TweakTown NewsRefine News by Category:
The University of California at San Francisco (UCSF) recently suffered a data breach and almost 10,000 people have been compromised, according to school officials. Several desktop PCs with unencrypted information were stolen from the university's Family Medical Center in January, including personal and health information.
Social Security numbers were exposed for 125 people, with a mix of patient names, birth dates, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers exposed in the breach.
The data theft is now being investigated by the California Department of Public Health, federal authorities, and the California Attorney General, with notification letters and free credit monitoring being offered to some of those exposed.
Security experts strongly urge companies, universities and research groups to encrypt data on PCs, especially if it includes personal or medical information.
The Chinese government is angry and now demands the US government to explain its reported spying actions against Huawei, a major Chinese electronics and telecom company. The report, led by insight taken from former NSA contractor Edward Snowden, accuses the NSA of spying on the company - and stealing information about Huawei customers.
The NSA was specifically trying to find ties between Huawei and the People's Liberation Army, though stumbled across intellectual property of Huawei network switches and routers, reporters state.
"China has already lodged many complaints with the United States about reports of its espionage activities," said Hong Lei, Chinese foreign ministry spokesperson, in a statement to the media.
It's ironic that countries such as Russia and China, which have been accused of launching cyberattacks - and violating human rights - are now demanding the US government to explain itself.
Time Warner Cable processed almost 12,000 government requests in 2013, with 82 percent subpoenas, 12 percent court-ordered incidents, 4 percent were search warrants, 2 percent were emergency requests, and 0.3 percent were wiretap orders.
TWC says the company received between 0 and 249 National Security Orders, though cannot identify an exact number. The company wants to become more open about customer information requests, especially after Edward Snowden's spying disclosures made last year.
We will issue future Transparency Reports on a semi-annual basis," TWC said in a statement. "We have also provided answers to frequently asked questions related to the practices we follow to strengthen protections for the privacy of customer information."
The NSA itself might begin offering transparency reports, as American citizens and foreign residents angry over organized NSA spying. Despite promised transparency from the US federal government and private Internet and telecom companies, users are now significantly more aware of snooping and other questionable behavior.
As multiple retailers learned over the past few months, improving security to defend against cyberattacks such as malware can be extremely difficult.
The massive data breach at Target garnered the most attention, but attacks at everyone from Neiman Marcus to Smucker's and Sally Beauty show consumers they need to closely pay attention to personal security.
"If authentication technology can be simple enough to use and noninvasive, our customers see this as a good thing... because it makes it clear to them that someone's looking out to protect their identity," said Paul Donfried, LaserLock CTO, in a statement.
Moving forward, security companies are developing next-generation anti-malware solutions designed to protect retailers - though consumers need to be aware of the links they click on and apps they install - with cybercriminals successfully using social engineering to cause breaches.
Chinese Internet and telecom giant Huawei didn't take kindly to reports the NSA targeted it with spying operations, along with preparing cyber weapons designed specifically to target the company if needed.
The NSA targeted Huawei as part of operation "Shotgiant," aimed to verify links between the company and the People's Liberation Army. US officials believed better understanding how Huawei works internally would give insight into the Chinese government's influence in the company.
"If the actions in the report are true, Huawei condemns such activities that invaded and infiltrated our internal corporate network and monitored our communications," said John Suffolk, Huawei global cyber security officer, in a statement to Reuters. "Corporate networks are under constant probe and attack from different sources - such is the status quo in otday's digital age."
It wouldn't be a surprise to hear US government officials snooped on Huawei, a Chinese electronics giant, which has also been accused of industrial espionage against US and western companies.
Still reeling from massive NSA spying revelations unveiled by former NSA contractor Edward Snowden, US politicians continue to discuss thoughts he is being greatly manipulated.
Snowden remains somewhere in Russia, protected by temporary asylum by President Vladimir Putin's administration.
"He is under the influence of Russian intelligence officials today," said Rep. Mike Rogers (R-Mich), House Intelligence Committee chairman, while speaking on Meet the Press. "He is actually supporting in an odd way this very activity of brazen brutality and expansionism of Russia. No counter-terrorism official in the United States does not believe that Mr. Snowden ... is not under the influence of Russian intelligence services. We believe he is, I certainly believe he is today."
US politicians and lawmakers believe Snowden is being manipulated by the Russian government and poses a great threat to US national security. Prior to Snowden's video interview during SXSW earlier this month, Congressman Mike Pompeo (R-Kansas) wanted event organizers to skip the interview.
Credit card companies and financial institutions indicate the California Department of Motor Vehicles may have been breached, with MasterCard recently sending an alert memo of a "card-not-present" breach indicating online transactions.
It's unknown how the California DMV was compromised, but stolen information includes credit card numbers, three-digit verification codes, and expiration dates are at risk - and an investigation will try to determine if driver's license numbers, Social Security numbers, phone numbers, and addresses were also at risk.
"We're seeing two percent of our card base compromised as a result of this, and our cards are 100 percent concentrated here in California," said a representative at an undisclosed bank, speaking to Krebs on Security. "That's still a big number, and it's a huge exposure window."
Consumers need to be vigilant in how they handle their own personal information, and follow these types of high-profile security breaches.
Another year, another sophisticated Internal Revenue Service (IRS) scam targeting users, with the IRS already receiving 20,000 reports about the clever scam. This particular scam is the largest scam IRS officials have found, and is stealing millions of dollars from US taxpayers across the country.
The scam first gained prominence last August, and largely targeted immigrants - but has evolved into anyone the scammers can trick.
"This is the largest scam of its kind that we have ever seen," said J. Russell George, IRS Treasury inspector, in a statement. "The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver's license."
It's not uncommon for residents to receive a phone call from someone claiming to be with the IRS, stating the victim needs to pay or face arrest. The scam might seem ridiculous, but is a major problem - and certainly harms victims - with law enforcement and federal investigators trying to identify those involved.
The malicious BlackOS software package has been updated and is now available on the cybercriminal underground for $3,800 per year.
As noted by Trend Micro, the updated software is better suited to process and manage website exploitation, providing a great return-on-investment for cybercriminals. A custom Web interface allows for better web traffic management and access to features that lead to redirected traffic and iframes injection.
"They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks," said Chris Budd, Trend Micro threat communications manager, in a statement to SC Magazine. "They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages."
There is an alarming trend in sophisticated, well-written malicious programs that are readily available on underground cybercriminal forums.
Up to 20,000 current and former employees with the US Internal Revenue Service (IRS) are at risk due to a reckless employee that took an unencrypted flash drive home and accessed it on an unsecure network.
Employee names, addresses and Social Security numbers were exposed, with all potentially affected employees notified by IRS officials.
"This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data - whether it involves our fellow employees or tax payers," said John Koskinen, in a memo sent to employees. "This was not a problem with our network or systems, but rather an isolated incident."
The biggest threat is to employees in Delaware, New Jersey and Pennsylvania, with the information dating back to 2007, which is when the IRS began mandatory encryption for sensitive data.