Web links for Spring 2014
Medicaid Cards Mailed to Wrong Addresses
January 6, 2014
The North Carolina Department of Health and Human Services mailed 48,752 Medicaid cards to the wrong addresses. The Medicaid cards were incorrectly sent to because of human error in computer programming and the quality assurance process in printing the new Medicaid identification cards.
Source: North Carolina Department of Health and Human Services
http://www.ncdhhs.gov/pressrel/2014/2014-01-06_more_info_medicaid.htm
http://www.ncdhhs.gov/pressrel/2014/2014-01-04_info_medicaid.htm
Systems Administrator Pleads Guilty to Sabotaging Ex-Employer’s Cloud-Computing Server
January 6, 2014
A systems admin with a cloud service provider continued to access his former employer’s network after he resigned his position. While logged in he issued a shutdown command to a key data server.
Source: Federal Bureau of Investigation
http://www.fbi.gov/washingtondc/press-releases/2014/arizona-systems-administrator-pleads-guilty-to-sabotaging-ex-employers-cloud-computing-server
Target Malware (from SANS) More details are emerging about the malware used to steal data from payment cards used at Target over an 18-day period late last year. According to sources familiar with the ongoing investigation, the attack used memory-scraping malware in Target's point-of-sale systems. The malware "parses data stored briefly in the memory banks of specific POS devices" and can capture magnetic stripe data. The attackers appear to have used a central server in Target to store stolen data and then transmitted the data to an external FTP server. http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/ http://krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/
--Bulk of China's Internet Traffic Temporarily Redirected to US-Based Addresses (From SANS) (January 22, 2014) Earlier this week, many Chinese websites were redirecting users to a blank page run by a company in the US. Chinese Internet users found they were unable to access websites hosted either in China or overseas that were part of top level domains like .com, .net, and .org. Sites with the .cn domain were unaffected by the incident. The situation did not last long - several hours - but its effect was felt for quite some time after the problem was resolved because users were still accessing cached versions of pages. While Chinese authorities said the incident was the result of an attack, a more likely scenario is a glitch in the way the country's censorship system was being managed. The company that operates the page to which surfers were redirected runs services designed to circumvent China's stringent Internet censorship program. http://www.zdnet.com/cn/china-websites-suffer-breach-in-suspected-attack-7000025431/ http://arstechnica.com/security/2014/01/hack-most-likely-not-the-reason-chinese-traffic-bombarded-us-addresses/ http://www.nextgov.com/cybersecurity/2014/01/chinese-censors-may-have-accidentally-hacked-themselves-and-caused-major-internet-outage/77297/?oref=ng-channeltopstory http://www.computerworld.com/s/article/9245626/China_blames_Internet_outage_on_hacking_attack?taxonomyId=17 http://bits.blogs.nytimes.com/2014/01/22/big-web-crash-in-china-experts-suspect-great-firewall/
Great discussion of social eningeering
http://thenextweb.com/socialmedia/2014/01/29/lost-50000-twitter-username/
Yahoo Reports Attack on Mail Accounts
January 30, 2014
Yahoo said that attackers had attempted to gain access to Yahoo Mail accounts using usernames and passwords collected from a breach on a third-party site.
Source: New York Times
http://bits.blogs.nytimes.com/2014/01/30/yahoo-reports-attack-on-mail-accounts/?_php=true&_type=blogs&ref=technology&_r=0
Title: Target Hackers Broke in Via HVAC Company (from SANS) Description: Target has revealed that the intrusion into its systems were traced back to stolen network credentials belonging to from a third party vendor. Reference: http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ http://vrt-blog.snort.org/2014/01/our-coverage-for-recent-point-of-sale.html
North Carolina Law Firm Loses "All Documents" to Cryptolocker (February 10, 2014) (From SANS) A law firm in North Carolina has reported losing all of its legal documents to the Cryptolocker ransomware, even though the company tried to pay the US $300 ransom. Because the firm's IT staff attempted to decrypt the files, by the time the decision was made to pay the ransom, the three-day ransom deadline period had expired. http://www.computerworlduk.com/news/security/3501150/cryptolocker-scambles-us-law-firms-entire-cache-of-legal-files/ Linksys worm http://www.pcworld.com/article/2098520/exploit-released-for-vulnerability-targeted-by-linksys-router-worm.html
--Thieves Use USB Sticks to Rob ATMs (February 13, 2014) (From SANS) An organized group of criminals used USB sticks to empty four ATMs of their cash. The thieves managed to open the machines to plug in the USB sticks, which contained malware that allowed the attackers to take control of the machines. Money mules then withdrew the cash. So far, just one person - a money mule - has been arrested. What makes this attack different from the majority of ATM thefts is that funds are stolen from the bank itself, not from individual accounts. The attacks occurred somewhere outside the US. http://www.darkreading.com/attacks-breaches/criminals-control-cash-out-banks-atm-mac/240166070 Internet Explorer Zero Day Exploit
February 13, 2014
Security researchers have discovered attacks targeting an Internet Explorer vulnerability (CVE-2014-0322).
Source: Websense
http://community.websense.com/blogs/securitylabs/archive/2014/02/14/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx Cyber-thieves Grab Video of Victims' to Steal Bank Cash
February 13, 2014
Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts.
Source: BBC
http://www.bbc.co.uk/news/technology-26171123
--Neiman Marcus Hackers Set Off 60,000 Alarms Missed By Defenders Because of Misguided Automation (February 21, 2014) (From SANS) Hackers who raided the credit-card payment system of Neiman Marcus Group set off alerts on the company's security systems about 60,000 times, but went unnoticed for more than eight months. The reason: automation deleted the card-stealing software automatically each day. The attackers reloaded it every day. Card data were taken from July through October. http://www.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data
The hack apparently includes the passport and photo ID details of more than 60,000 security professionals Story Link: http://www.theverge.com/2014/2/24/5441386/ethical-hacking-organization-website-defaced-with-snowden-passport
Heartbleed:
Backdoors
http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf
NEW STANDARD:
https://tools.ietf.org/html/draft-draft-draft-00 Worst data breaches http://newsletters.networkworld.com/t/7525147/258708638/455416/0/