News briefs: NY Times and Twitter hacked, cyber security executive order, and more
»Hackers believed to be from China spent four months infiltrating computer networks at The New York Times, ripping off passwords of reporters in an attempt to uncover information related to a Times story on the fortune amassed by relatives of China's prime minister. The attackers used a number of techniques to install remote access trojans and hide their tracks.
»Last month, President Obama signed a cyber security executive order, which will define best practices for the government and businesses to protect the nation's critical infrastructure and create a channel for federal agencies to share threat information with private companies. That same week, lawmakers revisited controversial legislation that also tackles the issue of public-private information sharing to curb cyber threats. On Feb. 13, Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., reintroduced the Cyber Intelligence and Sharing Protection Act (CISPA), which failed last year to make it to the Senate for a vote due to the public's privacy grievances about companies sharing sensitive data with the government. CISPA's return came soon after seven Democratic senators introduced the Cybersecurity and American Cyber Competitiveness Act of 2013, in order to formalize cooperation among businesses and the federal government.
»With a recent wave of breach announcements came news that Twitter was hit by an advanced attack affecting a large number of its users. Saboteurs accessed the usernames, passwords, email addresses and session tokens of 250,000 individuals, which led Twitter to reset victims' passwords and cancel their session tokens.
»The U.S. Department of Health and Human Services announced updated rules that will extend security and privacy requirements to so-called business associates – those contractors and subcontractors which perform services on behalf of a health care provider. The amended HIPAA Privacy and Security rules, which formalize many of the statutory changes already made in the 2009 HITECH Act, also increase penalties for non-compliance to $1.5 million per violation.
»Responding to a widening outbreak of Java malware, Oracle dispatched an urgent fix for the latest version of the software platform. The patch (Java SE 7 Update 11), which corrected two flaws, falls out of line with Oracle's typical quarterly updating of Java. The fix became pressing when reports of exploits taking advantage of a critical hole began skyrocketing after the vulnerability was added to popular commercially available attack toolkits, such as BlackHole. After the series of Java malware incidents in recent months, Milton Smith, Oracle's security lead for Java, promised in a conference call that the company would be more steadfast in addressing software security issues.
»A chain of Southern fast-food restaurants warned customers that their credit card information may have been stolen by hackers who seeded computer systems with malware. Athens, Ga.-based Zaxby's Franchising announced that malware capable of extracting names and credit and debit card numbers of customers were found on systems at roughly 100 of its 560 locations. The breach spanned 10 states, according to the restaurant chain, known for its fried chicken.