Breach, Data Security, Incident Response, Malware, TDR

News briefs: The NSA/RSA collaboration, Target breach, and more

» The security community was shaken with news that the National Security Agency (NSA) allegedly arranged a $10 million deal with RSA that led to the vendor selling weakened security products to customers. According to Reuters, which spoke with unnamed sources familiar with the contract, the deal set an “NSA formula as the preferred, or default, method for number generation in the BSAFE software.” RSA, the security division of EMC, denied it would ever knowingly enter into such a scheme with the government. 

» Just prior to Christmas, retail giant Target announced that it was breached in a two-week-long attack that may have compromised around 40 million credit and debit card accounts, CVV codes and encrypted personal identification numbers (PINs) of its customers. Shoppers who made in-store card purchases between Nov. 27 and Dec. 15 were impacted by the breach, which experts believe was achieved via an attack on Target's point-of-sale (POS) systems. Following the attack, pilfered card information soon began showing up for sale in underground marketplaces where scammers were selling the data at about $20 to $100 per card, according to security journalist Brian Krebs, who first broke the story.

» German researchers presenting at the Chaos Communication Congress revealed how ATMs around the world, which are still running Windows XP, are vulnerable to malware being loaded on machines via USB drives. The researchers divulged to how criminals store malware on thumb drives, cut out portions of the ATM machines that conceal the USB ports, upload the malware to the machine, cover up the hole in the ATM body and then proceed to extract as much cash as they want after rewriting the operating system's registry. The new findings on uploading malware to ATMs came not long after other researchers discovered a piece of Spanish-language malware, called Ploutus, which was being uploaded through the CD-ROM drive to ATM machines in Mexico. Just weeks after that October 2013 discovery, an English-language variant of Ploutus was found making the rounds.

» Hackers exploited a vulnerability in the application programming interface (API) of popular photo messaging site Snapchat, which allowed them to steal a database of 4.6 million usernames and phone numbers, before leaking the data online in early January. Prior to the highly publicized leak, Australian researchers warned the service about privacy issues related to its API. The security group, Gibson Security, even went on to disclose the issue to the public after Snapchat appeared sluggish to respond. In response to the leak, Snapchat said that it would release an updated version of its popular app. It also provided an email contact for researchers wishing to disclose security vulnerabilities to the service.

»Affinity Gaming was the victim of a payment system compromise that allowed hackers to steal the credit card data associated with 280,000 to 300,000 customers of the Las Vegas-based casino operator. An investigation revealed that Affinity's payment system was infected with malware resulting in the card breach. The company, which announced the incident in late December, notified individuals who visited its 12 casinos between March 14 and Oct. 16 in Nevada, Iowa, Missouri and Colorado.

[This section was updated to reflect that news of the NSA/RSA contract was corroborated via unnamed sources who spoke to Reuters, not through leaked classified documents.]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.