News briefs: CISPA passed by the house, Twitter breaches, and more
News briefs: Malware cripples South Korea, largest DDos ever, and more
» The Cyber Intelligence Sharing and Protection Act, a bill that would implement cyber intelligence sharing protocols between the government and private sector, was passed by the House. While supporters say the bill will help the private sector share information about threats with the government without fear of legal consequences, opponents fear it doesn't go far enough to defend the privacy of citizens.
» Hackers prompted short-lived alarm by hijacking the Twitter account of the Associated Press and posting a message that there had been explosions at the White House, and President Obama was injured. The incident sent the Dow Jones plummeting about 150 points before quickly recovering. Members of the hacktivist group “Syrian Electronic Army” took responsibility for the tweet, as well as an incident the following week where several Twitter accounts belonging to The Guardian, a major U.K.-based paper, were compromised. The events stirred debate in the security community about whether two-factor authentication could have prevented the occurrences, since victim organizations were believed to be targeted by phishing emails.
» After a massive breach impacted more than 50 million of its customers, the daily-deal website LivingSocial updated its password encryption method to bolster security. According to the company, names, email addresses, dates of birth and encrypted passwords on its servers were accessed by intruders. LivingSocial now uses a hashing algorithm known as bcrypt, dropping the outdated SHA1.
» Despite proposed cuts to overall spending for next fiscal year, the U.S. Department of Defense (DoD) could see an $800 million increase for its cyber budget. President Obama proposed that the DoD be allocated $4.7 billion for cyber security initiatives, up from $3.9 billion last year. The overall budget for defense spending, however, will be reduced by $3.9 billion from 2013. Cyber funding for DoD would help develop teams that will carry out both offensive and defensive operations, and create a security information system to allow for automated information sharing across federal agencies.
» According to Verizon's 2013 “Data Breach Investigations Report,” China-based attackers were responsible for 96 percent of all espionage incidents last year. The study analyzed 621 breaches in 2012 from caseloads at 19 organizations, primarily law enforcement groups around the world. State-sponsored spy campaigns ranked second among breaches in the 2013 report. Financially motivated cyber crime accounted for 75 percent of breaches analyzed in the study, while espionage attacks were linked to 20 percent of all breaches.
» Hackers raided the computer systems of Schnucks Markets, a St. Louis-based grocery chain, to steal 2.4 million credit and debit card numbers of customers. The data corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. Incident response firm Mandiant uncovered data-stealing malware on Schnucks systems, and the company also said it was aware of fraudsters contacting Schnucks shoppers and requesting personal information by pretending to be breach investigators.