- Visit SANS, Sophos, SC magazine, and InfoSecurity magazine websites to sign up for news feeds -
29 July 2011 - AT&T Will Throttle Broadband Speed for Smartphone Data Hogs
AT&T has announced that starting October 1, 2011, smartphone users with unlimited data plans who consume large amounts of data may find that their connections are throttled; the plan will affect those whose use lands then in the top five percent of users in a billing cycle. The plan affects users who have purchased unlimited data plans which AT&T stopped offering last year. Users with tiered service may pay for additional use. AT&T says that the plan is not a permanent long term solution, and that the only way to solve the bandwidth problem would require "completing the T-Mobile merger," which has been opposed by competitors and some legislators. Users will receive warning notices and will have a grace period before the throttling takes effect. Speeds will return to normal levels at the start of the next billing cycle.
http://www.computerworld.com/s/article/9218760/AT_T_to_throttle_big_users_of_unlimited_data
http://www.usatoday.com/tech/wireless/2011-08-01-atampt-unlimited-data-plans_n.htm
29 July 2011 - External Hard Drives Infected With Conficker are Recalled
AUSCERT issued a warning to consumers about the Fission External 4-in-1 Hard Drive, DVD, USB and Card Reader being sold at ALDI discount stores.
There have been reports that some of the devices are infected with Conficker. ALDI has removed the affected devices from its shelves and has issued a voluntary recall. Users are advised to return the devices to the store and to run anti-virus scans on their PCs. The malware is likely to have infected the drives during factory production.
http://www.zdnet.com.au/aldi-sells-hard-drives-with-malware-inside-339319481.htm
http://www.scmagazine.com.au/News/265264,aldi-recalls-conficker-infected-hard-drives.aspx
28 July 2011 - Trojan Variant Trick Users Into Transferring Funds Out Of Online Banking Accounts
A newly-detected Trojan horse program waits until users access their online bank accounts, then tells them that a credit has been made to their account in error. It then informs them their account is frozen until they authorize the transfer of the funds back out of the account.
The malware alters the appearance of users' balances and offers them pre-populated transfer forms. This Trojan bears similarities to another known as the URL Zone Trojan, which manipulates the balances users see in their online banking accounts to appear normal even after they have been drained of funds.
http://krebsonsecurity.com/2011/07/trojan-tricks-victims-into-transfering-funds/
28 July 2011 - Court Orders BT to Block Site Linked to Digital Piracy
A group of film studios represented by the Motion Picture Association (MPA), the international arm of the Motion Picture Association of America (MPAA), has won a court order against British ISP BT to block the Newzbin2 filesharing website. A British High Court judge has ordered BT to block users' access to the members-only website that offers links to movies and television programs available on Usenet boards.
http://www.eweek.com/c/a/Cloud-Computing/Hollywood-Wins-Court-Order-to-Force-BT-to-Block-Pirate-Site-Newzbin2-610329/
http://www.bbc.co.uk/news/technology-14322957
26 July 2011 - Governor Recognizes Maryland Winners of US Cyber Foundations Competition
Governor Martin O'Malley took time out to honor Maryland winners of the
2011 Spring Cyber Foundations National Competition. The competition, coordinated by the U.S. Cyber Challenge, is a national online contest to identify talented high school students with the skills to pursue advanced education and job opportunities in the cyber security field, one of the most in-demand career fields.
http://www.benzinga.com/pressreleases/11/07/p1803362/maryland-governor-martin-omalley-recognizes-winners-of-u-s-cyber-challe
25 July 2011 - Chinese Authorities Close Two Phony Apple Stores in Kunming
Officials in China have shut down two phony Apple stores in the wake of a blogger's story that publicized their presence. Trade officials launched an investigation; five stores claiming to be Apple retail outlets were discovered in Kunming, China. Two of the operations lacked official business licenses and were ordered to suspend operations pending the outcome of an investigation by the Chinese government.
http://www.bbc.co.uk/news/technology-14273444
http://content.usatoday.com/communities/ondeadline/post/2011/07/china-shuts-2-phony-apple-stores-but-3-others-stay-open/1
22 July 2011 - Man Sentenced for Malware Spread Over Peer-to-Peer Network
A judge in Japan has sentenced a man to two-and-a-half years in prison for writing malware that spread over the Winny peer-to-peer file sharing network. Masato Nakatsuji was already on probation for a similar offense when he was nabbed for the "ika-tako," or "squid-octopus" malware.
Nakatsuji had received a two-year suspended sentence in 2008 for spreading malware by attaching it to anime images. The 30-month sentence is for property destruction; the malware replaced files on people's computers with a cartoon image of an octopus.
http://www.theregister.co.uk/2011/07/22/japan_jails_vxer/
http://www.yomiuri.co.jp/dy/national/T110720005908.htm
21 July 2011 - Man Arrested for Allegedly Infecting Computers with Malware
Authorities in Canada have arrested a man for allegedly placing keystroke-logging software on computers in Canada, the US, France, Russia and the United Arab Emirates. Joseph Mercier was employed as an information security manager at an unnamed organization. He allegedly used his work computers and computers at his home to conduct the scheme, which also allowed him to use infected computers' webcams to spy on people and take pictures.
http://www.theregister.co.uk/2011/07/21/canadian_bofh_botnet_scam/
21 July 2011 - Phony Apple Stores Reported in China
An American ex-pat blogging from Kunming, China, has reported finding three phony Apple stores in that city. The blogger said that the staff at the establishments appeared to believe that they were actually employed by Apple, but certain details, including the words Apple Store outside the storefronts, led to suspicion that the establishments were bogus. The origin of the merchandise being sold has not been determined. The Wall Street Journal cannot speak reporter managed to speak to one of the store's employees who appeared to know that the store was not official. Apple has not commented on the situation. Apple has four official stores in China and several official resellers, but the Kunming store appears to be neither.
http://www.bbc.co.uk/news/technology-14236786
http://www.pcmag.com/article2/0,2817,2388826,00.asp
18 July 2011 - Microsoft Offers Reward for Arrest of Rustock Operators
Microsoft is offering a US $250,000 reward for information that leads to the arrest and conviction of those responsible for the Rustock botnet. Earlier this year, Microsoft launched a concerted attack on Rustock when it obtained court orders that allowed authorities to seize the botnet's command and control servers. At one point, Rustock was believed to be responsible for 40 percent of all spam sent worldwide.
http://krebsonsecurity.com/2011/07/microsoft-offers-250k-bounty-for-rustock-author/
14 July 2011 - Comcast Bans Bandwidth Hog For One Year
Comcast has banned a Seattle man from the Internet for a year because he used too much data. Andre Vrignaud used more than 250 GB of data on his Comcast Internet connection for two months in a row, violating the company's use policy, which does not allow those who are banned to switch to more expensive, uncapped, but lower speed connections. A Comcast spokesperson said that the 250 GB limit was established after the company agreed not to selectively slow down peer-to-peer traffic.
The limit is designed to prevent users from degrading their neighbors'
Internet connections.
http://www.pcmag.com/article2/0,2817,2388437,00.asp
13 July 2011 - ZeuS Variant Targets Android Smartphones
Anti-virus vendors have detected a variant of the ZeuS Trojan horse program that can infect Android smartphones. The malware in this case is a variant of Zitmo, which stands for "Zeus in the mobile;" it pretends to be an online banking security application called Rapport, which is the name of a legitimate application from Trusteer. It is capable of stealing one-time passwords that are sent to users' mobile phones as an added layer of security and sending them to a remote server.
http://www.h-online.com/security/news/item/ZeuS-trojan-attacks-Android-1278609.html
http://www.informationweek.com/news/231001685
13 July 2011 - Minnesota Wi-Fi hacker gets 18 years in prison for terrorizing neighbors
Minnesota hacker Barry Ardolf was sentenced to an 18-year term in a federal prison this Tuesday. Ardolf had terrorized a neighboring family for two years through a carefully planned campaign involving a hijacked Wi-Fi network to harass, frame and embarrass the next-door neighbors in every facet of their lives.
http://news.yahoo.com/minnesota-wi-fi-hacker-gets-18-years-prison-032803295.html
12 July 2011 - Three Sentenced for Phishing Scheme
Three men have been sentenced to prison for their roles in a phishing scheme that defrauded banks around the world. The three were arrested in the UK and Ireland in August 2010. Their sentences range from two years to just over five-and-a-half years. The men established phony web pages for banks, promoted them through spam, and harvested login data.
The men compromised 900 bank accounts and 10,000 credit cards. Losses of GBP 570,000 (US $921,000) have been confirmed, but the total could be as high as GBP 3.1 million (US $5 million).
http://www.theregister.co.uk/2011/07/12/phishing_fraudsters_jailed/
8 July 2011 - Spear-phishing attacks take two more national labs offline
Two more Department of Energy (DOE) labs appear to be the victims of spear-phishing attacks that resulted in the shutdown of their email and Internet connectivity.
The Department of Energy’s Pacific Northwest Lab (PNNL) in Richland, Wash., and Jefferson National Lab in Newport News, Va., suffered recent cyberattacks and responded by suspending email and internet connectivity, according to various media reports. Battelle, which operates PNNL, was also targeted.
http://www.infosecurity-us.com/view/19300/spearphishing-attacks-take-two-more-national-labs-offline/
7 July 2011 - Colorado agency loses medical aid applicants' data
A computer disk containing the personal information of thousands of medical aid applications has gone missing from the Colorado Department of Health Care Policy and Financing.
http://www.scmagazineus.com/colorado-agency-loses-medical-aid-applicants-data/article/206945/?DCMP=EMC-SCUS_Newswire
7 July 2011 - Programmer Arrested for Alleged Theft of Trade Secrets
US law enforcement authorities have arrested a man for alleged theft of proprietary software. Chunlai Yang had worked as a senior software engineer for CME group, which makes commodity derivative market trading platforms. CME says they have been monitoring Yang's computer use and noticed that he downloaded files containing proprietary source code. He was arrested in a raid on CME's offices and has been charged with theft of trade secrets. The FBI said that Yang had email contact with an organization in China; one of the messages included an attachment that contained proprietary code. Yang is a naturalized US citizen.
http:www.theregister.co.uk/2011/07/07/chinese_espionage_arrest/
http:www.fbi.gov/chicago/press-releases/2011/libertyville-man-arrested-for-theft-of-trade-secrets-from-cme-group
6 July 2011 - Morgan Stanley Smith Barney: Losing data, and client trust, the old fashioned way
Brokerage firm Morgan Stanley Smith Barney recently admitted that personal information on 34,000 investment clients had been lost in the mail, and possibly stolen.
http://www.infosecurity-us.com/view/19224/morgan-stanley-smith-barney-losing-data-and-client-trust-the-old-fashioned-way/
5 July 2011 - Massachusetts data breaches touch five million residents
Data breaches have affected five million residents of Massachusetts since October 2007, when the state’s strict data breach law was enacted, according to Barbara Anthony, head of the Office of Consumer Affairs and Business Regulation.
http://www.infosecurity-us.com/view/19179/massachusetts-data-breaches-touch-five-million-residents/
29 June 2011 - Finnish Court Orders Three Subscribers' Internet Connections Disconnected
A court in Finland has ordered an Internet service provider (ISP) to disconnect three users from the Internet for alleged violations of copyright law. The subscribers received no warning notices. The three individuals are believed to be users of The Pirate Bay website. The order follows a lawsuit filed by the Copyright Information and Anti-Piracy Centre and the International Federation of the Phonographic Industry earlier this year.
http://www.theinquirer.net/inquirer/news/2082827/finnish-court-isps-disconnect-filesharers
28 June 2011 - Eleven-Year Sentence for Man Involved in Phishing Ring
Kenneth Lucas II, who was in charge of the US branch of an International phishing operation, has been sentenced to 11 years in prison. In 2009, more than 100 people were arrested in connection with what is known as Operation Phish Phry. Some of those involved used phishing tactics to steal bank account information that was then used to siphon funds. Lucas and two co-conspirators arranged for money mules to receive the stolen money, deposit it in their accounts and send it on to accounts outside the US. In all, the scheme stole more than US $1 million from its victims.
http://www.scmagazineus.com/us-lead-on-huge-phishing-ring-receives-13-years-in-prison/article/206321/
27 June 2011 - Film Industry Seeks to Block Site That Hosts Pirated Movies
The Motion Picture Association is seeking an injunction that would force BT to sever access to a website that hosts pirated films. The MPA wants BT to use the same technology that it uses to block child pornography sites to block the Newzbin site. BT was chosen as the target of the injunction because it is the largest Internet service provider (ISP) in the UK and because it provides a site blocking system called Cleanfeed to other ISPs. The MPA is the international counterpart to the Motion Picture Association of America (MPAA).
http://www.bbc.co.uk/news/technology-13927335
17 June 2011 - Virgin Media Warns Users Infected With Spy Eye Trojan
Internet service provider (ISP) Virgin Media has warned about 1,500 customers that their computers have been infected with the SpyEye Trojan horse program. Virgin has provided the customers with advice from the UK's Serious Organised Crime Agency (SOCA) for cleaning their computers.
http://www.scmagazineuk.com/virgin-media-warns-customers-about-spyeye-trojan-as-1500-users-found-to-be-part-of-botnet/article/205509/
http://www.infosecurity-magazine.com/view/18785/virgin-media-works-with-soca-on-1500-spyeye-infections-/
15 June 2011 - Missing Laptop Holds Unencrypted NHS Patient Data
A laptop computer stolen from a National Health Services (NHS) subsidiary in London contains unencrypted personal health information of more than 8.6 million people, including records of 18 million hospital visits, operations and procedures. Three weeks ago, the laptop and 19 other computers were reported missing from a storeroom at the London Health Programmes medical research organization. The incident is being investigated by the UK Information Commissioner's Office (ICO) and police.
http://www.zdnet.co.uk/news/security-management/2011/06/15/nhs-laptop-loss-could-put-millions-of-records-at-risk-40093112/?tag=mncol;txt
10 June 2011 - Fines for Former T-Mobile Employees Who Stole and Sold Data
Two men who used to work for T-Mobile have been fined a total of GBP 73,700 (US $121,000) for stealing customer information and selling it to third parties. The action resulting in the decision was brought by the UK information Commissioner's Office (ICO), which launched the investigation in 2008.
http://www.v3.co.uk/v3-uk/news/2078194/thieves-fined-gbp75-stealing-information-mobile
http://www.eweekeurope.co.uk/news/miscreants-fined-for-selling-t-mobile-customer-data-31582
3 June 2011 - Spear Phishing Attacks Gathered Information Over Many Months
The recently disclosed spear phishing attacks against key government officials, political activists and journalists in several countries around the world had been painstakingly planned; the attackers appear to have been gathering personal information about their targets for as long as nine months. Google claims to have disrupted the targeted attacks.http://www.theregister.co.uk/2011/06/03/gmail_users_stalked_for_months/
2 June 2011 0 Tennessee Law Prohibits Sharing Login Credentials
Tennessee's governor has signed into law a bill that makes it illegal to share login information - usernames and passwords - with anyone, including family members. The law takes effect July 1 and applies only within the borders of that state. The bill is an expansion of laws that allow prosecution of people for stealing cable service or not paying for restaurant meals. People convicted under the law of stealing up to US $500 worth of entertainment could face a year in jail and a fine of up to US $2,500. For those convicted of stealing more than US $500 of content, penalties are greater.
http://news.cnet.com/8301-13506_3-20068233-17.html?tag=mncol;title
1 June 2011 - Google Pulls Malware-Infected Apps From Android Market
Google has pulled nearly three dozen apps from its Android market after learning that the mobile applications were infected with malware. The questionable apps are maliciously altered versions of legitimate ones.
Several months ago, Google removed more than 50 apps from Android Market over similar concerns. The malware in question this time is being called DroidDream Light.
http://www.scmagazineus.com/new-android-malware-variant-lands-with-a-punch/article/204296/
1 June 2011 - Facebook Video Scam Spreading
Some links spreading through Facebook that claim to lead to salacious videos actually lead users to sites that install rogue security software on their computers. Facebook has thus far been powerless to stop the scareware attacks. The scheme targets both PCs and Macs. The ruse varies with operating systems. PC users are told they need to install the most recent version of Adobe Flash Player to view the video; Mac users are greeted with a security warning pop-up that offers a "fix" button. The malware redirects users to pornographic websites every five minutes until they pay for a software license.
http://www.computerworld.com/s/article/9217229/Facebook_video_scam_puts_malware_on_Mac_and_
Windows?taxonomyId=17
1 June 2011 - Second Annual UK Cyber Security Challenge Launched
Registration has begun for the UK's second annual Cyber Security Challenge, a competition designed to encourage people with interest and skills in cyber security to pursue and develop careers to fill the need for specialists to defend UK networks. Those who are interested can register through the competition website to participate in a series of challenges over the coming year. This year's competition has three
strands: secure network design, informed defence, and investigate and understand.
http://www.bbc.co.uk/news/technology-13615091
http://www.eweekeurope.co.uk/news/cyber-security-challenge-open-for-registrations-30797
29 May 2011 - French Police Shut Filesharing Website
Law enforcement authorities in France have shut down a website known for making pirated movies, music and software available for download and have arrested three people in connection with the operation. Liberty Land had an estimated 800,000 members. The site's operators each face up to five years in prison and fines of 500,000 Euros (US $714,000).http://www.bangkokpost.com/tech/computer/239483/french-police-close-down-piracy-website
13 May 2011 - Facebook Adds Security Feature
Facebook has introduced an added layer of security to prevent account hijacking. Users must opt-in to the two-factor authentication feature, called Login Approvals, which requires supplying Facebook with a mobile phone number to which a one-time security authentication code will be sent when users try to login to Facebook from new devices. A new code will be required every time users attempt to login from a device that they have not designated as safe.http://krebsonsecurity.com/2011/05/facebook-adds-mobile-authentication/
16 May 2011 - Warns of (Nonexistent) Hard Drive Problems
A new twist on scareware purports to detect disk errors and tries to manipulate users into paying US $80 for phony software that repairs problems that did not exist in the first place. The malware, which infects users machines when they surf to certain, tainted websites, moves files to temporary locations and makes desktop icons disappear, lending credence to the notion that something bad is going on with the machines' hard drives.
http://www.computerworld.com/s/article/9216765/Windows_scareware_fakes_impending_drive_disaster?
taxonomyId=17
13 May 2011 - LimeWire Will Pay US $105 Million to Settle RIAA Suit
LimeWire and its founder, Mark Gorton, will pay US $105 million to settle a lawsuit brought by the Recording Industry Association of America (RIAA). The lawsuit, filed in August 2006, alleged that LimeWire was "devoted essentially" to enabling music piracy over the Internet. In October 2010, a judge ordered LimeWire to stop distributing peer-to-peer (P2P) filesharing software.http://news.cnet.com/8301-31001_3-20062418-261.html
7 May 2011 - Google Image Poisoning
Reports are emerging that Google Images searches are returning results laced with malicious links. Users have reported that when they clicked on certain results, their computers became infected with scareware alerts and warnings. The technique has been used recently to take advantage of people's curiosity about the royal wedding and about bin Laden.
http://isc.sans.edu/diary.html?storyid=10822
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
6 May 2011 - Raid Targets Computer Allegedly Used in DDoS Against Gene Simmons' Website
US federal law enforcement agents have raided a home in Gig Harbor, Washington in connection with distributed denial-of-service (DDoS) attacks against Gene Simmons' website. Simmons' website came under attack last October, days after the KISS frontman spoke out against illegal filesharing and encouraged musicians to "sue everybody." Some of the traffic implicated in the attack had been traced to the Gig Harbor home, where law enforcement agents seized a computer that reportedly belongs to a teenager who lives there.
http://isc.sans.edu/diary/VUPEN+Security+pwns+Google+Chrome/10852
http://www.theregister.co.uk/2011/05/09/kiss_gene_simmons_ddos_probe/
5 May 2011 - PC Rental Company Allegedly Used Webcam to Take Pictures of Customers Remotely
A Wyoming couple has filed a lawsuit against a store through which they had a rent-to-own computer agreement. The suit alleges that the store spied on them. Crystal and Brian Bird discovered that someone at the store had used remotely activated software to take a picture of Brian when a store employee came to their home and attempted to repossess the
computer. The lawsuit also names the company that developed the
software allegedly used to take the picture. Evidently a picture was taken each time the couple received a pop-up reminder to register their software. The Byrds are seeking class action status for their lawsuit.
http://www.channelregister.co.uk/2011/05/06/secret_spy_hardware_suit/
28 April 2011 - LimeWire Trial Set to Start This Week
The copyright infringement lawsuit brought against LimeWire by the Recording Industry Association of America (RIAA) is scheduled to start on Tuesday, May 3. It's the first such lawsuit against a file-sharing software company since the Supreme Court ruled against Grokster in 2005.
A federal jury will decide how much LimeWire should pay for copyright infringement conducted through its service. The record companies say LimeWire owes more than US $1 billion in damages. US District Judge Kimba Wood noted that the infringement was "willful," which significantly increases the penalty for each track that was shared illegally. Judge Wood ordered LimeWire to stop "file-distribution functionality" in October 2010.
http://www.wired.com/threatlevel/2011/04/limewire-damages-trial/
25 April 2011 - FBI Raids Home of Suspected Illegal Filesharer
The FBI has raided the apartment of an individual believed to have uploaded several movies to The Pirate Bay that were playing only in theaters at the time. The person has been identified as Wes DeSoto, a member of the Screen Actors Guild and the owner of a clothing shop.
DeSoto was pegged as the culprit because the copies of the films he
viewed had unique watermarks. Members of the Guild were provided
iTunes codes that allowed them to access the screening copies of films nominated for awards.
http://www.wired.com/threatlevel/2011/04/kings-speech-uploader/
20 April 2011 - iPhone Software Collects and Stores User Location Data
Researchers have found that iPhones running iOS4 track and retain user location data. The unencrypted information is stored on the devices and
on computers through the iOS device backup system in iTunes. The data
are stored without users' permission. There is no evidence that the information is being sent to Apple; it appears to remain in the possession of the user. Another researcher discovered the issue last year, but his work remained largely in forensic circles and was not publicized. The two researchers who just released their information have also released a tool that generates a visual representation of the stored information.
http://www.informationweek.com/news/security/privacy/229401960
20 April 2011 - Guilty Plea in Phony Software Sales Case
Jacinda Jones, from Ypsilanti, Michigan, has pleaded guilty to willful copyright infringement for selling counterfeit software over the Internet. Jones sold more than 7,000 copies of pirated software between July 2008 and January 2010. The companies affected by the sales include Microsoft, Adobe, and Symantec. The software had a retail value of more than US $2 million.
http://www.csoonline.com/article/680058/us-woman-pleads-guilty-to-selling-counterfeit-software
5 April 2011 - Free Pandora App Shares User Data
Online music service Pandora has acknowledged being served with a subpoena demanding documents related to information sharing practices.
The subpoena appears to be connected to a federal grand jury investigation into information sharing practices of apps that run on Apple and Android mobile platforms. A report recently found that a Pandora smartphone app shares user information with advertisers. The shared data include age, gender, geographic location, birth date and device ID.
http://www.informationweek.com/news/229401147
http://www.theregister.co.uk/2011/04/06/pandora_smartphone_privacy/
31 March 2011 - BP Employee Loses Laptop With Unencrypted Claimant Information
BP's acknowledgment that an employee lost a laptop containing unencrypted information of 13,000 people who have submitted claims associated with last year's oil spill has prompted analysts to declare that failing to encrypt sensitive data on portable devices is inexcusable. The information compromised in the BP laptop breach includes names, Social Security numbers (SSNs) and dates of birth. Even a requirement for federal agencies to encrypt sensitive data on portable devices following a breach that compromised the security of records of more than 26 million veterans has not resulted in compliance.
http://www.computerworld.com/s/article/9215369/Failure_to_encrypt_portable_devices_inexcusable_say_
analysts?taxonomyId=17
31 March 2011 - TV Producer Sues Over Lost Show Files
The creators of children's television program Zodiac Island say that a disgruntled former employee at their data hosting company deleted more than 300GB of video files, erasing an entire season of the show. The Wisconsin ISP, CyberLynk, fired Michael Scott Jewson in February 2009.
A month later, Jewson allegedly logged into CyberLynk's computer systems and deleted data stored on an FTP server. Although CyberLynk was supposed to have backed up the stored data, the backup system "had failed and/or was not properly instituted," according to the lawsuit filed by WeR1 World Network, the show's creator. WeR1 is suing CyberLynk and Jewson for damages.
http://www.computerworld.com/s/article/9215417/Lawsuit_claims_fired_data_center_worker_wiped_out_
TV_show?taxonomyId=17
29 March 2011 - Spam Volume Drops by One-Third Following Rustock Takedown
Since the Rustock botnet has been taken down, worldwide spam levels have dropped 33 percent, according to MessageLabs. Other botnets appear to be starting to fill the void. The Bagle botnet is now believed to be the single largest active source of spam.
http://www.theregister.co.uk/2011/03/29/rustock_takedown_spam_stats/
22 March 2011 - Two-Year Sentence for Stealing Virtual Gaming Chips
A UK man has been sentenced to two years in jail for stealing virtual gaming chips. Ashley Mitchell pleaded guilty to charges of hacking and theft for stealing and reselling chips used in games from Zynga.
Mitchell stole 400 billion gaming credits and resold a third of them, earning about GBP 53,000 (US $85,000). Ashley managed to gain access to Zynga's systems and assume the identities of two employees.
http://www.theregister.co.uk/2011/03/22/poker_chip_hacker_jailed/
http://www.bbc.co.uk/news/uk-england-devon-12791483
21 March 2011 - Companies Lose Business Following Data Breaches
A study conducted by the Ponemon Institute on behalf of Symantec, 37 percent of data loss cases reported in the UK in 2010 involved system failures; that figure is seven percent higher than it was in 2009. The study also found that the average cost of data breaches for large UK companies in 2010 was GBP 1.9 million (US $3.1 million), an increase of
13 percent from 2009. The report also found that companies that suffer computer breaches experience significant financial repercussions in lost business.
http://www.scmagazineuk.com/system-failure-is-seen-as-a-greater-concern-than-negligence-as-cost-of-average-data-breach-to-organisations-reaches-19-million/article/198789/
http://www.bbc.co.uk/news/technology-12789569
19 March 2011 - Phishing Attack Evades Filters
The US Computer Emergency Response Team (US-CERT) has warned of a sophisticated phishing attack that targets customers of several financial institutions, including Bank of America, PayPal and Lloyds.
This particular attack manages to evade filters designed to identify phishing sites. The phishing emails arrive with HTML attachments.
http://www.v3.co.uk/v3-uk/news/2035559/-cert-warns-phishing-attacks
18 March 2011 - Eight-Year Sentence for Theft of Proprietary Code
A former programmer for Goldman Sachs has been sentenced to eight years in prison for stealing proprietary code from the investment company.
Sergey Aleynikov developed high-frequency trading software for Goldman Sachs. He worked at the firm from 2007 to June 2009. He transferred a significant amount of the code to servers in Germany in July 2009. The following month, he met with a startup developing high-frequency trading software. He had taken steps to erase his tracks; his activity was discovered when Goldman Sachs began monitoring HTTPS transfers after noticing suspicious network activity.
http://www.wired.com/threatlevel/2011/03/aleynikov-sentencing/
16 March 2011 - Home WiFi Users Lack Understanding of Security
According to a survey from the UK Information Commissioner's Office (ICO), nearly half of home computer users who have WiFi networks do not understand WiFi security settings. Most Internet service providers
(ISPs) now set up and install customers' WiFi security settings, but 40 percent of WiFi users do not understand those settings and 16 percent are either using an unsecured network or do not know if their network is secured. ICO head of policy Steve Wood pointed to Google's Street View data collection vehicles gathering information from unprotected networks as evidence that users need to be aware of their network settings.
http://www.infosecurity-magazine.com/view/16701/ico-says-40-of-wireless-home-internet-users-have-no-knowledge-of-wifi-security/
13 March 2011 - Facebook Users Scammed by Bogus CNN Japanese Tsunami Video
In even more attacks, inspired by the disaster in Japan, Facebook users are being tricked into clicking on links which claim to be raw CNN footage of the Japanese tsunami by cold-hearted scammers. Sophos recommends that users take care over the links they click on, and only visit trusted sites for news of the disaster in Japan.
http://email.sophos.com/r/?id=h2874f3d,2b394e20,2b394e23
12 March 2011 - Japanese tsunami disaster exploited by hard-hearted cybercriminals
Sick-minded scammers are up to their dirty tricks again, trying to make money out of the natural disaster in Japan which has shocked people around the world. In one example, Facebook users are being tricked into believing they are going to see a whale carried by the tsunami into a wrecked building. But the reality is that the scammers are trying to earn money by bringing traffic to online surveys. Sophos recommends that users who wish to keep abreast of the news only trust legitimate media sources.
http://email.sophos.com/r/?id=h2874f3d,2b394e20,2b394e21
11 March 2011 - Earthquake and Tsunami Breed Web Scams, Malware
The 8.9-magnitude earthquake and deadly tsunami in Japan also has triggered a tidal wave of cybercrime, say experts. Almost immediately after the news broke, internet fraudsters got to work by customizing their malicious websites so they would rank near the top of search results, a process known as black hat search engine optimization. The sites purportedly featured information about the quake but actually had been booby-trapped with malware, such as rogue anti-virus programs.
http://www.scmagazineus.com/earthquake-and-tsunami-breed-web-scams-malware/article/198195/?DCMP=EMC-SCUS_Newswire
11 March 2011 - N.J. Agencies Failed to Wipe Hard Drives Before Resale
Multiple New Jersey state agencies left confidential information on computers set to be sold at auction, according to a report released this week by state Comptroller Matthew Boxer. An audit by Boxer's office revealed that multiple state agencies disposed of computer equipment without ensuring that data on the devices had been removed. Auditors discovered completed tax returns, Social Security numbers, health records, child abuse papers and a list of login passwords on computers that were shrink-wrapped on pallets at the state's surplus property warehouse ready to be auctioned off to the public.
http://www.scmagazineus.com/nj-agencies-failed-to-wipe-hard-drives-before-resale/article/198186/?DCMP=EMC-SCUS_Newswire
10 March 2011 - Google Faces Second Privacy Lawsuit Over Gmail Content Scanning
Google is being sued for the second time over its practice of scanning Gmail message content to serve users ads relevant to the messages'
topics. The first lawsuit brought by a Texas man in November 2010, has been sealed. The new suit, on behalf of Kelly Michaels, focuses on Google's Terms of Service agreement. The complaint claims that Google asks users to agree to its Terms of Service, but doesn't ensure that the users understand what it is they are agreeing to. The Google Terms of Service agreement includes 92 paragraphs. The Google Program Policy and Privacy Policy are also separate entities; the Privacy Policy includes
55 external links.
http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=229300677&
subSection=Security
9 March 2011 - New Jersey Comptroller Finds Data on Machines Marked for Auction
An audit conducted by the Office of the New Jersey State Comptroller found that nearly 80 percent of retired state government computers headed for auction still contained sensitive personal data. The computers examined were being held at a state surplus property warehouse. New Jersey guidelines require that data be removed from hard drives before computers are sent to the warehouse. The audit was prompted by a number of arrests of warehouse employees. New Jersey state comptroller Matthew A. Boxer says that he believes it is likely that other machines containing data have already been sold because no outside agency had investigated the procedures before his office looked into the matter at the warehouse.
http://www.nytimes.com/2011/03/10/nyregion/10computers.html?ref=technology
http://www.govtech.com/policy-management/New-Jersey-Audit-Uncovers-Confidential-Data-on-Auction-Bound-Computers.html
7 March 2011 - Google Remotely Removes Infected Apps From Android-based Devices
Google has begun using its "remote removal function" to purge infected apps from Android devices running versions prior to 2.2.2. About 50 apps were found to be infected with malware known as DroidDream; all have been removed from the Android Market. Google has also suspended the accounts of the developers believed to be responsible for the infected applications and plans to take legal action.
http://gcn.com/articles/2011/03/07/google-kills-droiddream-malware.aspx?admgarea=TC_SECCYBERSSEC
http://www.scmagazineus.com/google-remotely-killing-android-malware/article/197794/
6 March 2911 0 Former Employee Sentenced to Home Confinement for Deleting Company Data
Ismael Alvarez has been sentenced to one year of home confinement and five years of probation for breaking into his former employer's computer server and deleting data. Alvarez had worked at Gray Wireline Services for more than seven years before he was fired. Investigators identified Alvarez as the culprit through the IP address used to access the server.
The files he deleted contained proprietary reports about oil and gas wells. Alvarez was also ordered to pay more than US $20,000 in fines and restitution.
http://www.theregister.co.uk/2011/03/06/fired_employee_revenge_hack/
3 March 2011 - DroidDream Trojan is a Nightmare for Thousands of Android Users
Google has removed 55 apps from its Android Market after tens of thousands of users downloaded applications that were infected by the DroidDream trojan, according to numerous news reports
http://www.infosecurity-us.com/view/16360/droiddream-trojan-is-a-nightmare-for-thousands-of-android-users/
2 March 2011 - Google Pulls Infected Apps From Android Marketplace
Google has removed more than 50 apps from Android Market after discovering they had been infected with malware. The malware has the capability of gaining root access to infected devices and stealing information. Users had downloaded between 50,000 and 200,000 copies of the infected apps before they were pulled. They were all infected with the same malware and had been available on Android market for about four days. Another malware-infected app made news recently, but that one, called Steamy Window, was offered on a third-party site rather than Android Market. Although Google has the capacity to automatically uninstall apps from the phones, it has not initiated that procedure yet in this case.
http://www.bbc.co.uk/news/technology-12633923
1 March 2011 - Former Employee Gets House Arrest for Breaking Into Company Network
A California woman who admitted to accessing her former employer's computer network and posting confidential information to the Internet will serve 60 days of home detention and one year of probation. Ming Shao avoided prison time for her actions. She was able to access the sensitive data belonging to her former employer, PanTerra Networks, through two employee email accounts for several months following her dismissal from the company in August 2009. Shao pleaded guilty to one count of felony computer intrusion.http://www.theregister.co.uk/2011/03/01/sacked_employee_sentenced/
28 February 2011 - Malware on London Stock Exchange Site
The website of the London Stock Exchange (LSE) was infected with malware that appears to have come from third-party advertisements. The malware urged site visitors to download useless security software products and in some cases, merely visiting the site was enough to compromise people's computers. More than 360 pages on the site have reportedly hosted malware over the last three months. LSE has disabled the advertisements responsible for the malware.
http://www.bbc.co.uk/news/technology-12597819
http://www.scmagazineuk.com/london-stock-exchange-website-hit-by-malware-scare/article/197150/
25 February 2011 - HHS Stepping Up HIPAA Privacy Rules Enforcement
The US Department of Health and Human Services (HHS) appears to be getting serious about enforcing Health Insurance Portability and Accountability Act (HIPAA) privacy rules. HHS has imposed enforcement actions against two organizations for HIPAA privacy violations. Cignet Health was charged a civil monetary penalty of US $4.3 million for failing to provide patients access to their own medical records and failing to cooperate with an HHS investigation into the matter. When Cignet finally sent boxes of records to the US Justice Department, they included records for the 41 individuals who had requested their records as well as records of 4,500 other people. Massachusetts General Hospital will pay HHS US $1 million for the exposure of personal information of 192 patients when documents were left on a subway in March 2009. HHS appears to be getting serious about enforcing HIPAA privacy rules. Both incidents are the result of business process failures rather than technology failures.
http://www.computerworld.com/s/article/9211359/HIPAA_privacy_actions_seen_as_warning?taxonomyId=84
http://www.washingtonpost.com/wp-dyn/content/article/2011/02/22/AR2011022207094.html
24 February 2011 - Keystroke Loggers Found on Library Computers
Keystroke logging devices were found plugged in to computers at libraries in Cheshire, UK. It is not known how long the devices were connected to the computers before they were discovered. Keyboards are now being plugged in to ports at the front of computers.
http://www.scmagazineuk.com/keyloggers-found-plugged-into-library-computers/article/196936/
22 February 2011 - OddJob Trojan Steals Online Banking Session IDs
The OddJob banking Trojan grabs online banking session ID tokens in real time, allowing thieves to keep the sessions open longer and make fraudulent transactions. The malware is being actively used in the US, Poland and Denmark. Researchers have noted that those behind OddJob have made refinements to the malware over the last few weeks.
http://www.scmagazineus.com/trojan-steals-session-ids-bypasses-logout-requests/article/196816/
16 February 2011 - Sony Threatens to Ban Jailbroken PS3 Console Users from PlayStation Network
Sony says it will permanently ban users of jailbroken PlayStation 3
(PS3) gaming consoles from the PlayStation Network. Sony has not said how it plans to enforce the new policy. The announcement comes just weeks after code to jailbreak PS3 consoles was posted to the Internet.
The code allows users to play "homebrewed" games on the devices, but with a few changes, could also be used to allow the consoles to play pirated games. The action stems from a legal case against George Hotz, who allegedly posted the code; Hotz is facing charges for violations of the Digital Millennium Copyright Act (DMCA) and other offenses.
http://www.wired.com/threatlevel/2011/02/sony-threatens-jailbreakers/
http://www.theregister.co.uk/2011/02/17/sony_playstation_network_ultimatum/
15 February 2011 - 2012 Budget Proposal Includes Significant Increase in Cyber Security Spending
The White House's 2012 budget proposal includes an overall increase in cyber security research spending of 35 percent, bringing the total proposed allocations to US $548 million. Requested funding for government IT overall is about the same as the previous year.
http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending?
taxonomyId=82
http://www.nextgov.com/nextgov/ng_20110216_3295.php?oref=topnews
14 February 2011 - Federal Agents Seize 18 Domains Linked to Counterfeit Fashion Accessories
Agents of the US government have seized an additional 18 domains that have been linked to piracy, bringing the total seized under Operation in Our Sites to nearly 120. The sites affected today allegedly sold counterfeit jewelry, handbags and other fashion accessories. The action was taken with no advance warning to the sites. Two weeks ago, the same agencies seized 10 domains associated with providing pirated sporting event content.
http://www.wired.com/threatlevel/2011/02/eighteen-domains-seized/
http://www.ice.gov/news/releases/1102/110214washingtondc.htm
8 February 2011 - ICO Imposes Hefty Fines for Failure to Encrypt Laptops Containing Patient Info
Two councils have been fined a total of GBP 150,000 (US $241,000) for failing to encrypt patient data on laptops that were later stolen from an employee's home. The breach affected 1,700 people. While there is no evidence that the information has been misused, the fines were levied by the Information Commissioner's Office (ICO) for violations of the Data Protection Act. Failure to encrypt the laptops also breached council policy.
http://www.theregister.co.uk/2011/02/08/ico_fines_two_councils_over_unencrypted_laptop_thefts/
7 February 2011 - Mass Filesharing Law Suits Continue
In 2010, nearly 100,000 people in the US were sued for alleged illegal filesharing. Of the 80 mass lawsuits filed, 68 are still active; those suits target nearly 71,000 individuals. The practice of mass lawsuits, which allows the copyright holder to avoid the cost of filing suits against every individual, has been called predatory.
http://www.informationweek.com/news/internet/policy/showArticle.jhtml?articleID=229201274&
subSection=Security
7 February 2011 - One-third of EU Internet Users Report Malware Infection
One-third of Internet users in the European Union experienced malware infections, according to statistics gathered by the EU. The countries with the highest rates of infection were Bulgaria, where 58 percent of users reported infections, and Malta, Slovakia, Hungary and Italy, where about half of all users reported infections. Those with the lowest rates were Ireland and Austria, with about a 15 percent infection rate.
The statistics were compiled by users reporting infections, so the actual rate of infection is likely to be even higher. Eighty-four percent of the more than 200,000 people surveyed said they have some sort of anti-malware technology in place.
http://www.v3.co.uk/v3/news/2274618/eu-safer-internet-day-cyber
http://www.reuters.com/article/2011/02/07/uk-life-eu-virus-idUSLNE71605W20110207
2 February 2011 - Congressmen Seek Answers About Facebook Data Privacy
US lawmakers are seeking additional information about Facebook's plan to allow websites and third-party applications to request access to users' home addresses, phone numbers and other personal information.
The feature was postponed in January over privacy concerns, but Facebook plans to relaunch the feature in the next several weeks.
Representatives Ed Markey (D-Massachusetts) and Joe Barton (R-Texas), who co-chair the House Privacy Caucus, have sent a letter to Facebook's Mark Zuckerberg containing a list of questions about why the feature was introduced in the first place.
http://www.politico.com/news/stories/0211/48703.html
http://www.usatoday.com/money/media/2011-02-03-facebook03_ST_N.htm
- Visit SANS, Sophos, SC Magazine, and InfoSecurity magazine websites to sign up for news feeds -
27 January 2011 - FTC Wins US $8.2 Million Settlement in Phony AV Software Case
The US Federal Trade Commission (FTC) has reached an agreement with father and son team Maurice and Marc D'Souza, who used deceptive advertising to trick Internet users into downloading bogus antivirus software. The D'Souzas will forfeit US $8.2 million as part of the settlement. The money will be used to reimburse people who were duped into buying the worthless software, which went by names such as Winfixer, Drive Cleaner and Antivirus XP. The D'Souzas used an "elaborate ruse" to trick websites into running the ads that manipulated users into buying their products.
http://www.pcworld.com/businesscenter/article/217987/alleged_scareware_vendors_to_pay_82_million_
to_ftc.html
http://www.theregister.co.uk/2011/01/27/scareware_mongers_fined/
26 January - South African Newspaper Takes Down Website to Protect Users From Malware
Following relentless cyber attacks, the website of South African newspaper The Mail & Guardian has been taken down to implement security improvements. Editors said that the site was being inundated with attacks that appeared to emanate from Russia and that tried to steal site visitors' information. Rather than expose users to the malware, the decision was made to take the site down. They hope to have the site available soon.
http://www.theregister.co.uk/2011/01/26/mail_and_guardian_hack_attack/
21 January 2011 - Cisco 2010 Security Report Notes Cybercrime Moving Toward Mobile Devices
According to Cisco's 2010 Annual Security Report, cyber criminals appear to be shifting their focus from Windows machines to mobile devices.
Users are falling prey to social engineering scams through social networking, email and even phone calls. In addition, 2010 marks the first year "in the history of the Internet" in which the volume of spam dropped, due in large part to botnet takedowns and increased ISP email restrictions.
http://www.scmagazineus.com/cybercrime-migrating-to-mobile-and-apple-cisco-report/article/194734/
http://www.v3.co.uk/v3/news/2274334/cisco-spam-drop-affiliates-90
20 January 2011 - Carberp Trojan Updating Itself
The Carberp Trojan horse program that steals information and leaves a back door open on infected systems was first detected in the fall of 2010 and now appears to be upgrading its capabilities. Carberp is designed to steal banking data. It masquerades as a legitimate Windows file and deletes antivirus software from infected machines. The upgrades allow Carberp to run on all versions of Windows without administrator privileges. Carberp communicates with command and control servers through encrypted HTTP traffic.
http://www.computerworld.com/s/article/9206025/Carberp_banking_malware_upgrades_itself?taxonomyId=17
http://www.h-online.com/security/news/item/Online-banking-trojan-developing-fast-1172452.html
18 January 2011 - Client Attorney Privilege Does Not Apply if Client Communicates via Work eMail
A ruling from a California appeals court means that communications between client and attorney are not considered privileged if the client uses his or her work email account to conduct the communication. A unanimous decision by the Sacramento Third Appellate District involves a secretary who claimed her employer turned hostile after learning of her pregnancy shortly after she was hired. The company used email the secretary had sent from the workplace as evidence that she was not suffering severe emotional distress.
http://www.wired.com/threatlevel/2011/01/email-attorney-client-privilege/
13 January 2011 - Vodafone Fires Employees After Security Breach
An unspecified number of Vodafone employees in Australia have been fired in the wake of a data security breach that exposed the personal information of as many as four million customers. There have been allegations that access to the customer database was sold to criminals.
Vodafone has also said that it is taking steps to improve data security.
The Australian Privacy Commissioner plans to investigate the incident.
http://www.zdnet.com.au/vodafone-sacks-staff-over-data-breach-339308574.htm
http://www.itnews.com.au/News/244672,vodafone-sacks-staff-over-alleged-security-breach.aspx
13 January 2011 - Bank Employee Sold Customer Data
A Singaporean bank executive sold customer information to a number of people, including an illegal money lender. Sazaly Selamat was experiencing financial difficulties, including repossession of his car.
One of the people repossessing the vehicle discovered that Sazaly could access his employer's customer database and paid him for customer data.
An illegal bookmaker also became one of Sazaly's clients and paid Sazaly for information on people who owed him money. Sazaly pleaded guilty to charges of corruption and accessing the bank's customer information system without authorization.
http://admpreview.straitstimes.com:90/vgn-ext-templating/v/index.jsp?vgnextoid=91444c23faa7d210V
gnVCM100000430a0a0aRCRD&vgnextchannel=cf70758920e39010VgnVCM1000000a35010aRCRD
http://www.channelnewsasia.com/stories/singaporelocalnews/view/1104257/1/.html
13 January 2011 - Guilty Plea From Man Who Broke into eMail Accounts, Stole and Posted Pics
George Samuel Bronk has pleaded guilty to seven felony charges, including computer intrusion, for breaking into more than 3,200 email accounts and stealing revealing pictures of women which he then posted to the Internet. He then changed their passwords, stole pictures and uploaded them to the women's Facebook profiles. He posted pictures of
172 women. In one case, he blackmailed a woman into sending him more explicit pictures of herself if she didn't want him to post those he had stolen. Bronk faces up to six years in prison.
http://www.pcworld.com/businesscenter/article/216734/man_stole_nude_photos_
from_womens_email_accounts.html
http://www.msnbc.msn.com/id/41082627/ns/technology_and_science-security/
http://oag.ca.gov/news/press_release?id=2026
12 January 2011 - Disgruntled Former TSA Employee Draws Prison Sentence for Logic Bomb
Former Transportation Security Administration (TSA) employee Douglas James Duchak has been sentenced to two years in prison for planting a logic bomb in a TSA screening system. Duchak had been employed as a data analyst for TSA since 2004. Duchak placed the malware on the system in late 2009, shortly after being informed that his job was being eliminated. The malware was discovered by other workers before it caused any damage.
http://www.wired.com/threatlevel/2011/01/tsa-worker-malware/
http://www.theregister.co.uk/2011/01/12/tsa_employee_sabotage_attempt/
12 January 2011 - Two Sentenced in Gas Pump Skimming Scheme
Two men have been sentenced to prison for their roles in a skimming scheme involving gas pumps at stations around the US. The scheme began to unravel when a convenience store clerk in California noticed a skimming device inside one of the store's gas pumps. Authorities were notified, and they placed a clone inside the pump and waited for the crooks to return and retrieve the device. David Karapetyan and Zhirayr Zamanyan were arrested and charged with felonies. Karapetyan received a seven year sentence, while Zamanyan received a five year sentence.
Two additional accomplices, Edwin Hamazaspyan and Naum Mints, are scheduled to appear in court in February.
http://www.theregister.co.uk/2011/01/12/atm_skimming_prison_senteces/
11 January 2011 - Intruders Accessed Laptops on Bank and Credit Union Network
Sovereign Bank and Pentagon Federal Credit Union (PenFed) have both recently reported that intruders broke into laptops connected to their networks. Employees noticed a computer on the network connecting to an atypical IP address; an investigation revealed a keystroke logging program on a company laptop. At PenFed, it was discovered that someone had gained access to a laptop on the financial institution's network and used that connection to access a database containing sensitive customer information, including credit card and Social Security numbers.
http://www.depositaccounts.com/blog/2011/01/malware-on-laptop-caused-security-breach-at-penfed.html
http://www.msnbc.msn.com/id/41059570/ns/technology_and_science-security/
10 January 2011 - Teen Who Made Phony Phone Threats Over VoIP Sentenced
The North Carolina teenager who was arrested in March 2009 for making hoax bomb threats to schools and FBI offices around the country is being released after serving 22 months in pre-trial custody. A judge has sentenced Ashton Lundeby to time served and ordered him to serve three years supervised release. He was also ordered to pay more than US $29,000 in restitution. Lundeby made some of the hoax threats at the request of students who wanted to miss school, in some cases accepting payment for his efforts. He pleaded guilty to conspiracy in October.
He made the calls using VoIP software. He and others listened online as authorities responded to the threats.
http://www.wired.com/threatlevel/2011/01/tyrone/
6 January 2011 - Investigation Heats Up in Calif. Gas Station Skimming Scheme
At least 282 people have been victimized by credit card fraud after using their payment cards at a gas station in Sierra Madre, about 18 miles northeast of Los Angeles, California. The cumulative total of fraudulent transactions is at least US $82,000. The station where the card information is believed to have been stolen closed after Christmas.
Authorities are attempting to question the store's owner, Evgeny K.
Yakimenko, as a person of interest in the case. The US Secret Service is now assisting in the investigation. Authorities have released a security photo of a man who used one of the cloned cards at an ATM.
http://latimesblogs.latimes.com/lanow/2011/01/gas-station-credit-card-fraud.html
|
