a report from Microsoft, the number of computers infected by the Conficker worm increased 225 percent between 2009 and 2011; by the end of the 2011, the malware had compromised 1.7 million computers worldwide. Conficker first appeared in 2008 and at its height, infected seven million computers. The worm is seen as a greater threat to enterprises than to individual users because it exploits weak passwords to spread to administrative shares of computers on a network. Conficker's persistence can be attributed in part to its defense: it blocks infected users from accessing security websites, disables security software, and uses encryption to disguise its malicious intent.

26 April 2012 - International Law Enforcement Effort Targets Sites Selling Payment Card Data
The UK's Serious Organised Crime Agency (SOCA) and the US's FBI and the Department of Justice in the US have seized 36 domains linked to stolen payment card information trafficking. Law enforcement agencies in five other countries assisted in the investigation and subsequent seizure of the domains. The sites used ecommerce software called Automated Vending Carts, which allowed them to sell large amounts of stolen data quickly. Three people have been arrested in connection with the scheme.

23 April 2012 - eMail Gaffe Sent Termination Notice to All Employees
An email slip-up sent job termination notices to more than 1,300 employees of a London-based investment firm. Aviva Investors has offices throughout Europe and in Canada and the US. The message was supposed to have been sent to just one person. A message correcting the error was sent out soon after. Aviva announced in January that it planned to cut approximately 160 jobs worldwide and a part of its restructuring efforts.

19 April 2012 - Latest Flashback Attack Started on WordPress Sites
Researchers say that the initial vector of attack for the Flashback Trojan horse program, was WordPress sites that had been infected with malware. Between 30,000 and 100,000 WordPress sites were infected in February and March of this year; the attackers placed code on the sites that redirected users to a server that would attempt to infect vulnerable machines. Flashback managed to infect an estimated 700,000 Mac computers, but researchers say that because of the availability of a tool to scrub Flashback from computers, the number of infected machines has been reduced to an estimated 140,000.


19 April 2012 - Attackers Exploiting Instagram's Popularity to Target Android Devices
Attackers are exploiting the popularity of photo sharing app Instagram by creating phony websites to spread malware to Android mobile devices. Instagram has been the focus of significant attention in recent weeks. Originally developed for iOS devices, an Android version of Instagram was released earlier this month and was downloaded more than one million times in the first day it was available. Last week, Facebook acquired the company that developed Instagram. One of the phony Instagram sites includes Russian text and attempts to install a Trojan horse program on Android devices that sends SMS messages to premium rate numbers with no user interaction or notification.

19 April 2012 - Google Warns Sites of Redirect Infections
Google has sent messages to 20,000 websites, informing them that they may have been injected with JavaScript that redirects visitors to other, maliciously crafted websites. Google has recommended that the site owners search for files containing a specific string, which would indicate an infection. The sites were also warned that the attackers may have compromised server configuration files.

18 April 2012 - Piracy for Dummies
A US publisher has filed a lawsuit against four people who have allegedly copied the company's books. John Wiley & Sons, the publisher of the X for Dummies series of how-to books, says its books have been shared through peer-to-peer networks. Wiley is seeking a jury trial for four people it alleges have copied books to which it owns the rights. The company says that more than 74,000 copies of Photoshop
CS5 All-In-One For Dummies have been obtained illegally.

18 April 2012 - Austrian Police Arrest 15-Year-Old for Hacking
Authorities in Austria have arrested a 15-year-old for allegedly breaking into servers at more than 250 companies over a three-month period. The teenager allegedly bragged about his exploits and posted information he had stolen online. He confessed when he was arrested.

18 April 2012 - Grand Jury Charges Two With Software Piracy
A US grand jury has charged two people from China with copyright infringement and illegal export of technology for allegedly selling pirated software online; the pirated software is worth an estimated US $100 million. Xiang Li and Chun Yan Li allegedly operated several websites that sold software pirated from 150 companies. Xiang Li was arrested in June; Chun Yan Li is still at large. In addition, a former NASA employee has pleaded guilty to conspiracy to commit criminal copyright infringement for purchasing more than US $1 million worth of pirated software from Xiang Li.


14 April 2012 - New Mac Malware
A new piece of malware that infects Mac OS X computers through a Java vulnerability has been detected. Last week, Apple released an update to the Java implementation for OS X that was being actively exploited by the Flashback Trojan horse program. The new malware is called SabPub and exploits a different Java vulnerability, justifying Apple's decision to have the update disable Java on computers that had not accessed the plug-in within the last 35 days. SabPub receives instructions from a remote website and is capable of taking screen shots of infected computers.

11 April 2012 - Apple Delivers Flashback Removal Tool
Apple is developing a tool to remove Flashback malware from Macs. Last week, Apple released an update to fix the hole in the Java implementation for Mac OS X that the malware exploits to infect machines. Apple has not said when the tool will be available. Apple is encouraging users to install the most recent update to fix the Java vulnerability. Mac users who are running versions prior to 10.6 (Snow Leopard) are urged to disable Java in their browsers as Java is no longer supported for those versions of the operating system. An estimated 600,000 Macs are already infected with Flashback. Apple also said that it is working with Internet service providers (ISPs) to disrupt the malware's command-and-control network. Internet Storm Center announces tool is delivered:

11 April 2012 - Howard Schmidt: Energy Companies Need to Monitor Security Issues
White House Cybersecurity official Howard Schmidt says that the country's utilities need to actively and continuously identify security risks in their systems. The administration, along with the Departments of Energy and Homeland Security plan to run a pilot program for power companies to voluntarily share information about their security postures and pinpoint where best to focus attention on improving security.
Schmidt also noted that smart meters are becoming targets for hackers.

10 April 2012 - US Army Running Short on Qualified IT Security Staff; Lowering Standards
The US Army is finding itself without enough qualified IT staff to fill available positions. Defense Department (DOD) Directive 8570.01-M spells out the training and certifications that military personnel and contractors must have to be considered for positions in which they operate DOD information systems. The Army is changing guidelines so that fewer employees will be required to have the training and certifications. Those with the necessary credentials will have greater network access and likely higher pay.

10 April 2012 - Six Scareware Scams to Watch Out For
SpywareRemove.com provides a list of some of the nastiest rogue antispyware programs out there -- designed to trick people into paying to remove malware from their computers.
http://www.crn.com/slide- shows/security/232800509/nix-that-click-six-scareware-scams-to-watch-out-for.htm?cid=nl_sec

9 April 2012 - Kaspersky Finds Massive Mac Infection
A second Russian security firm has confirmed that 600,000 Apple Macs have been infected with Java-exploiting malware, an indication that cyber-criminals are turning their attention toward stealing personal data from Mac users.

9 April 2012 - Economic Development Administration Offline for Months After Malware Infection
When the computer systems at the US Commerce Department's Economic Development Administration became infected with malware months ago, the bureau unplugged the system from the Internet. The Economic Development Administration (EDA) a small bureau within the Commerce Department which provides grants to distressed communities. The security teams have not been able to isolate the malware and clean the system. The offices are reverting to old fashioned communications technologies: fax machines, telephones, and written phone messages. Employees have contacted clients to ask how they would prefer to communicate without the Internet. EDA has noted that the situation has increased human interaction.

9 April 2012 - Mobile Device Security Concerns
Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple's iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.


9 April 2012 - Former Intel Engineer Pleads Guilty to Stealing Sensitive Company Documents
A man who once worked at Intel designing Itanium processors has pleaded guilty to stealing confidential information from the company. Biswamohan Pani resigned from Intel on May 29, 2008 and used his accrued vacation time to take leave through June 11. However, Pani began working at Advanced Micro Devices (AMD), an Intel rival, on June 2, while he still had access to Intel servers. But in the days before his June 11 exit interview, Pani downloaded 13 proprietary Intel design documents and copied them from his Intel-issued laptop to an external drive. He apparently attempted to access Intel servers again on June 13 because he had not completed the procedure that would have allowed him to view the encrypted documents offline. AMD did not request the information from Pani, nor did his new employer know that he had taken the documents.


7 April 2012 - What Information Does Facebook Give Law Enforcement When Subpoenaed?
When law enforcement authorities subpoena Facebook for account information, the social networking site sends pages of information, including photographs and their captions; the dates the pictures were uploaded; who uploaded them; people tagged; wall posts; messages; contact lists; and past activity. The Boston Phoenix published a document that Facebook provided to Boston police during their search for the Craigslist killer. The document was released publicly. The Phoenix took pains to redact any information about the killer's contacts. The packet of information Facebook provides to law enforcement authorities reveals data about the target user as well as about the user's contacts.

6 April 2012 - Twitter Sues Five Entities for Spamming
Twitter has filed a lawsuit against five defendants, accusing them of involvement with spam spreading through the microblogging network. The defendants named in the lawsuit include three companies and two individuals.  The lawsuit alleges that the companies named provided tools that sent automated, unsolicited tweets that try to trick users into following links that sell bogus merchandise or spread malware.
Twitter maintains that it has spent nearly US $1 million to deal with the effects of the defendants' alleged activity. Each of the defendants had signed up for a twitter account, which means each had agreed to terms that expressly forbid spamming.

6 April 2012 - Tool Detects Flashback on Macs
A software engineer has posted a tool that allows people running Apple computers to find out whether or not their machines are infected with the Flashback malware. The tool, called FlashBack Checker, was developed by software engineer Juan Leon, who works at Garmin International. Users whose machines are infected can use commercial security software to remove the malware from their computers. Estimates suggest that more than 600,000 Macs have been infected with Flashback.

6 April 2012 - Malicious Malware: Six Ways Cybercriminals Beat Security
Cybercriminals have become adept at going around the latest security defenses. Here's a list of some of the most innovative malware in use today.

5 April 2012 - Sky News Admits to eMail Hacking
Sky News, a company owned in part by the Murdoch News Corporation, has admitted to authorizing a reporter to hack email accounts of private citizens on two separate occasions. Sky News maintains that the action was taken in the public interest, but the UK's Computer Misuse Act makes no such allowances. The person responsible for both incidents was Sky News North of England correspondent Gerard Tubb. In one case, he broke into the Yahoo email account of a man who faked his own death in 2002 so that his wife could collect on a large life insurance policy. In the other, Tubb accessed the email account of an alleged pedophile.

4 April 2012 - Federal Utility's Cyber Security Weaknesses Not Uncommon
According to an internal US Department of Energy (DOE) audit, the Bonneville Power Administration in Portland, Oregon, has cyber security weaknesses that make its systems vulnerable to breaches. Experts say that the issues found at Bonneville are found at many other government and industry systems as well. The audit found that 11 Bonneville servers used weak passwords and 400 known vulnerabilities had not been fixed.
Bonneville is a federal utility that provides power to 30 percent of the Pacific Northwest region.

4 April 2012 - Survey Underscores Need for Bring Your Own Device Policies in Workplace
According to SANS' First Annual Survey on Mobility Security, while some companies allow employees to use their own mobile devices at work, many of those companies do not know what devices their employees are using. More than half of the organizations do not have or only "sort of" have bring-your-own-device (BYOD) security and usage policies. The study found that just nine percent of responding organizations were "fully aware" of what devices they were allowing to access their networks.

2 April 2012 - VA Getting Tough About Employee Security Training
The US Department of Veterans Affairs is getting tough on its employees regarding privacy and security training. Workers who do not complete their mandatory annual training in those areas will find themselves unable to access agency networks. Between VA employees and contractors, there are 450,000 people who have access to information contained in VA networks. Currently, the VA has a 95 percent compliance rate with the training, which means 18,000 people would be locked out of the networks if the program had gone into effect a year ago. The training program is called the Continuous Readiness in Information Security Program (CRISP) and involves a one-hour, online course that can be accessed within or outside of the VA network.

2 April 2012 - ACLU: Many US Police Departments Use Warrantless Cell Phone Tracking
According to the American Civil Liberties Union, (ACLU) many police departments in the US track cell-phone locations without warrants. In some cases, the tracking was conducted in emergencies, for example, to find a missing person. The ACLU requested the information from law enforcement agencies; more than 200 responded. In most cases, the tracking information was sought from phone companies, but in some jurisdictions, law enforcement has acquired their own tracking technology.

30 March 2012 - Visa Confirms Massive Processor Credit Card Breach
Visa and MasterCard are investigating a major breach of credit card numbers at a payment processor, the size of which may exceed anything seen in at least three years.

29 March 2012 - Kelihos Lives on Thanks to Facebook
Soon after security experts announced the dismantling of the Kelihos.B botnet on Wednesday, the culprits behind the attack reconfigured the malware -- and it is now going social.

29 March 2012 - Former US Countertorrism Czar Says China Hacked Every Major U.S. Firm
In an interview published in Smithsonian Magazine, ex-US Cyber Czar Richard A. Clarke claimed, on the record, that Chinese hackers have infiltrated every major American corporation with "brutal" effects for American innovation, especially corporate R&D.

28 March 2012 - RockYou to Pay FTC $250K After Breach of 32 Million Passwords
RockYou, a company that makes games and other applications for use on social networking sites, must pay $250,000 following a settlement with the Federal Trade Commission over a massive 2009 breach.

28 March 2012 - FBI Cyber Chief Says US Losing War With Hackers
In an interview with the Wall Street Journal, FBI cyber chief Shawn Henry said that the US is "not winning" the war waged by hackers on corporate networks. "We've been playing defense for a long time, ... You can only build a fence so high, and what we've found is that the offense outpaces ... and is better than the defense." He said that more and more often, FBI investigations turned up data stolen from companies that did not even know they had been infiltrated. Henry plans to leave the FBI after more than 20 years to work in private industry. James A. Lewis, senior fellow in cybersecurity with the Center for Strategic and International Studies, agrees with Henry's assessment, saying that "there's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector."


26 March 2012 - Senators Want to Know if Employer Requests for Facebook Access are Legal
US legislators want to know if employers who ask job applicants for the access credentials to their Facebook accounts are violating US laws. Senators Richard Blumenthal (D-Connecticut) and Charles Schumer (D-New
York) have asked the Department of Justice and Equal Employment Opportunity Commission to launch an investigation into the matter. If the requests for the login information do not violate current federal law, the senators plan to introduce new legislation that would make it illegal for employers to request applicant's login information for social networking sites and email accounts.

26 March 2012 - Millions of UK Credit Card Holders Exposed to Fraud
According to an experiment run by Channel 4 News in the UK, customers using contactless credit cards issued by Barclay's bank could have their data stolen without their knowledge by criminals using standard card readers built into many mobile phones.  The contactless credit cards work by using a chip built into the credit card which when scanned over a reader will make the payment without the need for a pin.  In its tests Channel 4 News was able to extract information from a contactless credit card which included the long card number, the expiry date and the name of the cardholder.  None of the data extracted was encrypted.  Channel
4 News were then able to use that information to make a purchase online with Amazon.  Barclay's bank said the issue is not with the contactless cards, but with the security checks taken for "card not present"
transactions by some retailers.  The UK government's Department for Business, Innovation and Skills has called for the findings of the report to be investigated as a matter of urgency.

26 March 2012 - Microsoft Blocking Links to Pirate Bay in Windows Live Messenger
Microsoft has acknowledged that it has blocked links to The Pirate Bay through its Windows Live Messenger instant messaging service. Microsoft says it "block[s] instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these." Users who try to send an IM that contains a Pirate Bay link will receive a warning message telling them that the link was "blocked because it was reported as unsafe."

22 March 2012 - Carriers Must Do a Better Job Of Resisting the Use Of Stolen Phones
While authorities say that there are ways to help fight smartphone theft, they also say that the wireless companies are not doing what they can to help address the problem. Tens of thousands of smartphones are stolen every year; in some cases, thieves have taken violent action and the owners have been hurt. The problem is that wireless companies are allowing stolen smartphones to be reactivated under different numbers. Police chiefs in cities around the US are writing to federal authorities to ask that wireless companies be required to take some steps to make the phones are less appealing target for those looking to steal and resell them. Every wireless phone has a unique ID. Once a phone is reported stolen, that number would be added to a blacklist and the companies would share information, blocking service on the stolen phones forever. Similar plans are already running in the UK and Australia. Several wireless companies have responded to the idea.

22 March 2012 - Verizon Report: Hacktivisim Accounts for More Than Half of Data Theft
According to Verizon's 2012 Data Breach Investigations Report, the majority of data stolen last year was the doing of hacktivists rather than cyber criminals out to profit from their spoils. Fifty-eight percent of data stolen in 2011 were pilfered by hackers with a political or social agenda. The report analyzes 855 incidents worldwide; those attacks accounted for 174 million stolen records. Verizon director of research and intelligence Wade Baker said that hacktivists are harder to defend against because they tailor their attacks for specific targets.  http://www.bbc.co.uk/news/technology-17428618

21 March 2012 - Chinese Police Arrest Man for Leaking Personal Data of Millions
Police in China have arrested a man suspected of leaking the personal data of more than six million users of the China Software Developer Network (CSDN). The exposed information includes user names, passwords, and email addresses. Police also penalized CSDN for not adequately protecting its database.

21 March 2012 - University of Tampa Student Data Compromised
Personally identifiable information belonging to more than 6,800 University of Tampa students was exposed on the Internet for eight months, according to the Florida university. The breach was discovered as part of an in-class project on advanced search techniques. Two other files containing information about nearly 23,000 additional people may also have been exposed during the same time period.


13 March 2012 - BlueCross BlueShield of Tennessee to Pay US $1.5 Million for HIPAA Violations
BlueCross BlueShield of Tennessee has agreed to pay US $1.5 million in fines to the US Department of Health and Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act
(HIPAA) related to a 2009 data breach. The breach has already cost BlueCross BlueShield nearly US $17 million for investigation, mitigation, and notification. In October 2009, an intruder stole 57 hard drives from a training facility; the devices held unencrypted information of one million people.

13 March 2012 - Government Software Buggier Than Commercial Software
Forbes magazine previewed a presentation at the upcoming European BlackHat conference in which he proves that developers of government software are allowing significantly more hackable security flaws to find their way into their code than those who develop programs for private industry. One reason he reports is that government contractors have an incentive to get add-ons to their work, and security flaws create add-on contracts.


12 March 2012 - University Student Wins UK Cyber Security Competition
UK university student Jonathan Millican has won the UK Cyber Security competition. The six-month long contest is sponsored by the UK's GCHQ and several technology companies. The final portion of the competition involved six five-person teams. Their challenges included advising a fictional start-up company on cyber security and defending a network against a simulated attack. While Millican's team did not win, his demonstration of leadership skills, technical capability, and business acumen helped the judges determine that he deserved top prize. The prizes are customized to meet the winners' situations. In Millican's case, he has been awarded a full scholarship for a master's degree when he completes his undergraduate work.

8 March 2012 - MPAA Seeks to Shut Down Hotfile Filesharing Site
The Motion Picture Association of America (MPAA) has filed a motion for a summary judgment against filesharing site Hotfile. The plaintiffs allege that "Hotfile actively fosters the massive copyright infringement that fuels its business," while Hotfile says it takes down content that violates copyright law upon request. The plaintiffs say that Hotfile is no different than Megaupload. Hotfile, which is based in Panama, is claiming safe harbor protections under the Digital Millennium Copyright Act (DMCA), but the movie and music companies say that Hotfile does not qualify for those protections because it did not identify and terminate the accounts of repeat offenders.

7 March 2012 - Six Most Dangerous Security Threats
At the RSA conference in San Francisco, in the best attended of all 220 track sessions, the nation's top penetration testing and incident handling expert, Ed Skoudis, and the director of the Internet Storm Center, Johannes Ullrich, discussed the six most dangerous new attack vectors that they saw being used in 2011 and also what has begun to emerge in 2012.

5 March 2012 - Hackers Stole Michael Jackson's Entire Catalog From Sony
Authorities in the UK have charged two men in connection with the theft of Michael Jackson's entire back catalog from Sony servers. The catalog comprises more than 50,000 tracks and includes a number of unreleased songs. Sony bought the catalog for US $250 million in 2010. The theft of the tracks is believed to have been discovered shortly after the Sony PlayStation network attack last April. The two men have denied the theft.

2 March 2012 - Cable Modem Hacker Convicted
A jury in federal court in Boston has convicted Ryan Harris of seven counts of wire fraud for helping people steal Internet service. Harris was involved in selling hacked cable modems and software that helped people circumvent device restrictions such as bandwidth limits. Harris faces up to 20 years in prison and a fine of up to US $250,000 for each count.


1 March 2012 - Stolen NASA Laptop Was Unencrypted
A laptop computer stolen from NASA last March contained information used to send commands to the International Space Station. In written testimony provided to US legislators, NASA inspector general Paul Martin said that the laptop was not encrypted. Martin's testimony also mentioned that between April 2009 and April 2011, NASA reported 48 laptops or mobile devices lost or stolen. Martin also noted that NASA's IT chief lacks the authority to enforce IT security policies.

20 February 2012 - UK High Court Rules The Pirate Bay Infringes Copyright
A UK High Court judge has ruled that The Pirate Bay and its users are committing copyright infringement, meaning that the torrent site could be blocked there. The lawsuit, brought by a group of recording labels, was prompted by a July 2011 ruling that required Internet service provider (ISP) BT to block user access to Newzbin2. The court is expected to decide in June whether ISPs will be required to block The Pirate Bay as well.

15 February 2012 - UK Police Shutter Alleged Filesharing Site
The UK's Serious Organized Crime Agency (SOCA) has shut down the RnBXclusive.com website for enabling copyright infringement. The notice that greets people attempting to visit the site says, "The majority of music files that were available via this site were stolen from the artists," and warns that if users have downloaded music through the website, they could face criminal penalties carrying a sentence of up to 10 years in prison and an unlimited fine. The notice goes on to inform users that "SOCA has the capacity to monitor and investigate you, and can inform your internet service provider of these infringements."

15 February 2012 - Apple Will Require Apps to Obtain User Permission Before Accessing Contact Data
US legislators sent a letter to Apple CEO Tim Cook asking why the company does not require iOS developers to obtain permission from users before apps download users' contacts. The inquiry follows close behind news that the Path app downloaded users' address books without their permission. Apple has responded to the question with a promise to change that policy so apps requiring use of address book data request that information explicitly.

14 February 2012 - FBI Says Social Network Monitoring Plan Will Abide By Privacy Rules
The FBI is attempting to allay concerns about user privacy over its plan to monitor social networking sites by making assurances that all its activity will comply with privacy and civil rights requirements. The FBI says that quick analysis of information posted on sites like Facebook and Twitter will help detect imminent threats. The US Department of Homeland Security (DHS) has conducted similar monitoring; that activity has prompted the Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC) to call for greater transparency of such undertakings.

13 February 2012 - AT&T Throttling Heaviest Data Users
AT&T has begun cracking down on customers who are among the heaviest cellular data users by throttling their data speeds. The move is part of the company's new plan to manage network data usage. AT&T stopped selling unlimited data plans in 2010, but there are still 17 million customers who have plans that predate the change. The company warned users last year that the plan would be put in place.

9 February 2012 - Trojan Exploits Known Hole in Microsoft Office
A Trojan horse program detected by Symantec researchers exploits a known vulnerability in Microsoft Office to infect computers. The malware has been detected in the wild and is being used in targeted attacks. The attack uses email messages with attachments that contain a Microsoft Word file with an embedded ActiveX control and an accompanying DLL file. Microsoft issued a fix for the flaw in September 2011, in bulletin MS11-073.

(SAI: Remember, never open an attachment from an unknown sender!)

7 February 2012 - Phishing email leads to Denver area health care breach
Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.

7 February 2012 - Right of First Sale Plays Role in Case of Used MP3 Online Store
A judge has declined to shut down ReDigi, a website that resells used digital music files originally purchased through the iTunes store. ReDigi says it sells only files that were legally purchased; no copies are made of the files, and that once the file is sold, the seller cannot access it again through ReDigi or through iTunes. Capitol Records had requested the preliminary injunction to shut down the site. While the judge refused the request, the case is still going to trial, where the judge said Capitol is likely to prevail. Capitol is hoping to prove that the MP3 files are not protected by the doctrine of first sale, which allows people who legally purchase copyrighted material to sell that material.


6 February 2012 - Company Includes Owners of Unsecured WiFi Networks in Filesharing Lawsuit
A California company has filed a lawsuit seeking damages from more than 50 named and unnamed Massachusetts individuals for participating in illegal filesharing. Liberty Media Holdings LLC produces adult content video. The lawsuit maintains that the accused were responsible either for directly downloading or sharing the movie in question, or owns an unsecured wireless network that was used to share or download the film. Liberty Media alleges that those with unsecured networks contributed to illegal filesharing through their negligence.

6 February 2012 - BT Junkie Takes Itself Offline Voluntarily
BT Junkie, a torrent search engine that is unaffiliated with BitTorrent, has voluntarily shuttered its website, ostensibly over concerns that it may be the target of law enforcement action similar to that which forced the shutdown of Megaupload. Other sites associated with filesharing have taken measures, though not as drastic, to avoid attention. For example, FileSonic now prohibits filesharing between users, but members may still upload and download their own files. The Pirate Bay has taken a different tack, moving its domain name from .org to .se to prevent seizure by US authorities.

1 February 2012 - Pirate Bay Founders' Prison Sentences Stand
Sweden's Supreme Court has refused to hear an appeal of the prison sentences for The Pirate Bay founders that were meted out by the Swedish Court of Appeals more than a year ago. Peter Sunde, Fredrik Neij, Carl Lundstrom, and Gottfrid Svartholm received sentences ranging from four months to one year. They also face a combined fine of 46 million kronor (US $6.8 million). They were convicted in 2009.

1 February 2012 - Spear Phishing Attack Plants Trojan on Targeted Computers
A recently detected, sophisticated spear phishing attack disguises itself as conference invitations. The attack exploits unpatched flaws in Adobe Reader to place Trojans on vulnerable computers. The malware, once on the computer, manages to disguise itself as a Windows Update utility. The attack has been named MSUpdate Trojan. Researchers have evidence of similar attacks from what appears to be the same group of attackers, dating back to 2009. The Trojan steals information and sends it back to the command and control server, but the traffic is disguised as Windows Update traffic.

30 January 2012 - Whistleblowing FDA Employees File Suit Over Alleged Monitoring
A group of former US Food and Drug Administration (FDA) employees have filed a lawsuit alleging that the FDA monitored their personal email through which they warned Congress that some devices approved by the agency posed risks to patients. The six scientists and doctors maintain that they suffered harassment and that some were wrongfully terminated as a result. Their correspondence was monitored and the FDA twice asked the Department of Health and Human Services (HHS) inspector general to investigate because the six had allegedly disclosed confidential information about the devices in question. The HHS IG declined both times to launch an investigation, because it found no evidence of criminal conduct.

27 January 2012 - High School Students Arrested for Alleged Computer Intrusion and Grade Altering
Three California high school students have been arrested for allegedly hacking into their school's computer system to alter grades. The students allegedly broke into a janitor's closet at Palos Verdes High School and made a copy of the school's master key. They then allegedly placed keystroke-logging software on four teachers' computers, which gave them the passwords they needed to access the school network's central files and used the access to nudge up their grades. Two of the students have been expelled. They were caught only because they were also selling answers to tests, which they had stolen from classrooms.

27 January 2012 - Windows Media Player Flaw is Being Actively Exploited
Researchers have detected an in-the-wild attack that exploits a known flaw in Windows Media Player (WMP). Microsoft released a fix for the vulnerability on January 10, 2012 in the MS12-004 security bulletin. The attack tricks users into opening a maliciously crafted MIDI file. It is being called a drive-by download attack. The malware attempts to download a Trojan horse program onto the computer. The Trojan appears to have rootkit capabilities. 


27 January 2012 - White House Calls for Comprehensive Cyber Security Legislation
White House Cybersecurity Coordinator Howard Schmidt is encouraging legislators to "quickly enact legislation to address the full range of cyber threats facing our nation." In a White House blog post, Schmidt said that the legislation, which would resemble the proposal sent by the president to Congress last May, would grant officials the necessary authority to fight "growing and consistently sophisticated cyberthreats."

23 January 2012 - Judge Orders Woman to Decrypt Laptop
A US district judge in Colorado has ordered a Colorado Springs woman to decrypt her laptop computer so that prosecutors may access information it contains to use as evidence against her. Ramona Fricosu, who is accused of bank fraud, had argued that being made to decrypt the machine would violate her right against self-incrimination as set forth in the Fifth Amendment, but Colorado US District Judge Robert Blackburn disagreed. The computer was seized in 2010. Fricosu has been given until February 21 to surrender the unencrypted drive. http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/

18 January 2012 - Man Arrested, Charged in Federal Reserve Bank of New York Source Code Theft
A man who had worked as a contract programmer on proprietary source code for the Federal Reserve Bank of New York has been charged with stealing that code, which is valued at US $9.5 million. Bo Zhang has been arrested. He allegedly took the code last summer while working under contract at an access controlled repository. Zhang allegedly copied the code onto an external hard drive. If he is convicted, he could face up to 10 years in prison. The software, Government-wide accounting and Reporting Program, or GWA, is used to track US government finances. He has stated that he used the code in a private business in which he trains people as programmers.

18 January 2012 - Russian Man Extradited from Switzerland to US to Face Charges in Fraud Case
A Russian man has been extradited from Switzerland to the US to face charges of conspiracy, mail fraud, wire fraud, computer fraud, aggravated identity theft, and securities fraud. Vladimir Zdorovenin is the alleged mastermind of a credit card theft and stock manipulation scheme. His son, Kirill Zdorovenin, is believed to have been involved as well, but he remains at large. The Russian constitution does not allow for extradition of its citizens, which is why the elder Zdorovenin was apprehended while in Switzerland.

17 January 2012 - Prison Time for Man Who Stole Patient Database From Former Employer
An Atlanta, Georgia, man has been sentenced to 13 months in prison for breaking into a former employer's patient database and stealing the information. Eric McNeal is an information technology specialist who had worked for the APA medical practice in Atlanta. When he left in November 2009 to work for a similar practice in the same building, he broke into APA's computer system from his home, downloaded the patient database and deleted all the information from APA's system. McNeal began recruiting the patients, by mail, to move to the new practice where he was employed.

17 January 2012 - NHS Trust Challenging Large Fine Over DPA Violations
An NHS Trust is challenging a large fine imposed by the UK Information Commissioner's Office (ICO) for violating the Data Protection Act (DPA). The ICO is proposing to fine the Brighton and Sussex University Hospitals NHS Trust GBP 375,000 (US $576,000) after some of its patient records were discovered on hard drives that were being offered for sale on eBay. The Trust had contracted with a contractor to destroy 1,000 hard drives. While the disks were in the contractor's possession, 232 of them were stolen and offered for sale on eBay.http://www.theregister.co.uk/2012/01/13/nhs_fined_stolen_data/

16 January 2012 - UK Student Faces Extradition to US to Face Copyright Infringement Charges
Judge Quentin Purdy of the Westminster Magistrates Court in the UK has ruled that university student Richard O'Dwyer may be extradited to the US to face charges of copyright infringement. O'Dwyer established TVShack.net, a site that provided links to websites where users could download copyrighted digital content. The US government alleges that the site has been profitable for O'Dwyer, earning him more than US $230,000 through advertising revenue. O'Dwyer's attorney plans to appeal the ruling.

13 January 2012 - US State Dept CISO to Become Director of US National Cyber Security
Federal News Radio announced today that John Streufert, CISO of the US State Department, was to be named Director of the US National Cyber Security Division (NCSD). Streufert is best known for demonstrating how huge security improvement can be generated at low cost in 24-time zones, using "continuous monitoring and mitigation" where daily automated feeds of security status are scored and prioritized and fed to system administrators who correct problems every day.  He also showed how to make the 20 Critical Security controls operational in a large agency.

12 January 2012 - Air Force Base Migrates to Linux After Malware Infection
Following a malware infection at a US Air Force Base in Nevada in September 2011, it appears that the base has moved at least some computers from Microsoft Windows XP to a Linux operating system. The systems at the AFB control Reaper drone aircraft. While the infection seems to have been more of a nuisance than a threat, the incident was nevertheless embarrassing. The malware infected the ground control systems at the base, which "is separate from the flight control system Air Force pilots use to fly aircraft remotely." The malware found its way onto the computers through a portable hard drive; the base uses portable disks to load map updates and to transfer mission videos between computers.

12 January 2012 - NHS Employee Fined for Unauthorized Patient Data Access
A UK NHS employee was fined GBP 500 (US $767) for accessing patients' health records without authorization in 2009. Juliah Kechil, who no longer works at the NHS, looked at the records of five members of her ex-husband's family to find their phone numbers, a breach of the Data Protection Act (DPA). The issue came to light when her former father-in-law, who had changed his phone number to avoid calls from Kechil, became suspicious after the calls resumed. She was also ordered to pay prosecution costs of GBP 1,000 (US $1,534). The NHS used Kechil's ID card to audit her activity.

7 January 2012 - Israeli Government to Treat Cyber Attacks as Acts of Terrorism
The Israeli government says it will treat cyber attacks as acts of terrorism. The statement comes in the wake of the theft and subsequent posting of Israeli credit card numbers and other data. Deputy Foreign Minister Danny Ayalon said that "no agency or hacker will be immune from a response."


5 January 2012 - Ramnit Worm Stealing Facebook Login Credentials
A worm known as Ramnit is stealing Facebook login credentials. The malware infects Windows executables, Microsoft Office, and HTML files and has the capacity to be used as a backdoor, allowing attackers to take further action on compromised machines. A Ramnit command and control server containing sets of login credentials for 45,000 Facebook accounts has been found. Most of the users affected appear to be from the UK and France.


4 January 2012 - Microsoft Sues Company for Allegedly Selling Counterfeit Windows Recovery CDs
Microsoft is suing UK company Comet for allegedly selling counterfeit copies of Windows Vista and Windows XP recovery disks. Comet has countered with a statement saying that they were acting in their customers' best interests because users of Microsoft products were "adversely affected by the [software company's] decision to stop supplying recovery disks with each new Microsoft operating system based computer." Microsoft responded by saying that the PCs' hard drives already contained recovery software and that Comet sold disks for GBP 14.99 (US $23.24) that Microsoft would have provided at a much lower cost or even at no cost at all. Comet has about 250 stores in the UK.

4 January 2012 - Apple Tackling Pirated Apps
Apple is taking steps to thwart the availability of pirated applications for the company's devices. By sending Digital Millennium Copyright Act (DMCA) takedown notices to Apptrackr, Apple hopes to cut off access to the pirated apps. In response, Apptrackr has moved its server outside of the US and has deployed technology that does not use direct links to the applications. The developer of Apptrackr claims his site is designed to allow users to test apps before they buy them, but admits that it is often used by people who never intend to purchase the apps.

1 January 2012 - Malware Infection Results in Retrial for Man Convicted of Murder
A Florida man who was convicted of second degree murder will get a new trial because a computer virus destroyed transcripts of the court proceedings.  Normally, court stenographers make both paper and electronic records to proceedings, but in this case, the stenographer did not bring enough paper and recorded the proceedings only digitally. The digital records were then transcribed onto her own personal computer and deleted from the stenograph.  Her PC then became infected with a computer virus resulting in the loss of the court records. Randy Chaviano's legal team filed an appeal after he was given a life sentence in July 2009; because the transcripts of the trial were incomplete, the Third District Court of Appeals ordered that Chaviano be granted a new trial. The stenographer involved has been subsequently fired.


© 1999-2016 Security Awareness, Inc. All Rights Reserved  :  Privacy Statement
Contact Us     Site Map