News briefs: South Carolina breach, MiniFlame and more

Share this article:

»The state of South Carolina suffered a massive breach after hackers stole 3.6 million Social Security numbers and 387,000 credit and debit card numbers of residents. The incident affected the state's Department of Revenue, and any person who filed a South Carolina tax return since 1998 was asked to monitor their credit reports for potential fraud. About 80 percent of the state's 4.5 million residents was impacted.

»Researchers at Kaspersky Lab detected MiniFlame, also dubbed SPE, an information-stealing backdoor that works independently, or as a module of Flame and Gauss. The malware was discovered on about 50 to 60 machines, with its central purpose being to zero in on high-profile targets pinpointed in Flame and Gauss espionage campaigns. MiniFlame's capabilities include capturing screenshots while victims run specific programs or applications  or using USB drives to store data collected from infected machines, but which aren't connected to the internet.

»Barnes & Noble yanked PIN pads from all of its nearly 700 stores nationwide after discovering that scammers tampered with the devices at 63 locations to carry out card-skimming fraud. The company disconnected the point-of-sale devices in September, but waited until late October to notify customers of the breach, while the FBI began looking into the matter.

»Security researchers at RSA warned citizens that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States. Based on an analysis of “underground chatter,” researchers determined that a Russian-speaking cyber gang is preparing to launch a large-scale attack in which fraudsters will infect victims' computers with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers by hijacking live banking sessions.

»A U.S. District Court judge in California absolved Sony of several charges levied against the electronics giant in a class-action suit that followed the 2011 breach of its PlayStation Network and on-demand entertainment service Qriocity. Claims against Sony, which include negligence, unjust enrichment and bailment, were dismissed in October. The April 2011 breach at Sony affected 77 million users, which eventually resulted in a class-action suit where complaints alleged that Sony protected its proprietary information, but failed to properly safeguard data related to its customers.

»British courts ruled that Gary McKinnon, who was accused of hacking computers belonging to NASA and the U.S. military, will not face extradition to the U.S. – an outcome McKinnon battled for years following his 2002 arrest. Britain's Home Secretary Theresa May withdrew the extradition order against him in October, citing that McKinnon suffered from Asperger's syndrome, a form of autism, and that extradition would put him at a high risk of committing suicide. McKinnon, 46, would have faced up to 60 years in prison if extradited to the United States, as he was accused of hacking into 97 computers belonging to the government, including those of NASA, the Pentagon, Air Force, Army and Navy. He allegedly deleted and accessed sensitive information on the computers from his London home between 2001 and 2002, costing the government $700,000 in damages.

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...