About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed. According to the breach notification letter LexisNexis began sending on Friday, the thieves operated businesses that were former customers of data aggregator and credentialing service ChoicePoint, which was acquired last year by LexisNexis parent Reed Elsevier.
Read more…
Officials at the University of California at Berkeley on Friday began notifying students and the public that hackers had breached a healthcare database at the school, potentially gaining access to the personal information of up to 160,000 students dating back to 1999. Complicating matters: The breach is thought to have initially occurred months ago, on Oct. 9, 2008. Administrators said they didn’t notice it until April 9, 2009, however.
Read more…
Hackers are demanding $10 million to release some eight million patient records claimed to be in their control following the compromise of Virginia’s Prescription Monitoring Program (VPMP) website. Whistleblower site Wikileaks published a copy of the ransom note left by the hackers on the website, which is used by pharmacists to follow incidents of drug abuse. The note said the intruders possessed 8.3 million patient records and 35.6 million prescriptions. Also, the thieves said they created an encrypted backup of the data and deleted the original files.
Read more…
Skype said it has blocked a bug that created a means for hackers to attack vulnerable Windows PCs using malicious video files. The cross-zone scripting vulnerability involves the interaction between Skype and video-sharing sites such as DailyMotion, which allows users to download video clips and add them to their Skype VoIP client. The vulnerability had the potential to affect users of Skype 3.5 and 3.6 for Windows who used Skypeâs video gallery to access booby-trapped DailyMotion videos. The flaw, said to affect online video site MetaCafe as well as DailyMotion, came to light in a post by security researcher Miroslav Lucinskij to a full-disclosure mailing list on Thursday. For example, the security bug makes it possible to inject a malicious script to the “Add video to chat” dialogue using the title field of DailyMotion movie clips.
Read more…
HACKERS are targeting users of social networking website MySpace using techniques popular with phishing scams. Mass emails sent to MySpace members would contain invitations to add the sender as a friend. When a link in the email is accessed, what seems to be an official MySpace page appears. The user is then asked to download and install the latest version of Adobeâs Flash Player software, which is required to run many of the applications on MySpace. However, the whole exercise is actually a scam, security experts say. Once the program is installed it would allow hackers to remotely take control of the computer, and use to victims PC to distribute more spam.
Read more…
Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and “in at least one case, caused a power outage affecting multiple cities.” “We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Donahue said in a statement. “We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge.”
Read more…
An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks âto find the enemy within,â SANS Institute Director of Research Alan Paller told SCMagazineUS.com. âThey are already in and we have to find them,â Paller said. Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China’s People’s Liberation Army.
Read more…
Hackers and Greenpeace protestors are both promising to do their bit to undermine the UK iPhone launch this week. Apple will ship iPhones in the UK with new software designed to block iPhone hackers from unlocking the iPhone, or breaking into the device in order to add additional applications. Hackers aren’t happy, and have sworn to unlock the device “within hours” of the launch, according to a report in The Guardian.
Read more…
Cybercriminals are downsizing their botnets to try and trick software security companies. Computers infected with a virus unknowingly become “zombies” in a botnet â which is a network used to send out spam and to mount further attacks on other machines. The zombie army can be controlled remotely, with the botnet creators usually trying to build the largest possible botnet of compromised computers to rent out to gangs for as little as $100 (ÂŁ49) for a couple of hours.
Read more…
But it will not be a complete overhaul, says Google. A refresh of Googleâs free email service GMail is likely to be available soon, although it will not be a complete upgrade, Google has confirmed. Rumours of a new GMail surfaced on the web last week after plans were reportedly leaked. However, Google insisted that the changes would not constitute an entirely new version.
Read more…