Hackers compromise Silverpop email database; new Android trojan

Hackers compromised the email addresses of millions of Honda Motor Co. customers. The incident is believed to be related to a database breach at Silverpop Systems, a third-party firm that provides marketing services to more than 105 corporate clients. Seperate announcements by McDonald's and Walgreens that customer data was compromised also is believed related to the Silverpop breach.»Well-known bug hunter Michal Zalewski, who uses the online alias “lcamtuf,” released a web browser fuzzing tool that identified about 100 vulnerabilities in various browsers. One of those – a potentially exploitable zero-day vulnerability in Microsoft's Internet Explorer (IE) browser – may have been discovered by hackers in China, he said. The tool, called “cross_fuzz,” also found flaws affecting Firefox, Opera and other browsers that use the open-source web browser engine WebKit.

»Image-based bulletin board 4chan, reportedly used as a forum by the hacker group Anonymous, succumbed to a distributed denial-of-service (DDoS) attack. The site's founder, Chris Poole, confirmed that the site was hit, but said it was back operating normally the following day. The incident may be retaliation for members of Anonymous unleashing a flurry of DDoS attacks against organizations which severed ties with whistleblower site WikiLeaks after it began releasing secret U.S. diplomatic cables.

»A new trojan targeting Google Android users, mostly in China, could be a sign that mobile malware is getting sophisticated in a hurry. The trojan, dubbed Geinimi, contains botnet-like capabilities and may serve as proof that malware designed for the smartphone is evolving much faster than it did when PCs first arrived on the scene, according to Lookout Mobile Security. Geinimi is embedded in what appears to be a legitimate game for the Android device and targets mostly Chinese users visiting third-party download sites and application stores. As of last month, researchers had not seen it in the official Android Market.

»Dell acquired SecureWorks, an Atlanta-based firm that offers managed security and consulting services to nearly 3,000 clients worldwide. Dell said the acquisition is its latest strategic investment to expand its portfolio of enterprise-class, IT-as-a-service solutions, and to build its capabilities as a managed security services provider.

»President Obama signed legislation that exempts lawyers, doctors and accountants from having to comply with the Federal Trade Commission's (FTC) Red Flags Rule. The Red Flag Program Clarification Act of 2010 limits the scope of who is covered by the rule, essentially giving an exemption to lawyers, doctors, accountants, dentists, orthodontists, pharmacists, veterinarians, nurse practitioners, social workers and other service providers.

»The U.S. Department of Commerce issued a report outlining a new proposed approach for addressing online privacy issues. The report urged the development of a “privacy Bill of Rights” – a set of principles concerning how online companies should collect and use personal information for commercial purposes. The report comes on the heels of a separate privacy proposal issued by the Federal Trade Commission which calls for the development of a “do not track” browser mechanism so consumers can choose whether to allow the collection of data.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.