Woman reading

InfoSec in the News

2001 and earlier

Most of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

Security Wire Digest


- Visit SANS, Sophos, SC magazine, and InfoSecurity magazine websites to sign up for news feeds -

23 December 2015 - Man Arrested for Allegedly Stealing Scripts for Unreleased Movies and Shows
US authorities have arrested a man in connection with the theft of television and movie scripts and private photographs of celebrities.Alonzo Knowles allegedly attempted to sell the items to an undercover agent. He allegedly stole the items by obtaining account passwords through phishing and by infecting their computers with malware capable of harvesting account credentials.

22 December 2015 - Former Investment Company Advisor Sentenced for Unauthorized Data Access
Former Morgan Stanley financial advisor Galen Marsh was sentenced to three years probation and ordered to pay US $600,000 in restitution for accessing confidential client data without authorization. Marsh uploaded the data to a server at his home.

17 December 2015 - Guilty Pleas in Massive Software Piracy Case
Six people have pleaded guilty to charges in what is being called "one [of] the biggest software piracy cases, if not the biggest, the [Justice] department has ever handled." Over six years, the fraud operation sold more than 170,000 pirated copies of Adobe and Microsoft products, amounting to more than US $100 million in sales.

16 December 2015 - Non-Healthcare Companies Have Exposed Personal Health Information in Breaches
According to a study from Verizon, nearly 20 percent of breaches involving healthcare information are not detected for at least one year. This is due in part to the fact that some organizations outside the healthcare sector are unaware that they have healthcare data stored in their systems. Twenty percent of healthcare breaches of health records involved privilege abuse.

8 December 2015 - Former IBM Employee Arrested for Alleged Theft of Proprietary Source Code
A former IBM software engineer has been arrested and charged with the alleged theft of proprietary source code. The charges, filed in federal court in New York, allege one count of theft of a trade secret. Xu Jiaqiang was arrested in White Plains, New York on December 7, 2015 after attempting to sell software that included the stolen code to undercover agents. IBM is not named in the complaint; Xu's LinkedIn profile says he was employed there from November 2010 until July 2014.

4 December 2015 - Linen Company Stole Customer Invoices from Competitor
New Hampshire company General Linen Services, LLC (DBA General Linen Somersworth) admitted to stealing invoices from competitor Genera Linen Services Co. Inc. in an attempt to steal that company's customers. The targeted company's computer system was accessed without authorization more than 150 times between September 2009 and April 2010; most of the breaches originated from General Linen Somersworth.

3 December 2015 - Ransomware Steals Passwords before Encrypting Files
A new ransomware first uses malware known as Pony to steal account login credentials from targeted computers before encrypting files. The ransomware is spreading through websites infected with the Angler exploit kit.

9 November 2015 - Comcast Resets Compromised User Passwords - Says Systems Not Breached
Account information for 200,000 Comcast customers was found for sale on the Dark Web. The telecommunications company says that its systems were not breached, and that it will reset the affected passwords.


6 November 2015 - Files Encrypted by Buggy Ransomware are Not Recoverable
A flawed version of the Power Worm ransomware encrypts files on computers it infects, but it also destroys keys to decrypt the data. Users who have been infected with this variant should not pay the ransom; they only recourse is to restore files from backups.

2 November 2015 - Snapchat tries to soothe users who find new policy scary
Users freaked when it looked like Snapchat granted itself perpetual rights to access content in its new privacy policy and service terms.

31 October 2015 - Using DroidJack spyware to snoop on your spouse could get you arrested
Some Android spyware might be legal to buy, but not to use...as numerous users of "DroidJack" found out this week.

15 October 2015 - US Navy Civilian Engineer Sentenced to Prison for Attempted Espionage
A former civilian engineer for the US Navy has been sentenced to 11 years in prison for attempted espionage. Mostafa Ahmed Awwad shared schematics of a nuclear aircraft carrier with an FBI agent posing as an Egyptian intelligence officer. Court documents say that Awwad met with the agent and described his plan for copying documents from his computer without triggering a security alert. Awwad pleaded guilty to the charges on June 15, 2015.

7 October 2015 - USPS Employees and Phishing
Just months after US Postal Service employee data were compromised with the help of a phishing attack, 25 percent of a sample of USPS employees fell prey to a compliance and awareness phishing security exercise. Just seven percent of employees who received the suspicious email reported it to the USPS Computer Incident Response Team, which is a requirement. Most of the employees who received the test email had not completed their annual security awareness training.

6 October 2015 - FBI Urges Use of Two-Factor Authentication
The FBI is encouraging small- and medium-sized businesses and Internet users in general to use two-factor authentication to safeguard personal information. The FBI (did this) as part of this year's National Cyber Security Awareness Month. In a related story, a coalition of government agencies, technology companies, and security experts met in Washington, DC, earlier this week to discuss ways to move toward stronger, two-factor authentication.


21 Sept 2015 - Malware on Apps in Google Play Store
Malware hidden in a game has made its way into the Google Play store twice within the past few weeks. Each game had between 100,000 and half a million downloads. The malware hides in a game for Android called Brain Test. It manages to bypass Google Bouncer, the store's app vetting system. The first version of Brain Test was taken down on August 24; the second on September 15.

21 Sept 2015 - DHS CISO Says Employees Who Fall for Phishing Should Lose Security Clearances
US Department of Homeland Security CISO Paul Beckman says that employees who repeatedly fall for phishing attempts, whether real or orchestrated as a test, should lose their security clearances. He noted that people keep falling for the phishing attempts because there have been no negative consequences for them personally.

18 Sept 2015 - WordPress Sites Infected with Malware
An attack against WordPress has compromised thousands of websites; the malware placed on those sites redirects site visitors to a page containing the Nuclear Exploit Kit. The kit scans the user's computer for unpatched flaws that it can exploit.

13 Sept 2015 - Justice Department Shutters ShareBeast Filesharing Site
The US government has shut down the ShareBeast filesharing service along with the albumjams website. The Department of Justice (DoJ) seized the domain on Friday, September 11. According to the FBI, ShareBeast was the largest US-based filesharing site.

10 Sept 2015 - Android Ransomware Resets Lockscreen PINs
Ransomware targeting Android phones locks users out of their devices by changing the lockscreen PIN, according to researchers at ESET. Victims can pay the US $500 to unlock the device or do a factory reset, which will delete all the data the device holds. It is currently spreading through unofficial app stores as a pornography viewer app.

9 Sept 2015 - DHS Warns of Spear Phishing Attack Targeting Critical Infrastructure Organizations
The US Department of Homeland Security has warned providers of the country's critical infrastructure that a spear-phishing campaign targeting their networks has been detected. DHS did not identify the suspected source of the attacks.

8 Sept 2015 - Man Sentenced for Running Illegal Movie Streaming Site
A judge in Ireland has sentenced Paul Mahoney to two years in prison and two years of supervised release for operating a website that streamed pirated versions of movies as well as sites that provided links to pirated content. Mahoney earned nearly GBP 300,000 (US $463,000) from advertisements on his websites. The prosecutor in the case noted that if each of the views had been a legitimate purchase, they would have generated GBP 120 million (US $185.2 million) but because the majority of those who viewed the movies would not have made a purchase, the losses were estimated at GBP 12 million (US $18.5 million).

7 Sept 2015 - Malicious Ads on Yahoo are Pushing Angler Exploit Kit
Researchers at Malwarebytes say that miscreants are distributing malware through advertisements on Yahoo. They are tricking automated ad delivery systems into displaying ads that contain embedded malware. This particular attack attempts to load the Angler Exploit Kit onto users' computers. Yahoo has taken steps to stop the malvertising.

3 Sept 2015 - Former Tesla Employee Arrested for Allegedly Breaking Into Boss's eMail
A man once employed by Tesla as a mechanical engineer could face up to six years in prison for allegedly breaking into his boss's email account and stealing information. Nima Kalbasi allegedly accessed the account, obtained employee evaluations and shared that information with others. Kalbasi also allegedly accessed a customer complaint report and posted it online. He was arrested in August and has been charged with felony computer intrusion.

27 Aug 2015 - Healthcare Cybersecurity Survey - 80% Compromised
According to the 2015 Healthcare Cybersecurity Survey, more than 80 percent of healthcare organizations said that their systems have been compromised within the past two years. Attacks on healthcare IT systems have increased compared with the figures in earlier years. Among the reasons cited for the increase are the adoption of digital patient records and automated clinical systems; the use of outdated electronic medical records (EMRs) and clinical applications that were not designed to function in current networked environments; and networks that include patient data, medical device controls, and that are Internet connected.

24 Aug 2015 - Ashley Madison CTO May Have Stolen Data From Competitor
Information in emails included in the most recent Ashley Madison data dump indicates that the company's CTO may have broken into a competitor's system and stolen "their entire user base" prior to November 2012.

21 Aug 2015 - Government Employees Not Abiding by BYOD Security
According to a survey of 1,000 US government employees, many are not heeding BYOD (bring your own device) mobile security policies. Nearly a quarter of those surveyed send work documents to their personal email accounts. Seventeen percent said they stored work-related documents on personal file-sharing apps. Employees also said they have jailbroken or rooted their devices and loaded applications that are not from official app stores.

5 Aug 2015 - Prison Time for Tutor Who Stole Teachers' Login Credentials and Altered Grades
Timothy Lance Lai pleaded guilty to computer fraud and burglary earlier this week. Lai put keystroke loggers on computers belonging to teachers at Corona del Mar High School in California where he tutored students.
He used the information to steal login credentials, change students' grades, and look at tests. Lai has been sentenced to one year in prison.

31 July 2015 - Air Force Contractor Sentenced for Data Theft
A US District Judge in Florida has sentenced former US Air Force contractor Christopher R. Glenn to 10 years in prison for theft of classified documents and conspiracy. Glenn earlier pleaded guilty to willful retention of classified national defense information under Espionage Act; to computer intrusion under the Computer Fraud and Abuse Act; and conspiracy to commit naturalization fraud.

27 July 2015 - Stagefright Vulnerabilities Affect Nearly All Android Devices
Nearly all Android smartphones contain remote code execution vulnerabilities that could be exploited simply by sending the device a maliciously crafted text message. The vulnerabilities lie in Stagefright, an Android component that is used in playing, recording, and processing multimedia files. Google has developed a fix for the issue, but because the wireless carriers and device manufacturers must also take action, it is unknown if and when the devices will be patched.

22 July 2015 - Belgian Government Phishing Test Not Thought Through
A regional government in Belgium ran a phishing test on its employees but forgot to inform high-speed train operator Thalys that it was using the company's name in the message. The phishing email said that the recipient had booked an expensive trip abroad and that nearly 20,000 Euros would be charged to their payment card unless they cancelled the trip within three days. The email instructed recipients to send their card information to Thalys. Employees began calling Thalys to complain; some employees also contacted police.

22 July 2015 - Fake Android Games Direct Users to Porn Sites
This month five malicious Android apps posing as games made their way into the Google Play store for nearly a week, and during that time each app was downloaded by between 5,000 and 10,000 users, according to new research from Avast.

20 July 2015 - Eight-Year Sentence for Leaking Customer Data
A UK man has been sentenced to eight years in jail for leaking or posting personal information of 100,000 people to the Internet. Andrew Skelton was formerly an internal auditor at the Morrisons supermarket chain and had access to employee data.

16 July 2015 - Ohio Inmate Had Prison System Login Credentials
An Ohio prison inmate was found to be in possession of login credentials for the prison's computer system. A routine search revealed that the prisoner had a list of administrative user names and passwords. The Ohio State Highway Patrol is investigating.

16 July 2015 - US Dept. of Interior IG Report Finds Thousands of Security Issues
According to a report from the US Department of the Interior (DOI) Office of Inspector General, agency systems were found to have nearly 3,000 security issues. Some of the vulnerabilities could be exploited to jump from a compromised machine to internal agency networks. The DOI hosted the Office of Personnel Management (OPM) files that were stolen in the initial, infamous OPM breach.

14 July 2015 - 13-Year Sentence for Man Who Sold Credit Monitoring Records Data
A US federal judge has sentenced Hieu Minh Ngo to 13 years in prison for his role in a data breach of a credit monitoring company that exposed personally identifiable information for 200 million accounts. He was found guilty of charges that included wire fraud and identity fraud. Ngo pretended to be a private investigator and tricked Court Ventures into allowing him to access a database of personal information, which he then sold.

2 July 2015 - FBI Most Wanted Cybercriminals
The FBI has made public a list of its most wanted cyber criminals. For information leading to the capture and prosecution of the top five, the FBI will pay up to a total of US $4.2 million.

2 July 2015 - Former Georgia Pacific Employee Charged with Damaging Computers
A former systems administrator at US paper manufacturer Georgia Pacific has been charged with intentionally damaging the company's protected computers. Brian Johnson is believed to be responsible for "multiple system failures as a result of continued attacks" that began on February 14, 2014, the day he was fired.

29 June 2015 - Malwarebytes Will Trade Pirated License Keys for Legitimate Ones
People who are using counterfeit versions of Malwarebytes antivirus license keys can trade them for legitimate keys that will remain valid for one year. Malwarebytes says that some people may have been tricked into downloading pirated versions of the product.

19 June 2015 - Competition Aims to Identify Cyber Security Talent with $30,000 Scholarships
The SANS Institute's Cyber Aptitude Assessment competition offers top performers scholarships to the SANS Cyber Academy, an eight-week cyber security training boot camp. The assessment consists of roughly 40 questions that competitors will have 45 minutes to answer.

18 June 2015 - Pentagon May Hold IT Users More Accountable for Cyber Security
DOD CIO Terry Halvorsen said that there are few if any consequences for users whose online behavior creates security problems for DOD systems. Halvorsen said that the Pentagon plans to start holding IT users and their commanders more responsible for violating cyber security rules.

10 June 2015 - 49 Arrested in Phishing Scheme Crackdown
Law enforcement agents in Europe have arrested 49 suspects in connection with a phishing scheme that stole millions of Euros from people's bank accounts. The suspects were arrested in Spain, Poland, and Italy.
Authorities in the UK, Belgium, and Georgia also helped with the investigation, which was dubbed Operation Triangle.

3 June 2015 - FBI Wants Access to Social Media User Information
The FBI wants congress to pass a law mandating that operators of social media sites and other web communication tools share customer information with law enforcement just as telecommunications companies do. Michael Steinbach, assistant director of the FBI's counterterrorism division, told the House Homeland Security Committee earlier this week that congress should develop Internet communication rules that are informed by the Communications Assistance for Law Enforcement Act (CALEA).

26 May 2015 - Android Ransomware
Ransomware targeting users of Android devices pretends to be an update for Adobe Flash Player. Once the user clicks on the phony update, the malware displays what appears to be a warning from the FBI about the user's viewing of online pornography. The warning includes phony screenshots of what appears to be an incriminating browsing history.

21 May 2015 - Password Security Questions Easy to Guess
Google's analysis of hundreds of millions of password security questions found that it would be easy for people intent on gaining access to someone's account to do so. Guesses yielded correct results a surprising amount of the time. Google says that instead of adding more questions, but to update account information to provide a phone number or secondary email address to help prevent accounts from being taken over.


21 May 2015 - Android Factory Reset Does Not Always Clear Data
Researchers at Cambridge University have found that as many as 500 million Android phones contain a security issue that could expose data even after the factory reset option is run. The researchers were able to recover data, including login credentials, text messages, and emails, from supposedly wiped devices http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/

15 May 2015 - Medical Management LLC Breach Affects Patients in at Least Three States
Grand View Health in Pennsylvania has issued a notice stating that a third party medical billing company, Medical Management, LLC (MML), has alerted them that a former employee copied patient data and may have shared them with other individuals. The breach affects hospitals in at least three states: Pennsylvania, New Jersey, and New York. MML is in the process of notifying affected individuals. The employee who allegedly took the data worked at MML from February 2013 to March 2015.

14 May 2015 - FBI: Data Breaches Up 400%; Workforce Needs To Be "Doubled or Tripled"
James Trainor, acting assistant director of the FBI's Cyber Division, said the agency used to learn about a new, large-scale data breach every two or three weeks. "Now, it is close to every two to three days,"
Trainor also said the cybersecurity industry needs to "double or triple"
its workforce in order to keep up with hacking threats.

11 May 2015 - Thieves Steal Funds Through Starbucks Mobile App
Thieves are exploiting a weakness in Starbucks' mobile app to steal money from users' bank accounts. The app can be used to pay at the coffee stores' checkouts with smartphones and can also be set up to draw money from payment accounts to reload gift cards. The attackers have reportedly been breaking into Starbucks accounts to transfer money from bank accounts using the app's auto-reload function. Thieves need only the username and password to access the accounts. Starbucks says their system has not been breached, but that the attacks are the result of breaches of access credentials elsewhere and affect people who reuse that information on multiple sites. Consumer advocate Bob Sullivan urges users to disable the auto-reload function.https://bobsullivan.net/cybercrime/identity-theft/exclusive-hackers-target-starbucks-mobile-users-steal-from-linked-credit-cards-without-knowing-account-number/#

11 May 2015 - Former Dept. of Energy Employee Indicted for Alleged Phishing Attack
A man who used to work for the US Department of Energy (DOE) and the Nuclear Regulatory Commission (NRC) has been indicted on charges that he launched a spear phishing campaign against DOE employees. Charles Harvey Eccleston allegedly sent the phishing messages in January 2015. He allegedly intended to infect the DOE's network with malware that would steal information about US nuclear weapons for a foreign country.

8 May 2015 - Malvertising Attack Targets Adult Website Visitors
Computers belonging to people who have visited popular adult content websites were infected by malicious advertisements through Flash exploits. The malicious ad attempts to drop malware on site visitors' computers with no user interaction. The ad does not redirect users to another website, but instead drops the malware itself.

9 April 2015 - Incredible: Hacked French Network Exposed Its Own Passwords During TV Interview
In an interview about the satellite hack, TV5Monde reporter David Delos unwittingly revealed at least one password for the station's social media presence. He was filmed in front of a staffer's desk- showing sticky notes and taped index cards that were showed account usernames and passwords.

13 April 2015 - Middle School Student Facing Felony Charge for Accessing School's Network
A 14-year-old middle school student in Florida is facing a felony charge for accessing his school's computer network and changing a teacher's wallpaper. The school district's sets passwords to teachers' last names.
The student had previously been suspended for three days for accessing the system without authorization.

8 April 2015 - AT&T to Pay US $25 Million Settlement Over Call Center Data Theft
The US Federal Communications Commission (FCC) has reached a settlement with AT&T for data breaches that compromised customer information at call centers in Mexico, Colombia, and the Philippines. The telecommunications company will pay US $25 million. The incidents, which occurred in 2013 and 2014, affected 280,000 people. Some of the call center employees used their access to systems to steal information that could be used to request codes to unlock stolen phones. AT&T has stopped doing business with the call centers in question.

28 March 2015 - Army Security Awareness Message Addresses Online Security Issues
The US Army has issued a security awareness message urging its troops and their families to take steps to protect themselves from extremist attacks. The advice includes being careful about what they post to Twitter, Facebook, and other social media and refraining from including any geolocation data in posts. The message also lists physical security tips, including installing heavy-duty locks and doors and using window security systems.

25 March 2015 - NJ School District Recovers From Ransomware Attack
A New Jersey school district's network was held hostage by ransomware. Those behind the attack demanded 500 Bitcoins ($126,400) for full restoration. While students, teachers, and staff were inconvenienced by not being able to access their files for several days, eventually most files were restored from the network's backup system, and servers are being put back online after being scrubbed of malware. Student data were unaffected as they are stored elsewhere. The New Jersey State Police and the FBI are investigating.

17 March 2015 - NYPD Officer Arrested for Allegedly Accessing Databases Without Authorization
A New York City Police Department officer has been arrested for allegedly breaking into restricted law enforcement databases to obtain personal information about people who had been involved in traffic accidents. Auxiliary Deputy Inspector Yehuda Katz allegedly called these people, pretending to be an attorney.

11 March 2015 - VICEPASS Malware Targets Home Routers
Malware dubbed VICEPASS connects to home routers, scans for connected devices, and sends harvested information to a command-and-control server before it deletes itself. The malware appears to be infecting users who are tricked into visiting malicious sites that claim to offer Adobe Flash updates.

9 March 2015 - Former Employee Pleads Guilty to Breaking Into Former Employer's Network
A man who used to work at a New York company has pleaded guilty to breaking into his former employer's network and causing damage. Michael Meneses left his job at a high-voltage power supply manufacturer in January 2012 after three-and-a-half years of employment. Before he left, he had created a program to steal other employees' login credentials. He used that information to gain access to the network and altering code to cause problems with work order cost calculations.

19 February 2015 - Many Companies Still Not Focusing on Cyber Security
Although it would seem likely that incidents like the Target and Sony breaches would prompt organizations to take their own cyber security more seriously, results from two separate surveys indicate that there appears to be "a disconnect ... between the security function and senior leadership at many companies." A survey from Raytheon asked 1,006 CIOs, CISOs, and other technology executives about practices at their companies. Seventy-eight percent said their boards had not been briefed about cyber security strategy within the past 12 months. A PricewaterhouseCoopers (PwC) survey conducted last year found that less than 42 percent of responding companies' boards actively participate in security strategy. However, a forthcoming IDC survey of 269 security professionals found that most said their organizations have recently begun paying closer attention to their security postures.

11 February 2015 - Smartphone Thefts Down After Kill Switch Implemented
Authorities in three major cities say that kill switches on smartphones have noticeably reduced thefts of the devices. Apple added the feature in 2013, and since that time, iPhone thefts have dropped by 25 percent in New York, by 40 percent in San Francisco, and by 50 percent in London. Overall cellphone thefts in that period fell by 16 percent in New York, and 27 percent in San Francisco. The decline in thefts in London overall was 50 percent.

3 February 2015 - Three Apps Laced with Malicious Adware Pulled from Google Play Store
Google has removed three apps that were found to contain malicious adware from the Google Play store. The apps have been downloaded millions of times. One is a solitaire game aimed at English-speaking users. The other two, which targeted Russian-speaking users, are an IQ test and a history app. The malicious activity begins 30 days after the app is installed. When users unlock their phones, ads are displayed telling them the devices are out of date, infected or otherwise at risk, and are directed to malicious sites.

29 January 2015 - UK Government Disks Lost in the Mail Contain Sensitive Data
The UK government has acknowledged that two computer disks containing sensitive information related to high-profile judicial inquiries have been lost in the post.

15 January 2015 - LinkedIn Account Credentials Targeted in Phishing Scheme
Attackers are using phony security alerts to steal LinkedIn account access credentials. The messages pretend to come from LinkedIn support staff saying that users must download an attachment that will tell users how to install an update. The attachment appears to be the LinkedIn website but it sends entered data to the attackers. Users can protect themselves by activating LinkedIn's two-factor authentication.

14 January 2015 - Military Social Media Security
The US Office of the Secretary of Defense has instructed its social media managers to ensure that their accounts are secure, days after the Twitter and YouTube accounts of Centcom were hijacked. The compromised accounts were back online under Centcom control on Monday night, January 12.

9 January 2015 - Dept. of Energy Offers Cybersecurity Guidance
The US Department of Energy has released voluntary guidelines for energy companies and utilities to help them decide what steps to take to improve their cyber security posture. The Energy Sector Cybersecurity Framework Implementation Guidance offers ideas for developing risk management strategies and implementing best practices.
http://www.federaltimes.com/story/government/cybersecurity/2015/01/09/energy-cybersecurity-framework/21500813/ http://energy.gov/sites/prod/files/2015/01/f19/Energy%20Sector%20Cybersecurity%20Framework

5 January 2015 - Morgan Stanley Employee Fired Over Alleged Customer Data Theft
Morgan Stanley has fired an employee for allegedly stealing customer data, including account access credentials, and offering them for sale online. The breach affected approximately 10 percent of the company's
3.5 million wealth management customers. The employee had worked at Morgan Stanley since 2008.


© 1999-2016 Security Awareness, Inc. All Rights Reserved  :  Privacy Statement
Contact Us     Site Map