» Data-wiping malware crippled critical businesses throughout South Korea. Corporations reported a number of technical issues. According to researchers at Symantec, who named the wiper trojan Jokra, the malware was capable of overwriting a computer’s master boot record and all data stored on it. Symantec found that a component of Jokra erases data on Linux machines as well.
» A new law requires federal agencies to review IT equipment sourced from China before purchasing, to curb cyber espionage threats. The legislation passed as part of a larger bill, the Consolidated and Further Continuing Appropriations Act of 2013, which outlined authorized federal spending for the fiscal year. It specifically requires that the FBI, or the heads of agencies considering the purchase of Chinese IT equipment, approve products by assessing any espionage or sabotage risk they may carry for government users and data.
» Cyber Bunker, a Netherlands-based web host, is believed to be behind the largest-ever-recorded distributed denial-of-service (DDoS) attack. The incident allegedly began as an act of reprisal against international anti-spam group Spamhaus, which blacklisted Cyber Bunker, but the attacks eventually grew to 300 gigabytes per second of traffic. According to CloudFlare, a San Francisco-based firm hired to protect Spamhaus’ site, the DDoS attacks escalated when miscreants aimed further up the hierarchy of bandwidth providers to successfully take down Spamhaus’ web presence.
» A federal judged sentenced Andrew Auernheimer to 41 months in prison following his conviction last year of discovering and exploiting a weakness on the website of AT&T, which allowed him and a co-conspirator to obtain data on roughly 120,000 Apple iPad users, including politicians and celebrities. The case has fueled debate on whether the Computer Fraud and Abuse Act (CFAA) is too punitive, leaving inadequate legal protections for researchers that disclose major security issues.
» A company is challenging costly penalties levied for non-compliance of Payment Card Industry (PCI) security standards by suing the credit card company that imposed the fines. Genesco, a Nashville, Tenn.-based sportswear company, filed a lawsuit against Visa to recoup more than $13 million in fines it levied after a 2010 breach in which a part of its computer system was hacked. Visa is among the processing companies that self-regulate PCI compliance standards and are given oversight to fine companies. Genesco claims Visa “had no reasonable basis” to conclude its non-compliance, as hackers did not steal customer payment card data stored on its computer network, but tried to access data as it was being transmitted to credit card processors.
» SC Magazine released a new mobile application for all iOS and Android users. The app enables readers to access breaking news, features, blogs and contributions from industry thought leaders featured on the website. In addition, videos with security experts and slideshows featuring the latest industry trends are also accessible. New features will be added and will include exclusive content currently not found on SCMagazine.com. The app is available for download in the Apple App Store, as well as Google Play and Amazon for Android.