About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed. According to the breach notification letter LexisNexis began sending on Friday, the thieves operated businesses that were former customers of data aggregator and credentialing service ChoicePoint, which was acquired last year by LexisNexis parent Reed Elsevier.
Read more…
Officials at the University of California at Berkeley on Friday began notifying students and the public that hackers had breached a healthcare database at the school, potentially gaining access to the personal information of up to 160,000 students dating back to 1999. Complicating matters: The breach is thought to have initially occurred months ago, on Oct. 9, 2008. Administrators said they didn’t notice it until April 9, 2009, however.
Read more…
Hackers are demanding $10 million to release some eight million patient records claimed to be in their control following the compromise of Virginia’s Prescription Monitoring Program (VPMP) website. Whistleblower site Wikileaks published a copy of the ransom note left by the hackers on the website, which is used by pharmacists to follow incidents of drug abuse. The note said the intruders possessed 8.3 million patient records and 35.6 million prescriptions. Also, the thieves said they created an encrypted backup of the data and deleted the original files.
Read more…
Skype said it has blocked a bug that created a means for hackers to attack vulnerable Windows PCs using malicious video files. The cross-zone scripting vulnerability involves the interaction between Skype and video-sharing sites such as DailyMotion, which allows users to download video clips and add them to their Skype VoIP client. The vulnerability had the potential to affect users of Skype 3.5 and 3.6 for Windows who used Skypeâs video gallery to access booby-trapped DailyMotion videos. The flaw, said to affect online video site MetaCafe as well as DailyMotion, came to light in a post by security researcher Miroslav Lucinskij to a full-disclosure mailing list on Thursday. For example, the security bug makes it possible to inject a malicious script to the “Add video to chat” dialogue using the title field of DailyMotion movie clips.
Read more…
HACKERS are targeting users of social networking website MySpace using techniques popular with phishing scams. Mass emails sent to MySpace members would contain invitations to add the sender as a friend. When a link in the email is accessed, what seems to be an official MySpace page appears. The user is then asked to download and install the latest version of Adobeâs Flash Player software, which is required to run many of the applications on MySpace. However, the whole exercise is actually a scam, security experts say. Once the program is installed it would allow hackers to remotely take control of the computer, and use to victims PC to distribute more spam.
Read more…
Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and “in at least one case, caused a power outage affecting multiple cities.” “We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Donahue said in a statement. “We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge.”
Read more…
An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks âto find the enemy within,â SANS Institute Director of Research Alan Paller told SCMagazineUS.com. âThey are already in and we have to find them,â Paller said. Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China’s People’s Liberation Army.
Read more…
Mozilla’s Firefox web browser is vulnerable to spoofing attacks, according to an Israeli security researcher. Aviv Raff reported on his blog on Wednesday that Mozilla Firefox v2.0.0.11 allows information presented in a basic authentication dialogue box to be spoofed, opening up the possibility of users being redirected to a malicious website. Earlier versions of the browser may also be affected.
Read more…
Its immense popularity may turn the iPhone into a painful experience for Apple, if predictions that the mobile device will be a major security target in 2008 are realised. IT security company Arbor Networks released a statement on Tuesday declaring that the iPhone will be a big target amongst cybercriminals next year.
Read more…
The latest rootkit in the wild hides on your hard driveâs boot sector and is starting to infect Windows PCs, according to security researchers. And the real kicker: The rootkit canât be detected by most antivirus applications. Symantec has been tracking the latest rootkitâTrojan.Mebrootâand provides a good overview of master boot record (MBR) rootkits. In general, an MBR is the first sector of a storage device, say a hard drive, and is used for booting the operating system. Control the MBR and control the OS.
Read more…