News briefs: Latest security news
»Shamoon, a trojan that overwrites computer files and copies itself onto other network machines, is suspected in attacks on Saudi Arabia oil company Saudi Aramco, where 30,000 workstations were infected by malware, and RasGas, a liquefied natural gas producer based in Qatar, where executives claimed an unidentified virus shut down its website and email servers.
»Wyndham Hotels and Resorts filed a motion in U.S. District Court in Phoenix to dismiss a complaint launched by the Federal Trade Commission (FTC) over the chain's repeated security breaches. The offenses began when Russian hackers breached Wyndham's Phoenix data center in 2008 and stole the financial information of customers, leading to two subsequent breaches in a two-year period. In June, the FTC filed a lawsuit against Wyndham, citing more than $10 million in fraudulent purchases made with hundreds of thousands of credit card numbers belonging to customers. In the motion filed Aug. 27, Parsippany, N.J.-based Wyndham claimed the FTC “singled out” their company in “unprecedented litigation.”
»AntiSec, a hacking group connected with Anonymous, claimed responsibility for a large-scale data leak of more than one million Apple IDs. Apple unique device identifier numbers, or UDIDs, and Apple Push Notification Service tokens were published on document site Pastebin, stirring public concern as hackers claimed they had obtained more than 12 million Apple IDs from an FBI agent's hacked laptop. AntiSec said it also obtained personal information of users. After the FBI stated that no evidence indicated its laptops were comprised, Paul DeHart, the CEO of BlueToad, an Orlando, Fla.-based app developer, told NBC News that the leaked IDs came from his company's database.
»The U.S. Environmental Protection Agency (EPA) has fallen short in protecting its systems from unauthorized access, according to a report released by the investigative arm of Congress. The U.S. Government Accountability Office (GAO) found that the EPA had inadequately protected its systems from unauthorized access. In particular, the EPA had failed to always ensure that users employ strong passwords, that users were limited in the systems they could access, that critical data was encrypted, that logs were maintained to track suspicious activity and that physical access to sensitive systems was controlled.
»Attackers launched the Citadel trojan, typically reserved for financial theft, to beat two-factor authentication and hack into the virtual private network (VPN) of a major international airport. Security firm Trusteer discovered the attack, which caused the unidentified airport to temporarily shut down its VPN site for workers. The man-in-the-browser assault used form-grabbing malware to steal data entered on web forms, and then stole employees' VPN usernames and passwords.
»Security firm RSA found that phishing attacks led to $687 million in worldwide loses in the first half of the year – a 19 percent increase over the preceding six months. Security experts ascribe the effectiveness of old phishing strategies to simple, yet effective, persuasion tactics used by attackers. Through the end of June, the monthly average for global phishing attacks was 32,581, according its latest report.