Woman reading

InfoSec in the News

2001 and earlier

Most of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

Security Wire Digest


- Visit SANS, Sophos, SC magazine, and InfoSecurity magazine websites to sign up for news feeds -

17 December 2014 - ICANN Accounts Hijacked Through Phishing Attack
The ICANN was the target of a data breach following a phishing campaign. The organization's root zone administration system was compromised. The attack occurred late last month and was detected a week later. The compromised data include personal information of people who do business with the organization.

10 December 2014 - The Pirate Bay Offline After Swedish Authorities Seize Servers
Authorities in Sweden have raided seized the servers of The Pirate Bay, causing the torrent tracking website to go dark. The site has been taken down before but previously has always returned quickly. This time, the site does not appear to be bouncing back as quickly. One of The Pirate Bay's founders, Peter Sunde, says he is fine with the site's disappearance, because he does not like what it has become. Other filesharing sites reportedly also went down on the same day, but it is not clear if the incidents are related.

8 December 2014 - White House Issues Commitments to Support Computer Science Education
A White House initiative to bring computer science education to US middle and high school students has participating school districts in Districts in New York, Los Angeles, Miami, Chicago and other large cities representing more than four million secondary school students. The districts have committed to offering computer science classes. Twenty million dollars in private donations will go to toward training teachers. The White House also noted that in 2016, the College Board will launch a new Advanced Placement course called Computer Science Principles.

8 December 2014 - Former Apple Executive Gets prison Sentence for Selling Insider Data
Former Apple global supply manager Paul Shin Devine has been sentenced to a year in prison for selling information about the company to its suppliers so they could negotiate better deals. Devine was arrested in 2010 after his scheme was discovered. The investigation was prompted by the discovery of emails in which he said he would provide insider information for cash.

1 December 2014 - European Police Shutter Websites Hawking Counterfeit and Pirated Products
Law enforcement agencies in Europe have seized nearly 300 domains associated with selling counterfeit electronics and medications as well as pirated movies and music. No arrests have been made yet.

1 December 2014 - Intruders Stole Insider Information To Beat Wall Street
Information thieves used phishing messages to gain access to systems at more than 100 publicly traded companies and stole data about merger discussions, product information, and legal action, which could be used to help inform investment decisions. The majority of affected companies are in the health care and pharmaceutical industries.

21 November 2014 - European Police Arrest 15 for Remote Access Trojan Use
Police in seven European countries have arrested a total of 15 people in connection with allegedly using remote access Trojans (RATs) to conduct cyber crimes. The arrests were the result of a sting operation.

20 November 2014 - Webcam Streaming Site Found Underscores Need to Reexamine Security
The UK Information Commissioner's Office is urging people who use webcams to reset passwords and login information. A Russian-hosted website is offering streams from hundreds of webcams around the world, including more than 500 in the UK. The website accesses the webcams through default access credentials. There are streams for webcams in more than 250 countries and territories. Users are also being urged to disable remote access if it is not needed.

10 November 2014 - Employee Mistakes Undermine US Government Data Security
According to an Associated Press analysis of information obtained through Freedom of Information Act (FOIA) requests, at least half of US government IT security incidents are the result of mistakes made by workers. Employees have violated workplace policies; lost or had stolen devices containing sensitive information; and shared sensitive information.

3 November 2014 - Attackers Stealing and Selling Rewards Points
Thieves have been targeting rewards points programs offered by hotels and other organizations. Often, the online management systems for the programs lack adequate security. One man discovered that 250,000 Hilton Honors points he has accrued through use of a credit card had been used by thieves, who managed to access the account online, change the associated email addresses, and even use the associated credit card to make additional charges. Hilton allows two methods of account access:
username and password, or member number and four-digit PIN. Brian Krebs discovered that there are online forums where rewards points are being offered for sale at fractions of their value.

27 October 2014 - Court Orders Shutdown of Company Selling Useless Tech Support
A federal court in New York has shut down a company called Pairsys for selling useless tech support, according to a US Federal Trade Commission (FTC) announcement. On October 9, the court issued a preliminary injunction, which froze company assets and required that its websites and phone numbers be disconnected. Pairsys made US $2.5 million in less than two years selling scareware and software that was available elsewhere at no cost. Company employees posed as Microsoft and Facebook representatives.

22 October 2014 - Koler Android Ransomware Now Spreading Through SMS
A variant of Android ransomware known as Koler is now spreading through SMS. The previous version infected devices of users who had viewed certain pornographic websites. The new variant sends SMS messages to every contact in the address book of infected devices, telling them that someone has created a profile using their pictures. Infected devices display a screen telling users that they have been accused of viewing illicit content and that they must pay US $300 to unlock the device.

19 October 2014 - Login Page for Dropbox Phishing Scheme Hosted on Dropbox
A phishing scheme tries to get Dropbox users to disclose their account access credentials  by sending a message telling recipients that someone has sent them a file that is too large to be sent through regular email so they must sign in to Dropbox to view it. The phony login page was actually hosted on Dropbox. It has been taken down.

6 October 2014 - AT&T Employee Fired for Accessing Customer Data
AT&T has fired an employee for allegedly accessing customers' personal data, including driver's license and Social Security numbers, as well as customer metadata about calls made. AT&T notified the affected customers by letter, http://www.theregister.co.uk/2014/10/06/att_cops_to_insider_data_breach/

1 October 2014 - Man Sentenced to Prison for Trying to Buy Stolen Data
A Florida man has been sentenced to more than three years in prison for trying to purchase data stolen from a company that essentially operated as an identity theft service. Derric Theoc pleaded guilty to attempting to buy Social Security and bank account information that belongs to 100 people, intending to use the data to open new accounts and file fraudulent tax returns. The individual who operated the service was arrested in 2012. US Secret Service investigators then took over the operations in an attempt to catch customers.

25 Sept 2014 - US Will Adopt Chip-and-PIN
The idea of storing credit card account information on a magnetic stripe, while innovative in 1960 when it was first conceived, is now vulnerable to theft, particularly because the data encoded on the magnetic stripes are static. The US is finally following the rest of the world in moving to the more secure chip-and-PIN, or EMV technology (so-called because it was started by Europay, MasterCard, and Visa).

24 Sept 2014 - Internet Crime Complaint Center Warns of Spoofed Messages
The FBI's Internet Crime Complaint Center (IC3) is warning that it is being impersonated in an attempted cyber extortion attack. Spoofed email messages claim that the recipient has been identified in a criminal report and must purchase prepaid credit cards and send them to a certain address or be arrested. IC3 has recently issued a warning to organizations about an increase in insider threat cases.

24 Sept 2014 - Insider threat cases on the rise, IC3 warns
The Internet Crime Complaint Center (IC3) is warning organizations of a rise in insider threat cases.
Disgruntled and former employees have been increasingly engaging in computer network exploitation and disruption, according to a Tuesday announcement.

22 Sept 2014 - Google Shuts Down Malvertising Attack
On September 19, Google shut down a malvertising campaign that affected visitors to several different websites, including Last.fm and The Jerusalem Post. The questionable ads were being served by the Zedo ad platform through Google's DoubleClick. The malicious ads were serving up a downloader known as Zermot.

19 Sept 2014 - Employee errors root of most data breaches, but malware incidents cost more
Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014, and found that the majority of the incidents were caused by unintended disclosures, via email or fax for instance, or by physical loss of paper records.
Altogether, such employee errors were said to account for 55 percent of data breaches during the time period, the company revealed.

19 Sept 2014 - Russian Police Arrest Two in Connection with Android Malware
Police in Russia have arrested two people in connection with malware that infected Android mobile devices through deceptive MMS messages. The messages appeared to be 'romantic" in nature, but when recipients clicked on a provided link, their phones were infected with malware that steals money from bank accounts linked to the devices.

18 Sept 2014 - Breached Healthcare.gov Test Server Was Still Using Default Password
The Healthcare.gov test server breached earlier this summer was still using its default password. US-CERT Team Director Ann Barron-DiCamillo told the House Oversight and Government Reform Committee that the breach did not compromise any patient data "due to the segmentation of the network." The intruders used the access to harness the server's resources to launch attacks against other websites.


16 Sept 2014 - Inside Job: Nigerian Bank IT Worker Missing after Multi-billion Naira Heist
The Nigerian authorities are looking for a missing IT admin at an unnamed bank who is suspected of helping cybercriminals make off with 6.28 billion Naira ($38.6m).

8 Sept 2014 - NIST Seeks to Determine Awareness and Effectiveness of Cyber Security Framework
The National Institute of Standards and Technology (NIST) has released a request for information (RFI) regarding the level of awareness about the cyber security framework among companies that operate elements of the country's critical infrastructure, NIST also wants to know what effect the framework is having on their security postures. Comments will be accepted through October 10, 2014.

4 Sept 2014 - Copier Forensics in 2014: The Good, the Bad, and the Ugly
Recently, I had the opportunity to do forensic analysis on a HDD extracted from a Canon ImageRunner Advanced C5240 Multifunction Copier. After a story was broken by CBS News, back in 2010, it seemed likely that less would be available than is described in the copier forensic write-ups here and here. Nonetheless, I was hopeful. As you will see, my results were somewhat mixed, but the security enhancements put in place after that article could certainly have been much more complete.

30 August 2014 - Software Piracy Arrests
Police in London, UK have arrested two people in connection with a software piracy ring. The unnamed men are suspected of selling pirated software from Microsoft, Adobe, and other companies over the Internet.
The pair was arrested by the Police Intellectual Property Crime Unit (PIPCU), which has also recently arrested people for allegedly running illegal sporting-event streaming websites and proxy sites that allowed users to circumvent blocks on piracy websites.

27 August 2014 - Malware Advertising Attack Hits Popular Websites
Several popular websites have been targeted by maliciously-crafted advertisements to infect site visitors' computers with malware. At least eight sites have been affected, including eBay.ie, Photobucket.com, and Deviantart.com. The attacks took place between August 19 and August 22.
Dutch security company Fox-IT detected the attacks, and noted that the sites themselves were not compromised; instead, the malicious redirection activity came from advertisements.

25 August 2014 - AdThief malware infects 75K iOS devices, steals revenue
Malware known as AdThief, which targets jailbroken Apple iPhones and iPads, has infected about 75,000 devices. Although security researchers at Palo Alto Networks first revealed the malware, Fortinet provided additional details in a recent Virus Bulletin.

26 August 2014 - California Governor Signs Law Requiring 'Kill Switch' on Smartphones
Governor Jerry Brown of California on Monday signed into law a measure that requires smartphones sold in California to include smarter antitheft technology, a feature that lawmakers hope will help reduce phone theft.

26 August 2014 - UK Information Commissioner Fines Ministry of Justice Over Unencrypted Prison Records
The UK Information Commissioner's Office (ICO) has fined Ministry of Justice GBP 180,000 (US $298,500) for losing a device that contains unencrypted prison records. In May 2012, the Prison Service issued new hard drives with encryption capabilities to all 75 prisons in England and Wales. The ministry, for which this is a repeat offense, was reportedly unaware that disk encryption needed to be switched on. The missing device contained personal data about nearly 3,000 inmates. The data include health information, visitor information, and prisoners' links to organized crime.

22 August 2014 - 33-Month Prison Sentence for Film Piracy
A 25-year-old British man has been sentenced to nearly three years in prison for filming a movie in a theater. He sold copies of the file before its release for sale for GBP 1.50 (US $2.50) each, earning a total of GBP 1,000 (US $1,660). Universal Pictures, which distributed the film, argued that the actions cost it GBP 2.5 million (US $4.14 million).

22 August 2014 - Survey Says Companies Not Prepared to Manage Insider Threats
According to the "2014 Insider Threat Survey" from Spectorsoft, more than half of IT and security professionals feel that their organizations are not adequately prepared to deal with insider threats. The study surveyed 255 people at small and medium sized businesses in the US, Latin America, and Europe. Fifty-five percent attributed the lack of preparedness to a lack of training; 51 percent attributed it to insufficient budgets; and 34 percent said that inside threats were not a priority.

15 August 2014 - Longer Passwords Are Harder to Crack
Mixing upper and lower case letters, numbers and special characters doesn't make passwords any harder for hackers to crack, only increasing the number of characters does, according to new research from Trustwave.

14 August 2014 - Most Companies Unsatisfied with Their Security Incident Response
A SANS study found that just nine percent of organizations believe that their response to security incidents is "highly effective." More than a quarter of those responding said they were dissatisfied with their incident response. Among the impediments to effective response programs are lack of review and practice of response procedures, and insufficient budgets.

12 August 2014 - Chinese Authorities Arrest Suspect in Android Heart App Malware Case
Police in China have arrested a 19-year-old man for his alleged role in creating malware that targets Android devices. The malware, known as the Heart App, spreads quickly by pretending to be an invitation to arrange a date. Instead, when users click on the link, the malware sends SMS messages to the first 99 people on the device's contacts list. The malware sent out 20 million SMS messages and infected 100,000 devices.
Heart App also steals information from the devices it infects.

5 August 2014 - Billions of Digital Credentials Stolen
A group of Russian thieves has collected a stash of Internet account
credentials: 1.2 billion user name and password combinations and 500 million email addresses. The data were taken from more than 420,000 websites. The group believed to be responsible for the massive data heist appears to be using the information to send spam. 

28 July 2014 - Court Fines Phony Antivirus Purveyors US $5.1 Million
A federal court in New York has issued default judgments against 14 companies for selling phony antivirus products. The companies have been ordered to pay a total of US $5.1 million in fines. The schemes involved selling so-called antivirus products over the phone. Once the targets had paid for the fake product, they were told to install software that actually gave those running the scheme remote access to their computers.

25 July 2014 - Laptop stolen from Self Regional Healthcare contained patient data
South Carolina-based Self Regional Healthcare (SRH) is notifying at least 500 patients that their personal information – including Social Security numbers and financial data – was on a laptop stolen from an SRH facility.

24 July 2014 - Rhode Island hospital to pay $150K for past data breach
A Rhode Island hospital must pay $150,000 after a data breach compromised more than 12,000 Massachusetts residents' personal information. Patients' names, dates of birth, Social Security numbers, exam dates, physicians' names and ultrasound images were compromised in November 2012, according to a Massachusetts release. In 2011, the Women & Infants Hospital of Rhode Island shipped 19 unencrypted back-up tapes to its parent company's office in order to be eventually archived. The tapes contained the personal and health information of more than 12,000 Massachusetts residents.

14 July 2014 - Hotels Urged to Check Business Center Computers for Malware
An advisory from the US Secret Service and the National Cybersecurity and Communications Integration Center warns organizations in the country's hospitality sector that computers available for hotel guests'
use in their hotels are likely being infected with keystroke loggers.
The advisory was issued after suspects who had managed to compromise public use computers in hotels were arrested in Texas. The advisory urges hotels to check the computers in their business centers.

9 July 2014 - Prison Time for Man Convicted in Phishing Case
A US District Judge sentenced Iulian Schiopu to nearly four years in prison for his role in a phishing scheme. Schiopu was arrested in Sweden in May 2013 and was extradited to the US four months later.


18 June 2014 - San Diego hospital breach investigation reveals second incident, both human error
Nearly 20,000 patients of Rady Children's Hospital (RCH) in San Diego are being notified that their personal information was erroneously included in emails sent to job applicants

17 June 2014 - Email sent to wrong address, data on more than 35K Calif. students at risk
More than 35,000 Riverside Community College District (RCCD) students in California are being notified that their personal information – including Social Security numbers – was included in an email that was sent to the wrong external email address.

13 June 2014 - Prison Sentence for Former Microsoft Employee Who Leaked Information to Blogger
A former Microsoft employee has been sentenced to three months in prison for leaking sensitive information. Alex Kibkalo worked for Microsoft in Russia and Lebanon. He provided a French blogger with several updates prior to their release dates; he leaked the information because he was unhappy with having received an unsatisfactory performance review. Kibkalo has been in custody since his March 19 arrest, so the majority of his sentence has already been served. When Kibkalo is released, he will be deported to Russia.

12 June 2014 - Stolen thumb drive contained five years of data on nearly 34K Calif. patients
Nearly 34,000 patients who received X-ray services at California-based Redwood Regional Medical Group are being notified that their personal information was on a thumb drive that was stolen from an employee's locker.

10 June 2014 - Man Admits to Stealing eMail Credentials and Fraudulent Activity
Attackers were able to exploit weaknesses in systems at US government agencies to trick employees at the Environmental Protection Agency (EPA) and Census Bureau into revealing their email account access credentials. The attackers used the accounts to order nearly US $1 million worth of office supplies, which they sold online. One man has admitted to offenses related to the scheme; he faces up to 20 years in prison. Some government agencies have not implemented encryption and verification procedures on webpages and email, enabling this sort of attack.

10 June 2014 - Bank of Montreal ATM Hacked with Weak Password
A story in the Winnipeg Sun describes how two local teenagers put a Bank of Montreal ATM into operator mode using an easily-guessed password.

10 June 2014 - Penn State Hershey employee takes data home, puts 1,801 patients at risk
About 1,800 patients of Penn State Hershey Medical Center are being notified that their information had the potential to be compromised because a clinical laboratory technician had been working with the data from home, outside the secured Penn State Hershey system.

9 June 2014 - Cyber Crime Costs Global Economy $445B
Cyber crime has a significant impact on economies worldwide. A new report from the Center for Strategic and International Studies (CSIS) concludes that cyber crime costs businesses approximately $445 billion worldwide, with an impact on approximately 150,000 jobs in the EU and 200,000 jobs in the U.S.

9 June 2014 - Facebook Stupidity Leads to Largest Gang Bust in NYC History
a long trail of quite helpful Facebook postings about crimes that lead New York City police to what authorities are calling "the largest gang takedown in New York City's history."

9 June 2014 - Town Refuses to Pay Crypto Ransom for Police Computers
The town manager of a hamlet in south eastern New Hampshire has defied demands that he pay a ransom to recover police department computer files taken hostage by Cryptowall, a newer piece of malware that encrypts hard drive contents of infected machines until victims pay for them to be decrypted.

30 May 2014 - CryptoDefense ransomware targets vulnerable Java users
CryptoDefense, a variant of CryptoLocker, was used by saboteurs to rake in more than $34,000 between February and March, Symantec researchers found. Now, analysts at Bromium Labs warn the malware, which holds victim files hostage by employing public-key cryptography using strong RSA encryption, is being delivered to users via a Java exploit.

30 May 2014 - Home Depot staffer fired, tapped 30,000 accounts, shared card data
Home Depot, which last experienced an insider breach in February, has fired and is prosecuting an employee who, for two weeks in May, accessed information on more than 30,000 customer accounts.http://www.scmagazine.com/home-depot-staffer-fired-tapped-30000-accounts-shared-card-data/article/349253/?DCMP=EMC-SCUS_Newswire

30 May 2014 - Study: 432M hacked accounts in a year, large part of U.S. at risk
The bleak figure was said to be a conservative estimate by the Ponemon Institute, which calculated the findings at the request of CNNMoney. According to the outlet, the number of hacked accounts among impacted Americans topped 432 million accounts during that time period.

30 May 2014 - French Spy on US Companies, Too
State-sponsored French hackers are probably the most “capable” of stealing the business secrets of American companies, after China, according to former CIA director and defense secretary, Robert Gates.

29 May 2014 - US Cyber Crime Rising Faster than Resistance
The 12th annual survey of cybercrime trends found that online attackers determined to break into computers, steal information and interfere with business are more technologically advanced than those trying to stop them.

28 May 2014 - iPhones and iPads Held Hostage
Some owners of iPhones and iPads have found their devices held hostage by malware that locks them until the demand, usually about US $100, is paid. The attacker exploited the Find My iPhone feature to launch the attack, which has mainly affected people in Australia. While it is not clear how the attacker obtained the information used to launch the attacks, there is speculation that it was obtained in a breach and it would affect users who use the same set of credentials for multiple accounts. Apple denied that its iCloud service has been breached. Apple Australia recommends that users change their Apple ID passwords.

21 May 2014 - eBay Criticized for Handling of Breach
eBay has met with widespread criticism for the way it handled a breach that exposed user data. On May 21, eBay acknowledged that a database containing user passwords and personally identifiable information was compromised. The intrusion occurred in February or March of this year.
eBay became aware of the breach earlier this month. The company was taken to task for delaying notification for so long and for the labyrinthine process users had to navigate to change their passwords.
Furthermore, the volume of users trying to change their passwords was at one point overwhelming eBay's system. People want to know why they did not detect the intrusion for three months, but eBay and the FBI have not been forthcoming with details about the breach.

14 May 2014 - Google Drawing Harder Line on Suspicious Google Apps Logins
Google is imposing stronger requirements on Google Apps logins that appear suspicious. If the company suspects that a login attempt is being made by someone other than an account's legitimate user, Google will ask the person logging in to enter a verification code sent via SMS to authenticate their identity, even if users have not activated that security feature. Google will eventually roll out the stricter login requirements to all its domains.

9 May 2014 - Canadian Teens Face Charges in SWATting Attacks
A teenager in Canada has been arrested in connection with making bomb threats and placing calls to emergency services reporting phony life-threatening situations, which is known as "SWATting." The teen allegedly placed at least 30 such calls, which caused law enforcement agencies to deploy SWAT teams to locations of the teen's choosing. Two other teenagers are facing similar charges.

8 May 2014 - New York Hospitals Pay US $4.8 Million Fine for HIPAA Violation
New York Presbyterian Hospital and Columbia University Medical center have paid US $4.8 million in a settlement with the US Department of Health and Human Services for violations of the Health Insurance Portability and Accountability Act (HIPAA). Patient data were unintentionally exposed when a doctor tried to deactivate a computer he personally owned from a network segment that held roughly 6,800 patients' lab results, medication data, and other sensitive information.

7 May 2014 - Ransomware Hitting Androids
Ransomware is now targeting devices running the Android mobile operating system. The malware delivers a screen with a message that appears to come from a law enforcement agency, informing users that they have been caught viewing illegal content and that their devices will be blocked until they pay US $300. The current version of the malware does not actually lock up the devices, but the ransom screen pops up continually.
Devices become infected when users visit certain pornography websites where they are asked to install an APK that claims to be a video player.
To become infected, users must allow out-of-market apps and manually install the APK. Versions of the malware have also been detected in Germany, Italy, Poland, the UK, and the United Arab Emirates with messages customized for each country.

2 May 2014 - Attack Targets Facebook Users in India
An attack targeting Facebook users in India tries to lure people in with the offer of a tool that will supposedly allow them to break into other people's accounts. The attack directs users to a Google Drive document that contains JavaScript code. Users are instructed to cut and paste the code into their browser's console window. Instead of being able to break into other people's accounts, the users' own Facebook accounts are hijacked. The attack is called self cross-site scripting because the users are induced to run the attack code themselves. While the attack has clear signs that it is a scam, it has reportedly still racked up
50,000 to 100,000 likes for various pages.

30 April 2014 - Study Shows More than 40 Percent of Identity Theft is Medical-Related
A survey recently released by the Identity Theft Resource Center found that 43 percent of all identity thefts reported in the US in 2013 were medical-related. Stolen medical identity information has been used to obtain treatment and prescription medicines; medical identity fraud also places incorrect information in the patients health records.


29 April 2014 - Phishing Scheme Used VoIP to Steal Debit Card Data
In a new variation on phishing campaigns, thieves used text messages and VoIP (voice over Internet protocol) calls to steal debit card data from customers of a number of US financial institutions. The targeted bank customers received text messages telling them their debit card has been deactivated and were given a phone number to call to reactivate the card. The number sent them to an interactive voice response (IVR) system that asked for their debit card number and PIN.


28 April 2014 - AOL Says User Data Were Stolen
AOL now says that the attackers who sent spoofed email that appeared to come from AOL addresses compromised account information of at least two percent of AOL users. Compromised data include email addresses, contact lists, encrypted passwords, and encrypted answers to security questions.
AOL is urging all users to change their passwords and security questions.

25 April 2014 - Stanford's New Password Policy
Stanford University has implemented a new password policy. Users will be permitted to have extremely long (20 characters or more) passwords and not be subject to character complexity requirements: using upper- and lower-case letters, numbers, and symbols. Short (eight character) passwords must fulfill the all complexity requirements. The requirements drop at 12, 16, and 20 characters. All passwords will be vetted to ensure that they are not common or too weak.

25 April 2014 - Nine Sentenced for Roles in Barclays Thefts
Tony Colston-Hayter has been sentenced to five and a half years in prison for orchestrating a GBP 1.25 million (US $2.1 million) theft from two branches of Barclays bank in April and July of 2013. Pretending to be tech support contract employees, Colston-Hayter and his accomplices placed keyboard video mouse (KVM) switches and wireless routers on computers in the targeted banks to gain access to the bank's internal system and steal the information they used to empty six bank accounts.
Less than half of the funds have been recovered. Eight accomplices have also been sentenced; their punishments range from suspended sentences to eight years in prison. Three more people are slated to be sentenced in June.

21 April 2014 - Malware Steals Apple ID Credentials from Jailbroken iOS Devices
Malware detected in the wild steals Apple ID credentials from jailbroken iPhones and iPads. The malware is being called "unflod," which is the name of a library that it installs on infected devices. Unflod was detected after users reported repeated crashes of jailbroken iOS devices. Users noticed that the problems began occurring after they installed jailbroken-specific customizations, also known as tweaks, that came from someplace other than Cydia, an alternative Apple App Store store for jailbroken iOS devices.

4 Mar 2014 - Thousands of Wireless Routers Hijacked
More than 300,000 wireless routers used in homes and in small office settings have been compromised. The attack reconfigured the DNS settings on D-Link, Micronet, Tenda, TP-Link, and other devices. So far, the compromised routers have not been used for any malicious purpose, but they could be used to redirect users to sites that try to steal financial account access information. Most of the compromised routers are in Eastern Europe, Vietnam, and Europe.

4 Mar 2014 - Illinois Bank Urges People to Stop Using Credit Cards in Cabs in Chicago
First American Bank in Illinois is urging cab riders in Chicago to avoid paying with credit or debit cards, warning of an ongoing data breach that seems to be connected with card processing systems used by a large number of taxis in Chicago. First American became aware of the situation in early February when several customers complained about fraudulent charges on their accounts. The commonality among the cards was having been used in Chicago taxis. The bank has begun cancelling the cards of customers who charge taxi fare and issuing them new ones. The bank has reported the issue to MasterCard.

21 Feb 2014 - Malicious Apps in Google Play Store
Between 2011 and 2013, the percentage of malicious apps in the Google Play store increased by nearly fourfold, from 2.7 percent in 2011 to 12 percent in 2013. Over that same period of time, the number of malicious apps that Google removed dropped from 60 percent to 23 percent. The decline in removal of malicious apps could be explained by the fact that malware purveyors are using methods of infection that elude traditional detection tools.

10 Feb 2014 - North Carolina Law Firm Loses "All Documents" to Cryptolocker
A law firm in North Carolina has reported losing all of its legal documents to the Cryptolocker ransomware, even though the company tried to pay the US $300 ransom. Because the firm's IT staff attempted to decrypt the files, by the time the decision was made to pay the ransom, the three-day ransom deadline period had expired.

7 Feb 2014 - Phony Army Benefits Website May Have Stolen Credentials
A website set up to mimic a US Army benefits site may have managed to trick soldiers into providing their personal information. The site, which called itself My Army Benefits, bears a name nearly identical to a real site, myarmybenefits.us.army.mil. The fraudulent site, which included a misspelled word in its name, collected soldiers' Army Knowledge Online (AKO) access credentials.

7 Feb 2014 - PCI Standard Compliance Treated as Annual Hurdle, Not Consistent Practice
According to a report from Verizon, most companies that attain annual compliance with the Payment Card Industry Data Security Standard (PCI DSS) do not maintain that compliance over the course of the following year. Verizon based its report on PCI compliance assessments it conducted on more than 500 organizations between 2011 and 2013. According to the data, just over 11 percent of organizations maintained compliance between annual assessments. The problem is that many organizations treat compliance as an annual test rather than a "continuous risk management effort."

6 Feb 2014 - Wireless Devices Attacked at Sochi
Proving correct predictions that wireless devices will be targeted by cyber criminals at the Sochi Olympics, NBC foreign correspondent Richard Engel found that two laptops and his smartphone were quickly compromised with malware that enabled attackers to use the devices to eavesdrop and access data on the devices. The laptops were probed within minutes of connecting to the Internet, and soon after, Engel received a phishing message. A researcher who accompanied Engel has acknowledged that the laptops were fresh out of the box with no updates and no security software, and that the phone was compromised after the user agreed to install an .apk from a Sochi website. Even so, visitors to Sochi are likely to face a barrage of attempted cyber attacks.


31 Jan 2014 - California High School Students Expelled for Using Keystroke Logger
Eleven Corona del Mar High School students have been expelled for placing keystroke loggers on teachers' computers and using the credentials obtained from the loggers to change grades and access exams.
No charges have been filed at this point, although police have obtained search warrants, which suggests they may pursue felony counts against the students. A private tutor has also been implicated in the case.

30 Jan 2014 - Eleven People Arrested in eMail Hacking-for-Hire Schemes
Eleven people have been arrested in four countries in connection with several websites that offered to gain access to email account passwords. In the US, five people have been arrested. Two have been charged with operating websites that advertised the services, and the three others have been charged for using similar services offered on websites hosted outside the US. Four people were arrested in Romania, and one person each in India and China.

30 Jan 2014 - Yahoo Resetting Passwords After Compromise Attempts
Yahoo has reset passwords for Yahoo Mail accounts that appear to have been compromised. Yahoo said that the attackers had likely stolen usernames and passwords from a third-party database and attempted to use the information to log into Yahoo Mail accounts. Users whose accounts were affected received messages from Yahoo notifying them of "unusual activity on the network."
Internet Storm Center:

27 Jan 2014 - Laptops Stolen From Coca-Cola Contained Unencrypted Employee Data
The theft of unencrypted laptops from the Coca-Cola Company has compromised personal information of about 74,000 current and former employees. The data on the computers include names, Social Security numbers (SSNs) and driver's license numbers. A former employee who had been responsible for maintaining and decommissioning equipment took the computers; they have since been recovered.

24 Jan 2014 - Stolen Laptop Contains Health Data of 620,000 Alberta, Canada Residents
A laptop stolen from an IT consultant contains unencrypted health data of 620,000 residents of Alberta, Canada. The data include names, birth dates, provincial health card numbers, and diagnostic codes. The Medicentres Family Health Care Clinics notified Edmonton police and the Alberta Information Privacy Commissioner about the incident on October 1, 2013, but Alberta's health minister was informed just last week.

24 Jan 2014 - CNN Blogs and Social Media Accounts Hijacked
Members of the Syrian Electronic Army (SEA) used phished passwords to social media accounts from CNN employees. The phishing messages were well written and appeared to come from other CNN employees. The compromised accounts were used to post propaganda; the unauthorized posts were removed minutes after they appeared.

23 Jan 2014 - Study Says France's Three-Strike Policy Has Not Curbed Piracy
A study of French Internet users found that the country's "three-strikes" anti-piracy policy has had little to no effect on users obtaining pirated content. The policy "has not deterred individuals from engaging in digital piracy [nor has it lessened] illegal activity of those who did engage in piracy," according to the report's authors, researchers at the University of Delaware and the University of Rennes. The report does mention another study that found a 20-25 percent increase in sales of French music on iTunes shortly before the law took effect, but they say it was due to "public education efforts" instead of the law itself.

23 Jan 2014 - Cross-Platform Malware Targeting Android Devices
Researchers have detected malware that can jump from Windows PCs to Android handsets through USB connections. The malware, known as the Fakebank Trojan, uses a developer tool called Android Debug Bridge to send the malware from the PC to the Android device. The malware is designed to seek out certain Korean banking applications. If the apps are found on the device, users are prompted in install an update, which is a malicious version of the app. Fakebank also monitors SMS messages.


21 Jan 2014 - Thirteen People Indicted in Gas Pump Bluetooth Skimming Scheme
Thirteen people have been indicted in connection with a gas pump card-skimming scheme. The Bluetooth-enabled skimming devices were placed on gas pumps at stores in states in the southern US; those behind the scheme allegedly used the information from the skimmers to make more than US $2 million in fraudulent ATM withdrawals.

20 Jan 2014 - South Korean Credit Bureau Employee Arrested For Allegedly Selling Personal Data to Telemarketers; Executives Resign
An employee of South Korea's Korea Credit Bureau has been arrested for allegedly selling personal information he had access to while working at the company. The breach appears to have affected as many as 20 million people. The compromised information includes names, credit card numbers, and expiration dates. The temporary employee allegedly stole information from the servers of KB Kookmin Card, Lotte Card, and NH Nonghyup Card, and sold the data to phone marketing companies. Managers of the phone marketing companies have been arrested as well.

14 Jan 2014 - Study Says US Government Workers Do Not Practice Good Mobile Device Security
According to a study from the Mobile Work Exchange, many US federal government employees are not taking appropriate measures to secure their mobile devices, despite established security policies. The report, commissioned by Cisco Systems, focused on tablets, smartphones, and laptops. While physical security seems to be more entrenched - 86 percent of the workers lock their computers while away from their desks
- - more than 40 percent of the 155 government workers surveyed use their mobile devices in ways that put their agencies and the devices at risk for a breach. Issues include using public wireless networks, failure to employ multi-factor authentication or encryption, and 25 percent do not use passwords for their devices. Also, downloading personal apps and opening messages from senders they do not know.

12 Jan 2014 - Target Says Malware Found of Point-of-Sale Terminals
Target is now acknowledging that there was malware on its point-of-sale terminals. In addition, the breach, already one of the largest known breaches of payment card data to date, affected as many as 110 million Target customers, nearly three times the initial estimate. Target CEO Gregg Steinhafel says the company is planning "significant changes" in response to the breach, but did not elaborate.

11 Jan 2014 - Neiman Marcus Investigating Payment Card Data Breach
Neiman Marcus says that it was also targeted in a data breach over the past few months. The retailer says its database was infiltrated in December. As in the Target breach, the attack affects people who shopped in physical stores but not online shoppers. Neiman Marcus is working with the Secret Service to investigate the breach.

10 Jan 2014 - Cisco Warns of Vulnerability in Several Devices
Cisco has issued a security advisory warning of a vulnerability in some of its small business devices. The flaw could be exploited to gain root access to WAP4410N Wireless-N Access Points, WRVS4400N Wireless-N Gigabit Security Routers, and RVS4000 4-port Gigabit Security Routers. There are presently no workarounds for the issue, but Cisco says it will release updates to fix the problem by the end of the month. Internet Storm Center: https://isc.sans.edu/forums/diary/Cisco+Small+Business+Devices+backdoor+fix/17399/

8 Jan 2014 - When Support for Windows XP Ends in April, Microsoft Will Also Pull Security Essentials for XP
In what appears to be a concerted effort to urge users to upgrade from Windows XP to a more current version of the operating system, Microsoft has announced that when is stops supporting XP in April, it will also cease support for Security Essentials on XP.

7 Jan 2014 - New Hampshire Town Lost Files to CryptoLocker
A New Hampshire town has lost eight years worth of computer files to the CryptoLocker ransomware. An employee at the Greenland, NH, town hall opened an attachment accompanying an email purporting to be from AT&T on December 26. The system administrator did not learn about the issue until four days later, after the deadline for paying the ransom had expired.

2 Jan 2014 - Snapchat Data Stolen; App Will Be Updated
A database of Snapchat 4.6 million usernames and some associated telephone numbers with the last two digits blurred has been posted online. The site where the stolen data were posted has been taken down.
The people behind the attack say they exploited recent changes made to Snapchat to access the information. A message on Twitter from Snapchat CEO Evan Spiegel says that the company is "working with law enforcement [and] will update when we can."


© 1999-2016 Security Awareness, Inc. All Rights Reserved  :  Privacy Statement
Contact Us     Site Map