Incident Response, Malware, Patch/Configuration Management, TDR, Vulnerability Management

News briefs: The latest security events

»President Obama issued a memorandum to the heads of federal agencies with new guidance for deterring the information security threat posed by insiders. It describes new standards to which the agencies must adhere. They include best practices around gathering, analyzing and responding to threat data, monitoring users who access classified information and offering security awareness training to workers. 

»U.S. and international law enforcement charged 10 “John Does” with their involvement in operating the “Butterfly” botnet, which spread multiple variants of banking malware Yahos to victims worldwide. The attacks led to more than $850 million in losses, and Yahos also targeted users on Facebook between 2010 and October of this year, often spreading through instant messages. Facebook helped authorities identify the suspects.

»Ninety-four percent of hospitals experienced a data-loss incident in the past two years, according to a new study from the Ponemon Institute and security firm ID Experts. Eighty health care organizations were surveyed for the study, which found that another 45 percent sustained more than five breaches during that period. Lost devices, worker- or third-party-induced errors, and hacker attackers were the most common reasons for the breaches.

»A hacker who helped publicize a vulnerability on AT&T's website, which affected more than 100,000 iPad 3G owners, was convicted in federal court. Andrew Auernheimer, 26, was found guilty in late November of two charges: identity fraud and conspiracy to violate the Computer Fraud and Abuse Act. The ruling, however, caused some in the tech community to question the rights of researchers who share security flaws with the public.
»An FBI investigation was launched to determine the cause of a breach at Nationwide Insurance, where hackers accessed data of 1.6 million people in all 50 states. The company confirmed that the attack on a “portion” of its computer network occurred Oct. 3, and affects customers as well as people that requested quotes.

»A new Mac trojan known as Dockster, which takes advantage of the same, now-patched Java vulnerability that enabled another trojan to spread like wildfire last spring on Apple computers, was served on a website affiliated with the Dalai Lama. Researchers at Finnish security firm F-Secure, which discovered the trojan, described Dockster as a “basic backdoor” capable of logging keystrokes. The malware leverages a Java vulnerability that was patched by Apple in April after the password-stealing Flashback trojan propagated to potentially hundreds of thousands of Macs.

»A new iteration of backdoor trojan Makadocs is capable of hiding its command-and-control server communications by abusing a legitimate Google Docs function. Symantec researchers discovered that the malware used Google's document sharing and editing service, as a proxy server, or intermediary step, to pass along information to C&C servers.

» Errata: In our November story, “Stemming the insider threat,” we cited the city of Burlington, Vt. as the site of a data breach on the city's bank account, when it occured in Burlington, Wash. Our apologies for the mistake.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.