[ISN] Huge turnout at RSA shows hackers are winning

http://www.computerworld.com/s/article/9246607/Huge_turnout_at_RSA_shows_hackers_are_winning By Jaikumar Vijayan Computerworld February 26, 2014 SAN FRANCISCO




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers arrested over data leakage

http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2985550 BY CHOI MO-RAN joongang.co.kr Feb 27, 2014 Authorities said yesterday that they have arrested three hackers suspected of leaking the personal data of 17 million people from 225 websites. The Incheon Metropolitan Police Agency announced yesterday that it had arrested the trio, who stole personal data from Korean websites and sold it to loan lenders and chauffeur service companies in exchange for about 100 million won ($93,793). According to the police, the websites’ security networks were not secure enough to prevent infiltration. The hackers uploaded malicious coding onto posts on online boards, gaining control over the domain once site administrators clicked on them. The hackers told the police that they were easily able to steal the personal data since most of the websites didn’t encrypt the personal data of their members. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] RSA protests by DEF CON groups, Code Pink draw ire

http://news.cnet.com/8301-1009_3-57619614-83/rsa-protests-by-def-con-groups-code-pink-draw-ire/ By Violet Blue CNET News Security February 26, 2014 The RSA security conference (where the world’s security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and speaking at the conference. The protests might be called “obnoxious,” “pointless” and “first world outrage ”


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Factoring new technologies into healthcare risk analysis

http://healthitsecurity.com/2014/02/26/factoring-new-technologies-in-healthcare-risk-analysis/ By Patrick Ouellette Health IT Security February 26, 2014 The HIMSS14 Conference down in Orlando this week will present an opportunity for vendors of all different sizes and specialties to display their offerings to their user audience. New technologies are being announced on what seems like an hourly basis and organizations are implementing them with hopes of efficiency, compliance and better patient care. Simultaneously, the Office for Civil Rights (OCR) is in the early stages of determining the scope of its 2014 HIPAA audits has made it abundantly clear that covered entities and business associates (BAs) use of risk analysis will factory heavily into the audits. Organizations shouldn’t rely solely on new products to make them HIPAA compliant, nor should they avoid technology that will help secure patient data more efficiently and effectively. Achieving equilibrium between the two ends of the spectrum is the best-case scenario when conducting a risk analysis, according to David Holtzman, CynergisTek Vice President of Privacy. Holtzman and Mac McMillan will present at HIMSS14 today at 10 a.m. on “Understanding Risk Analysis“. HealthITSecurity.com asked Holtzman how new technologies such as virtual desktop infrastructure (VDI) or other virtualization technologies that can help take physical storage of data on devices out of the equation should impact organizations’ views on risk analysis. Holtzman explain that even though new technology requires a different set of considerations, the need for risk analyses remains the same. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Apple releases OS X 10.9.2 update, patches severe SSL bug

http://www.zdnet.com/apple-releases-os-x-10-9-2-update-patches-severe-ssl-bug-7000026765/ By Adrian Kingsley-Hughes ZDNet News Security February 25, 2014 Apple has released OS X 10.9.2 update for all Maverick users, which, amongst other things patches the SSL bug in the operating system that could allow full transparent interception of HTTPS traffic. This vulnerability not only affected Safari, but also other installed applications relying on an encrypted channel to the internet. However, third-party browsers such as Chrome and Firefox rely on different implementations of SSL/TLS, which means that they aren’t subject to the vulnerability. The bug, which has apparently gone unpatched since iOS 6’s release in 2012, resides in a piece of open source code used by Apple. Aldo Cortesi, CEO and founder of security consultancy firm Nullcube, claimed to have intercepted iCloud data, including KeyChain enrolment and updates, data from Calendar application, and traffic from apps that use certificate pining, such as Twitter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] First contagious WiFi computer virus goes airborne, spreads like the common cold

http://dailycaller.com/2014/02/25/first-contagious-wifi-computer-virus-goes-airborne-spreads-like-the-common-cold/ By Giuseppe Macri The Daily Caller 02/25/2014 Computer science researchers have demonstrated for the first time how a digital virus can go airborne and spread via WiFi networks in populated areas at the same pace as a human diseases. The “Chameleon” virus, designed by a University of Liverpool team, showed a remarkable amount of intelligence by avoiding detection and breaking into personal and business WiFi networks at their weakest points


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Marussia Formula 1 team’s race testing disrupted by Trojan malware

http://news.techworld.com/security/3503842/marussia-formula-1-teams-race-testing-disrupted-by-trojan-malware/ By John E Dunn Techworld 25 February 2014 The Marussia Formula 1 racing team has admitted losing an entire day’s race testing in Bahrain last week after the computer systems used for in-car telemetry were disrupted by Trojan malware. The UK-based Russian-sponsored team didn’t specify which Trojan caused the problems nor why it caused such a headache but the fact it was even mentioned suggests that the incident was significant. “It started off with the first disaster, which was a computer Trojan-type virus in the racks, which cost us the best part of the day,” team principal John Booth told the motoring magazine Autosport. “That set the tone for the week.” The team reportedly completed only 29 laps in the entire four days, the least of any team. Most of that was completed on day two when 17 laps were completed. The Trojan hit on day three which turned it into a write-off. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail