A new variant of the information-stealing Dorkbot malware was identified by Bitdefender spreading through Facebook’s chat function and through infected USB drives.
Source:
http://news.softpedia.com/news/New-Dorkbot-Worm-Spreads-via-Facebook-Chat-Steals-Data-from-Infected-PCs-353253.shtml
Indiana University Health Arnett, Inc. notified 10,300 patients of a potential data breach when a laptop was taken from an employee’s car in April which may have contained unencrypted personal information. The hospital is continuing to investigate but assured the public that no Social Security numbers or financial information was included on the device.
Source:
http://healthitsecurity.com/2013/05/13/indiana-university-health-notifies-patients-of-data-breach/
The Hack the Planet (HTP) hacker group disclosed vulnerabilities in the MoinMoin wiki system and Adobe Cold Fusion that the group used in past attacks against Linode and the Massachusetts Institute of Technology.
Source:
http://www.h-online.com/security/news/item/Hackersgain-access-to-all-edu-domains-1858471.html
The Linux/Cdorked malware found infecting Apache Web servers continues to spread via an unknown means, with new versions found that are engineered for widely-used Lighttpd and NGINX servers.
Source:
http://www.computerworld.com/s/article/9239003/Stealthy_Web_server_malware_spreads_further
Officials from the Raleigh Orthopaedic Clinic in North Carolina notified over 17,000 patients of a potential data breach as a result of a third-party vendor’s illicit activities. The clinic hired the vendor to transfer x-ray films into electronic format but
the vendor sold the films to a recycling company in Ohio that harvested the films for its silver.
Source: http://healthitsecurity.com/2013/05/07/x-ray-film-scam-exposes-17kpatients-to-possible-data-breach/
The Mapco Express convenience store chain experienced a breach of customer credit/debit card information after malware was planted in payment processing systems. Customers who used credit/debit cards at Mapco Express stores during
certain periods in March and April may be affected.
Source:
http://news.softpedia.com/news/US-Convenience-Store-Chain-Mapco-Express-Hacked-Payment-Cards-Compromised-351249.shtml
University of Rochester Medical Center officials this week sent letters to hundreds of former patients, alerting them that the center lost protected information.
A resident physician misplaced a computer flash drive that contained protected health information of 537 former orthopaedic patients, according to a news release from URMC. The USB flash drive was used to transport copied information to study and ultimately improve surgical results.
UMRC officials said it appeared that the flash drive was misplaced at an outpatient orthopaedic facility. Hospital officials said employees conducted an “exhaustive but unproductive search” and believe the flash drive was destroyed in the laundry.
Medical Center officials stressed that the missing flash drive did not contain original files, but included copied information. The loss should not affect follow-up care for any of the involved patients, according to URMC.
Patients’ addresses, social security information and insurance information were not on the now-missing flash drive.
Information included the patients’ names, gender, age, date of birth, weight, phone number and internal record numbers. The files also included physicians’ names, date of service, diagnosis, diagnosis study procedure and any complications the patient may have had.
Source:
http://www.democratandchronicle.com/article/20130503/NEWS01/305030047/missing-flash-drive-at-urmc?nclick_check=1
KETCHIKAN, Alaska — Students at a Ketchikan middle school tricked their teachers to gain administrative access to school-owned laptops, school officials said.
The Ketchikan Daily News reports at least 18 students at Schoenbar Middle School were involved in the scheme.
Students fooled teachers by asking them to enter account information to update their computer’s software, which they regularly do. Teachers were presented with a display that looked “exactly like” it does when prompted for a software update, but instead it was a request for administrative access, according to district technology supervisor Jurgen Johannsen.
Students used the access to remotely control their peers’ desktops. Teachers use remote desktop access to prevent students from fooling around on computers during class.
The ruse was uncovered when some students noticed their peers were fiddling with their classmates’ computers remotely. Johannsen said the students used the “most creative of solutions to hack machines” but eventually were caught because they made the “most rookie of mistakes.”
He called it “a bit of a hijack” and said it is unclear how many teachers were tricked.
Principal Casey Robinson said he was notified of the incident Monday and lauded the students who reported it.
“We’ve got some really good kids here,” he said. “When they know something’s not right, they let an adult know.”
All 300 of the school’s computers that are loaned to students have been seized and will be examined, but students will be allowed to retrieve their work.
Johannsen said he will have three technicians go through the computers, a process that will last until the end of the week.
“Kids are being kids,” Robinson said, adding that he was surprised something like this had not already occurred. “They’re going to try to do what they try to do. This time we found out about it.”
School officials said the servers and sensitive information were not touched, and the district is not concerned that students gained access to things like records or grades.
The school has not discussed what the consequences there may be for students involved.
“When we get to that point, we’ll follow that policy,” Robinson said, pointing to the district’s code for computer use.
Many big-brand Intrusion Prevention Systems (IPS) consistently fail to block attacks that target vulnerabilities in web-based applications using Advanced Evasion Techniques (AETs), a University of Glamorgan study has found.
At first sight the team’s findings are slightly alarming; using Stonesoft’s open source Evader AET generation tool targeting two ancient vulnerabilities, CVE-2008-4250, CVE-2004-1315 (the first affecting Windows servers, the second in PHP) the team found widely varying rates of IPS detection failure in fully up-to-date systems from nine vendors.
For hosts vulnerable to CVE-2008-4250, the team recorded only a relatively small number of successful attacks equivalent to 184 (6.69 percent) for the worst performing Sourcefire product down to only two for Cisco’s system.
The other vendors tested – IBM, Palo Alto, Fortigate, McAfee, Checkpoint, Juniper, and Stonesoft itself – achieved detection rates somewhere between these two poles.
Conducting the same test against the older flaw, however, and things turned much darker with several systems detecting only between 50 and 60 percent of AETs, and only two – Stonesoft and Fortigate – spotting more than 99 percent.
The worst performing IPS, McAfee’s, failed to see 1,304 of the evasions generated by the test while the best performer, Stonesoft, spotted all but seven so the difference in this example was huge.
The contrast has nothing to do with the age of the flaws so much as the type of flaw. The better-detected AET attack targeted a network-level TCP issue while the one many struggled with was at the application layer.
AETs shouldn’t be confused with the similar-sounding Advanced Persistent Threats (APTs) that have the security industry in a tizzy and Sino-US relations in the doldrums. AETs are designed specifically to beat IPS and their cousins, internal Intrusion Detection Systems (IDS); APT is a generic term for multi-layered attacks that could include AETs as well as other types of threat such as credential hacking, Trojans, malicious links, and so on.
AETs are still mildly contentious in some quarters because the term was first used widely by one of the firms that took part in and supported the University’s project, Stonesoft.
But although hard figures on their use in attacks are hard to come by there is evidence that they are real, not least from the University itself.
“We have seen AETs trying to circumvent detection systems at the University of Glamorgan,” confirmed study co-author, Professor Andrew Blyth.
The University had tried to interest other vendors in their work but only Stonesoft had been willing to get involved – some hadn’t even replied to emails. Despite Stonesoft’s assistance, the report was entirely independent, he stressed.
The first conclusion is that organisations should check that their IPS systems have been updated to detect more recent application-layer evasions and no only the older network-level ones most were originally invented to see.
Because no single vendor achieved a perfect score, it is also a good idea to use more than one system, Blyth suggested. Perhaps organisatons would also be wise to look for alternatives.
“We hope to repeat the test in two years and note any improvement,” he said. The University planned to work with affected vendors to address the issues it had uncovered.
Source: http://www.computerworld.com.sg/tech/applications/intrusion-prevention-systems-fail-to-spot-aet-attacks-university-study-finds/
Experts from a security firm determined hackers are using the SourceForge Web site to drop the ZeroAccess Trojan onto user’s computers and inject malware.
Source: http://news.softpedia.com/news/Fake-SourceForge-Website-Serves-ZeroAccess-Malware-346423.shtml?utm_source=feedly