Breach, Compliance Management, Data Security, Malware

News briefs: North Korea behind the Sony breach and a landmark HIPAA settlement


» President Obama imposed sanctions against North Korea, the country believed to be behind a breach of Sony Pictures Entertainment. Obama signed an executive order to place “financial pressure on the government of North Korea.” Three North Korean entities and 10 individuals were designated as being targeted by the sanctions and, therefore, prohibited from receiving U.S. funds, goods or services.

» In a landmark HIPAA settlement, a medical services provider will be forced to pay a “neglect” penalty over violations that led to a March 2012 data breach. As part of the settlement, Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance after the electronic health information of more than 2,700 individuals was compromised in a cyberattack. Health and Human Services' Office for Civil Rights found that ACMHS violated the HIPAA Security Rule, which requires entities which handle electronic protected health information to regularly patch systems and update their IT infrastructure.

» In a rush vote in December, the House of Representatives passed the Intelligence Authorization Act, which provides funding for intelligence agencies and grants broad authority to the executive branch, to the chagrin of civil liberties advocates. A major point of contention with the bill was the new Section 309, which, according to Rep. Justin Amash (R.-Mich.), could allow private communications to be obtained without a court order, then handed over to domestic law enforcement for criminal investigations. Amash called the legislation “one of the most egregious sections of law I've encountered during my time as a representative,” also contending that the act “grants the executive branch unlimited access to the communications of every American.”

» Researchers at Akamai warn that a mobile trojan, called “Xsser mRAT,” remains a threat to mobile users on Android and iOS devices. In an attack campaign continuing through November, the malware targeted devices in Asia. The bug, which was initially uncovered last September, infects iOS devices that are jailbroken, and is known for its ability to extract information from a popular Chinese messaging app by Tencent. The mobile RAT is spread through man-in-the-middle and phishing attacks and “may involve cellphone tower eavesdropping for location-specific attacks,” Akamai noted.

» Just before Christmas, a major vulnerability impacting all Linux platforms, potentially allowing an attacker administrative access to systems, was disclosed by Alert Logic. The bug, dubbed “grinch,” could technically leave exploited systems vulnerable to having malicious applications installed, or allow attackers to steal data and perform other malicious acts of their choosing. The security issue can be avoided if enterprises refrain from using the default authentication settings for Linux, Alert Logic noted, and instead “rewrite some administrative access” along with monitoring user activity for suspicious behavior. SANS called the grinch disclosure a “common overly permissive configuration of many Linux systems,” which could be used to escalate privileges beyond the intent of the Polkit configuration. 

Erratum: Our apologies to Richard Stiennon for misspelling his name on page 27 of the Dec. 2014-Jan. 2015 Reboot issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.