News briefs: The NSA/RSA collaboration, Target breach, and more
News briefs: Jeremy Hammond's sentence and more Snowden leaks
» German researchers presenting at the Chaos Communication Congress revealed how ATMs around the world, which are still running Windows XP, are vulnerable to malware being loaded on machines via USB drives. The researchers divulged to Wired.com how criminals store malware on thumb drives, cut out portions of the ATM machines that conceal the USB ports, upload the malware to the machine, cover up the hole in the ATM body and then proceed to extract as much cash as they want after rewriting the operating system's registry. The new findings on uploading malware to ATMs came not long after other researchers discovered a piece of Spanish-language malware, called Ploutus, which was being uploaded through the CD-ROM drive to ATM machines in Mexico. Just weeks after that October 2013 discovery, an English-language variant of Ploutus was found making the rounds.
» Hackers exploited a vulnerability in the application programming interface (API) of popular photo messaging site Snapchat, which allowed them to steal a database of 4.6 million usernames and phone numbers, before leaking the data online in early January. Prior to the highly publicized leak, Australian researchers warned the service about privacy issues related to its API. The security group, Gibson Security, even went on to disclose the issue to the public after Snapchat appeared sluggish to respond. In response to the leak, Snapchat said that it would release an updated version of its popular app. It also provided an email contact for researchers wishing to disclose security vulnerabilities to the service.
»Affinity Gaming was the victim of a payment system compromise that allowed hackers to steal the credit card data associated with 280,000 to 300,000 customers of the Las Vegas-based casino operator. An investigation revealed that Affinity's payment system was infected with malware resulting in the card breach. The company, which announced the incident in late December, notified individuals who visited its 12 casinos between March 14 and Oct. 16 in Nevada, Iowa, Missouri and Colorado.[This section was updated to reflect that news of the NSA/RSA contract was corroborated via unnamed sources who spoke to Reuters, not through leaked classified documents.]