jump to navigation

Chinese MalWare Attacks Tracked to Individual March 30, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

According to a report on Foxnews today, TrendMicro has traced a MalWare attack aimed at Tibetan activists in Japan and India to a Chinese graduate of Sichuan University. The LuckyCat campaign has been active for about a year and compromised over 230 computers in 90 separate attacks.  You can read the TrendMicro report here.    According to TrendMicro: “The Luckycat campaigns targets include the aerospace, military, energy, shipping and engineering industries, as well as Tibetan activists and organizations. Given its technical similarities, Luckycat is believe to be a continuation of ShadowNet, also known as GhostNet, a Chinese cybercrime campaign that has been targeting Tibetan activists as well as the Indian government since 2009, Trend Micro said.”

Wall Street Journal Reporting- Global Payments is Breached March 30, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , , , , , ,
1 comment so far

Updating my last story, the Wall Street Journal is now reporting that the “massive” data breach referenced earlier was Global Payments, Inc. USA Today is also reporting on the issue.  According to sources, Dominican street gangs may be involved.  Gartner’s Avivah Litan stated: “are seeing signs of this breach mushrooming. From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.”

Visa Issued a statement: “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards. … Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. “

MasterCard is: “concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information. If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.”

BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , ,
add a comment

A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security.  Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized.  According to the article:

“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.”  (more…)

Risk 102: “Security Ain’t Safefy”; Putting Risk In Context March 26, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , , ,
add a comment

In reading through the volumes of blogs, and Linkedin comments on security and risk management a common theme appeared.  When talking about risk management at it applies to security there appears to be a temptation to use the same models and methodologies as those used in safety risk management.  Make no mistake, safety risk management is critical and both aspects may overlap from time to time.  Whether analyzing auto accident risks, designing industrial equipment or other aspect, it is important to understand and analyze the risk of the activity. The difference lies in the catalyst for the events in question.  (more…)

UPDATE “Just Say No!”- to Facebook Login Request for Employment March 23, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , ,
add a comment

UPDATE: Kudos to Facebook for weighing in on this subject.  Facebook says that not only is the practice wrong, but it is a violation of Facebook’s terms of service.  Echoing what I (and others) have said, logging into someone’s FB page could expose the employer to a lawsuit.  “(W)e don’t think it’s right the thing to do,” she said. “But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.”

I find myself posting on this subject occasionally because a neighbor, friend or other person will inform me that during an interview or application they were asked to provide their Facebook or other ‘social media’ login.  This topic seems to arise again, and again and was again highlighted on msnbc.com.  So, for those who are asking or saying: “Chris, if you have nothing to worry about, then why do you care?”  Valid question.  Let me answer.  First, if you are looking for a job, as a responsible professional person you should take care to not post inflammatory, racist, hateful or other items on your social media.  If you are a proud member of a hate group, you may want to keep that info private.   Pictures of you doing drugs, or being arrested in New Orleans is also probably a bad idea.  (more…)