»In one of the largest malware outbreaks to ever affect Macs, nearly 700,000 machines were infected by the Flashback trojan. The strain spread quickly after Oracle patched Java in February, but Apple waited seven weeks to fix its own version. Most users were hit by visiting a malicious website. The trojan currently is sitting silently on infected computers, but has the ability to steal data and hijack search traffic.
»Atlanta-based payment processor Global Payments fell victim to a data breach affecting cards from all of the major brands, including Visa and MasterCard. The company said fewer than 1.5 million card numbers were compromised, down from some earlier estimates that had placed the number closer to 10 million. The breach occurred on an unspecified segment of the company’s North American processing system. The hackers accessed only magnetic stripe-encoded Track 2 data. As a result of the compromise, Visa removed Global Payments from its list of PCI-approved vendors, and the processor now must re-establish compliance.
»The Federal Trade Commission released a privacy report, outlining a list of online policy recommendations for businesses and policymakers. The best practices, which do not apply to small companies that do not collect and transfer sensitive data, include building privacy protection into each stage of product development, making privacy choices simpler for consumers, deploying do-not-track functionality and offering greater transparency around data collection and use.
»Purported LulzSec member Ryan Cleary landed in jail after violating his bail terms. Cleary, 19, was charged last summer with five hacking violations under the U.K.’s Criminal Law and Computer Misuse Act. He was ordered to stay off the internet as part of his bail conditions, but in December he contacted ally-turned-snitch Hector Monsegur, also known as “Sabu.” Cleary was re-arrested March 5, one day before the story broke that Monsegur had been cooperating with the FBI. Cleary is accused of using a botnet to launch distributed denial-of-service attacks against entities like the U.K.’s Serious Organised Crime Agency.
»Verizon‘s annual “Data Breach Investigations Report” found that hacktivists, whose goal is to name-and-shame organizations with which they morally disagree, caused just two percent of the incidents studied, but were responsible for 58 percent of the stolen information. That sits as a notable contrast to previous years, when financially motivated criminals were responsible for the bulk of the hijacked data. The study, now in its fifth year, analyzed 855 breaches. The report does not cover incidents such as lost or stolen laptops.
»Security researchers discovered and dismantled an incarnation of the Kelihos botnet, one that was more powerful than its predecessor. According to security start-up CrowdStrike, which worked in tandem with researchers from other security organizations to disable the botnet, the operators of Kelihos.B made some changes to the communication protocol when compared to the first version. For example, the malware controlled by the botnet featured a flash-drive infection technique and Bitcoin-mining theft functionality. The latter enabled irreversible electronic cash payments.