Tag Archives: theft

[ISN] Severe weaknesses in Android handsets could leak user fingerprints

http://arstechnica.com/security/2015/08/severe-weaknesses-in-android-handsets-could-leak-user-fingerprints/ By Dan Goodin Ars Technica Aug 10, 2015 HTC and Samsung have patched serious vulnerabilities in some of their Android phones that made it possible for malicious hackers to steal user fingerprints. The researchers who discovered the flaws said that many more phones from all manufacturers may be susceptible to other types of fingerprint-theft attacks. The most serious of the flaws was found on HTC’s One Max handset. According to researchers at security firm FireEye, the device saved user fingerprints as an unencrypted file. Almost as bad, the BMP image was readable by any other running application or process. As a result, any unprivileged process or app could obtain a user’s fingerprints by reading the file. Attackers could capitalize on the weakness by exploiting one of the many serious vulnerabilities that regularly crop up in Android or by tricking a target into installing a malicious app. HTC fixed the issue after FireEye privately reported it, according to this summary, which didn’t provide a date or other details of the update. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks

http://freebeacon.com/national-security/cybercom-big-data-theft-at-opm-private-networks-is-new-trend-in-cyber-attacks/ By Bill Gertz Washington Free Beacon July 27, 2015 The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks. “One of the lessons from OPM for me is we need to recognize that increasingly data has a value all its own and that there are people actively out there interested in acquiring data in volumes and numbers that we didn’t see before,” said Adm. Mike Rogers, the Cyber Command commander and also director of the National Security Agency. The theft of 22.1 million federal records, including sensitive background information on millions of security clearance holders, will assist foreign nations in conducting future cyber attacks through so-called “spear-phishing,” Rogers said, declining to name China as the nation state behind the OPM hacks. Additionally, China is suspected in the hack uncovered in February of 80 million medical records of the health care provider Anthem, which would have given it access to valuable personal intelligence that can be used to identify foreign spies and conduct additional cyber attacks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attackers targeting medical devices to bypass hospital security

http://www.csoonline.com/article/2931474/data-breach/attackers-targeting-medical-devices-to-bypass-hospital-security.html By Steve Ragan Salted Hash CSO Online June 4, 2015 A preview copy of a report from TrapX Labs, which will be released later this month, highlights three successful attacks against healthcare organizations. The incidents prove that defending assets in a healthcare environment isn’t as easy as some would have you think. In fact, given the wide range of devices on a given network, it can be nearly impossible. Last year, Community Health Systems had an incident that resulted in the compromise of 4.5 million records. It served as a reminder that medical information was an important commodity to criminals. In March of this year, the Identity Theft Resource Center (ITRC) tagged healthcare as the source of 33-percent of all listed incidents nationwide, noting that nearly 100 million healthcare records were compromised in the U.S. alone in Q1 2015. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say

http://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888 By DEVLIN BARRETT, DANNY YADRON and DAMIAN PALETTA The Wall Street Journal June 4, 2015 U.S. officials suspect that hackers in China stole the personal records of as many as four million people in one of the most far-reaching breaches of government computers. The Federal Bureau of Investigation is probing the breach, detected in April at the Office of Personnel Management. The agency essentially functions as the federal government’s human resources department, managing background checks, pension payments and job training across dozens of federal agencies. Investigators suspect that hackers based in China are responsible for the attack, though the probe is continuing, according to people familiar with the matter. On Thursday, several U.S. officials described the breach as among the largest known thefts of government data in history. It isn’t clear exactly what was stolen in the hack attack, but officials said the information can be used to facilitate identity theft or fraud. The Department of Homeland Security said it “concluded at the beginning of May” that the records had been taken. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Heartland issues breach notification letters after computer theft

http://www.csoonline.com/article/2928928/disaster-recovery/heartland-issues-breach-notification-letters-after-computer-theft.html By Steve Ragan Salted Hash CSO Online June 1, 2015 In a letter to the California Attorney General, Heartland Payment Systems has disclosed a data breach impacting personal information. The letter states that the data exposure is the result of a break-in at one of their offices, which included stolen computers. The notification letter says that the theft took place at Heartland’s Santa Ana, California offices on May 8. The incident involved the theft of many items including password protected computers that might have contained Social Security Numbers and / or banking information that is processed by employers. “We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur. We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand,” the notification letter states. In 2008 Heartland was the victim of one of the world’s first major data breaches that exposed 130 million U.S. credit and debit cards. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Wearables Maker Jawbone Sues Fitbit Over Alleged Data Theft

http://www.eweek.com/mobile/wearables-maker-jawbone-sues-fitbit-over-alleged-data-theft.html By Todd R. Weiss eWEEK.com 2015-05-28 Wearables vendor Jawbone is suing rival Fitbit based on allegations that Fitbit hired away some Jawbone employees who then took confidential corporate information with them to their new jobs. The lawsuit, which was filed in California State Court in San Francisco, charges that Fitbit employees were “systematically plundering” confidential information by hiring the former Jawbone workers, who “improperly downloaded sensitive materials shortly before leaving,” according to a May 27 report by The New York Times. “This case arises out of the clandestine efforts of Fitbit to steal talent, trade secrets and intellectual property from its chief competitor,” Jawbone lawyers wrote in the complaint, according to the story. The lawsuit comes at an interesting time for Fitbit, which earlier in May filed for an initial public offering. The company has been in the business of creating and selling a full line of health tracking and fitness bands since 2007. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stolen CentCom computers were found on eBay

http://www.tampabay.com/news/courts/criminal/stolen-centcom-computers-found-on-ebay/2226424 By Patty Ryan Times Staff Writer Tampa Bay Times April 21, 2015 TAMPA — The internal theft of five laptop computers from U.S. Central Command at MacDill Air Force Base went undetected until a supplier noticed four of them advertised on eBay, according to federal court records. A CentCom official ordered an inventory, putting it in the hands of a Riverview man who now admits to being the thief. Scott Duty’s signed federal plea agreement spells out those details and more, in anticipation of a hearing next month in which he is expected to plead guilty to stealing government property. Duty, a former civilian CentCom employee who is 48, could face up to 10 years in prison. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Taiwan seeks stronger cybersecurity ties with US to counter China threat

http://www.thestar.com.my/Tech/Tech-News/2015/03/31/Taiwan-seeks-stronger-cybersecurity-ties-with-US-to-counter-China-threat/ The Star Online March 31, 2015 TAIPEI: Taiwan wants to join a major anti-hacking drill conducted by the United States to strengthen cybersecurity ties with its staunchest ally, its vice premier said on Monday, a move which would help safeguard against constant targeting by hackers in rival China. Many hacks into Taiwan systems have been traced to sites belonging to China’s People’s Liberation Army, Vice Premier Simon Chang told Reuters in an interview, without elaborating on the locations. “Taiwan has no enemy in the international community except you-know-who. Who in the world would try to hack Taiwan?” Chang, a former director of Asia hardware operations for Internet giant Google Inc, said. China has vehemently denied accusations of cybertheft. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail