News briefs: HP LaserJet printers faulted, massive data breach at Sutter Health, Twitter purchased Whisper Systems, etc.

»A flaw discovered in HP LaserJet printers could allow attackers to steal documents, gain control of networks or even set devices on fire. HP confirmed the vulnerability and promised a fix, but shot down claims that it could lead to fire. The issue is that some HP printers do not validate the origin of remote firmware updates, meaning anyone can reprogram the devices with malicious firmware.

A water utility pump failure was not the result of a cyber attack, as previously suspected, the U.S. Department of Homeland Security announced. After its investigation into the incident at the Curran-Gardner Public Water District in Springfield, Ill., the DHS and FBI found no evidence that hacking was involved. The incident was previously described by the Illinois Statewide Terrorism and Intelligence Center as a cyber attack that emanated from an IP address in Russia. 

»AT&T revealed it was the target of an “organized” hacking attempt to obtain information about customer accounts. Although the company said there was no compromise, one million subscribers may have been impacted. The attackers attempted to use automated technologies to link AT&T telephone numbers with online accounts. The Dallas-based telecommunications giant said it is investigating. 

»The information security market appears to be avoiding a slowdown. According to a survey of 150 IT security decision makers from TheInfoPro, 37 percent of respondents expect to spend more in 2012, while 16 percent are planning a decrease. The respondents said they are being driven to make purchases by compliance, mobile devices and data leakage concerns, and are opting for hot technologies, including DLP software and application-aware firewalls.

»Individuals affected by the massive data breach at Sutter Health, in which the personal information of 4.2 million patients went missing after an unencrypted desktop computer was stolen, filed a class-action lawsuit against the Northern California-based health care system. The suit contends that the company was negligent in securing its computer systems and not notifying victims in a timely manner.

»Authorities in New York busted three men accused of planting skimming devices on cash machines in Manhattan to rip off debit card numbers and make fraudulent transactions. Nikolai Ivanov, 31; Dimitar Stamatov, 28; and Iordan Ivanov, 24, were named in an 81-count indictment, which charged them with identity theft, grand larceny, burglary, criminal possession of forgery devices and scheme to defraud. The charges stem from a five-day-long “skimming spree” in January in Manhattan, according to the New York County district attorney's office.
»In what may be its first-ever security-related acquisition, Twitter purchased Whisper Systems, a year-old start-up that provides Android defenses. Whisper Systems, which offers security and management solutions, such as encryption to enable mobile devices to become enterprise ready, was co-founded by well-known researcher Moxie Marlinspike. Terms of the deal were not disclosed. It is unclear how the microblogging service will implement Whisper's solutions into its product line. Prior to the acquisition, all of Whisper's source code was available for review.
»The hacktivist group Anonymous recently released 38,000 private emails belonging to a retired California Department of Justice (DoJ) cybercrime investigator. The messages, which appear to belong to Fred Baclagan, a retired special agent supervisor at the California DoJ, reveal detailed information about computer forensic techniques and investigation protocols, the group said in a notice posted to Pastebin. The hack was part of an ongoing Anonymous venture dubbed AntiSec, which calls for hackers to expose government and corporate wrongdoings, and appeared to be motivated by police actions against Occupy Wall Street protestors.
»A Google software developer sounded off on public perception that mobile devices are in the cross-hairs of attackers. Despite a plethora of reports from security software makers that warn of a rise in mobile malware – such as a recent one from Juniper Networks, which found that malicious Android samples have spiked 472 percent since July – Google's Chris DiBona believes the handheld platform is far more secure than traditional computing environments. In a post on Google+, the open source programs manager at the technology giant said he credited more secure coding and built-in mechanisms with making mobile devices better apt to handle threats.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.