Web links for Spring 2014

Medicaid Cards Mailed to Wrong Addresses
January 6, 2014
The North Carolina Department of Health and Human Services mailed 48,752 Medicaid cards to the wrong addresses. The Medicaid cards were incorrectly sent to because of human error in computer programming and the quality assurance process in printing the new Medicaid identification cards.
Source: North Carolina Department of Health and Human Services

Systems Administrator Pleads Guilty to Sabotaging Ex-Employer’s Cloud-Computing Server
January 6, 2014
A systems admin with a cloud service provider continued to access his former employer’s network after he resigned his position. While logged in he issued a shutdown command to a key data server.
Source: Federal Bureau of Investigation

Target Malware (from SANS)
More details are emerging about the malware used to steal data from  payment cards used at Target over an 18-day period late last year.  
According to sources familiar with the ongoing investigation, the attack  used memory-scraping malware in Target's point-of-sale systems. 
The  malware "parses data stored briefly in the memory banks of specific POS  devices" and can capture magnetic stripe data. 
The attackers appear to  have used a central server in Target to store stolen data and then  transmitted the data to an external FTP server.  
--Bulk of China's Internet Traffic Temporarily Redirected to US-Based Addresses (From SANS)  
(January 22, 2014)  
Earlier this week, many Chinese websites were redirecting users to a  blank page run by a company in the US. 
Chinese Internet users found they  were unable to access websites hosted either in China or overseas that  
were part of top level domains like .com, .net, and .org. Sites with the  .cn domain were unaffected by the incident. 
The situation did not last  long - several hours - but its effect was felt for quite some time after  
the problem was resolved because users were still accessing cached  versions of pages. While Chinese authorities said the incident was the  
result of an attack, a more likely scenario is a glitch in the way the  country's censorship system was being managed. The company that operates  
the page to which surfers were redirected runs services designed to  circumvent China's stringent Internet censorship program.  

Great discussion of social eningeering


Yahoo Reports Attack on Mail Accounts
January 30, 2014
Yahoo said that attackers had attempted to gain access to Yahoo Mail accounts using usernames and passwords collected from a breach on a third-party site.
Source: New York Times


Title:  Target Hackers Broke in Via HVAC Company  (from SANS)
Description: Target has revealed that the intrusion into its systems  
were traced back to stolen network credentials belonging to from a third  party vendor.  
Reference: http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/  
North Carolina Law Firm Loses "All Documents" to Cryptolocker  (February 10, 2014)  (From SANS)
A law firm in North Carolina has reported losing all of its legal  documents to the Cryptolocker ransomware, even though the company tried  
to pay the US $300 ransom. Because the firm's IT staff attempted to  decrypt the files, by the time the decision was made to pay the ransom,  
the three-day ransom deadline period had expired.  

Linksys worm
--Thieves Use USB Sticks to Rob ATMs  (February 13, 2014)  (From SANS)
An organized group of criminals used USB sticks to empty four ATMs of  their cash. The thieves managed to open the machines to plug in the USB  sticks, 
which contained malware that allowed the attackers to take  control of the machines. Money mules then withdrew the cash. So far,  
just one person - a money mule - has been arrested. What makes this  attack different from the majority of ATM thefts is that funds are  stolen from  
the bank itself, not from individual accounts. The attacks  occurred somewhere outside the US.  

Internet Explorer Zero Day Exploit
February 13, 2014
Security researchers have discovered attacks targeting an Internet Explorer vulnerability (CVE-2014-0322).
Source: Websense
http://community.websense.com/blogs/securitylabs/archive/2014/02/14/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx Cyber-thieves Grab Video of Victims' to Steal Bank Cash
February 13, 2014
Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts.
Source: BBC
--Neiman Marcus Hackers Set Off 60,000 Alarms Missed By Defenders Because of Misguided Automation (February 21, 2014) (From SANS) Hackers who raided the credit-card payment system of Neiman Marcus Group set off alerts on the company's security systems about 60,000 times, but went unnoticed for more than eight months. The reason: automation deleted the card-stealing software automatically each day. The attackers reloaded it every day. Card data were taken from July through October. http://www.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data
  The hack apparently includes the passport and photo ID details of more  than 60,000 security professionals    
Story Link:  http://www.theverge.com/2014/2/24/5441386/ethical-hacking-organization-website-defaced-with-snowden-passport    












Worst data breaches