Day: December 19, 2013

Categories
Information Security|Computer & Network Security>Malware

Who was affected by the php.net attack?

Geographic breakdown of machines infected by DGA Changer

This is related to our initial post about the PHP.net attack and whether or not the source code was compromised.  According to this article, “One of five distinct malware types served to visitors of php.net from October 22 to October 24, DGA.Changer employs a novel way of evading detection and takedown attempts.”

Source: https://arstechnica.com/security/2013/12/hackers-who-breached-php-net-exposed-users-to-highly-unusual-malware/

Categories
Information Security|Compliance>Privacy|Social Engineering|Computer & Network Security>Vulnerabilities

Are the websites you’re using tracking what you type?

Source – http://nakedsecurity.sophos.com/2013/12/17/are-the-websites-youre-using-tracking-what-you-type/

  • Backspacing, the select all/delete, hitting cancel or whatever it takes to avoid telling the world whatever it was that you typed may have been logged.
  • Self-Censorship on Facebook (PDF), that describes a study conducted by two Facebook researchers said they used code they had embedded in the web pages to determine if anything had been typed into the forms in which we compose status updates or comment on people’s posts.
  • If the content wasn’t shared within 10 minutes, it was marked as self-censored.
  • Acording to Facebook: “the things you explicitly choose not to share aren’t entirely private.”
  • Facebook spent 17 days tracking abandoned posts in a manner that some might find discomforting and readers are reminded that the internet allows website owners to be far, far more invasive.
Categories
Compliance|Information Security>Data Breach|Computer & Network Security>Patches|Computer & Network Security>Vulnerabilities

Poor Patching, Communication Facilitated July Dept. of Energy Breach

Source: http://threatpost.com/poor-patching-communication-facilitated-july-dept-of-energy-breach/103200

  • The U.S. Department of Energy is describes what lead to July breach
  • Failures around vulnerability management, access controls and a general lack of communication between decision makers
  • Hackers were able to penetrate a Web-facing application and steal personal information on 104,179 current and former employees, dependents and contractors.
  • They had access to information that could have included Names, addresses, Social Security numbers, dates of birth and bank account information, unencrypted
  • DOE failed to live up to industry standards and government mandates around not only encryption of sensitive data but also to install software updates, purchased in March, that would have prevented the breach and instead sat for five months in a testing environment, cost significantly less than the expected $3.7 million price tag for credit monitoring and other recovery costs.
Categories
Information Security>Asset Management|Information Security>Data Breach|Compliance>Encryption|Compliance>Privacy

Two Missing BCBS laptops may impact 800k people

Source: http://threatpost.com/two-missing-insurance-laptops-may-impact-800k-people/103202

  • Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members
  • The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters
  • The laptops are password protected but also admitted that they had failed to encrypt them
  • Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information
  • Horizon Blue Cross Blue Shield of New Jersey claims that they have no reason to believe that the thieves targeted the stolen laptops because of the information stored within them.
  • “Due to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible,”
Categories
Information Security>Data Breach|Compliance>PCI|Compliance>Privacy|Computer & Network Security>Vulnerabilities

Target Stores said have data breach of over 40 million customers

Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/

Everyone will be attacked, and many will be breached.  Have you taken steps to protect your organization or made plans for how to react in the event of a data breach?  Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities.

[av_button label=’Contact Us’ link=’page,35′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]