Monthly News Roundup - February 2015 (TL;DR)

img_2015-02-28_Computerworld

NEWS

February was a huge month in the world of network security news. In the past few weeks, we learned about one of the largest corporate data breaches in history, as well as a security flaw scandal involving planet earth’s #1 seller of PCs. In case you missed these stories, or any other top infosec news this month, here are the highlights.

  • Anthem Health Insurance Data Hack: The second largest health insurer in the U.S., Anthem, announced that they were a victim of a massive data breach. The hack involves stolen personal information of current customers, former customers, and even Blue Cross Blue Shield customers (how’d they get tangled in this mess?). The upshot: cyber criminals walked away with 78.8 million victims’ names, birth dates, social security numbers, medical IDs, street and email addresses, and employee financial information. This is a big mess. Anthem has started the cleanup process by initiating a credit monitoring service to assist those who are affected.
  • Lenovo’s SuperFish Adware Creates Security Nightmare: PC maker Lenovo took a hit this month after security watchdogs revealed the company had loaded its new computers with dangerous adware at the end of 2014. The software, installed by a company called SuperFish, creates a hacking risk for users during their would-be secure web browsing sessions. Thanks to this security flaw, Lenovo customers who bought affected PCs could be redirected to criminal sites that appear to be legit and protected by SSL.
  • U.S. Government Gets Serious About Catching Russian Cyber Crook: The U.S. Government announced it was offering $3M for information leading to the arrest of Russian cyber criminal, Evgeniy Bogachev. It marks the largest reward in an American cyber crime investigation. In 2007, Bogachev was responsible for a lucrative botnet scheme that infected over 1 million computers.
  • Drastic Increase in Records Hacked in 2014: Internet security firm, Gemalto, released its findings about the enormous increase in total records criminally accessed worldwide. According to the company’s study, the number of records breached exceeded 1 billion, a 78% increase from the previous year. Sounds like early 2015 is the right time to beef up network security.
  • Apple Extends Two-Factor Identification to iMessage and Facetime: Following the celebrity iCloud hacks last summer, Apple has been on a two-factor authentication frenzy. The company instituted a two-factor security protocol for iCloud in September 2014. This month, Apple has made it easy for users to put two-factor authentication in place for their video and text chat applications, Facetime and iMessage.
  • Microsoft Gets Around To Patching 15-Year Old Bug: Winning the award for “Most Delayed Reaction to a Digital Security Threat,” Microsoft has patched a 15-year old bug that potentially left all PC Windows users vulnerable. The flaw affected all users who connect to Microsoft’s Active Directory commercial databases.
  • Internet Explorer Zero-Day Bug Discovered: Microsoft’s popular browser is vulnerable to a Cross-Site Scripting Bug (or XSS). The flaw potentially allows hackers to inject their own JavaScript, view a user’s cookies or read his or her visited web pages. According to Microsoft, a patch is in the works.
  • Apple iOS Targeted In Massive Cyber Espionage Campaign: The Cold War lives on, and it’s gone mobile. Apple iPhones and iPads are now vulnerable to a massive Russian cyber espionage campaign. The campaign, dubbed Operation Pawn Storm, targets Western militaries, governments, defense contractors and media outlets. The newest weapon in this alleged espionage an app that steals texts, contacts, pictures and location information.
  • Ransomware Campaign Spread Using Ad Networks and Zero-Day Vulnerabilities: New reports reveal the spread of a Ransomware campaign out of Russia. The criminal effort started through file-less infections. Later it moved to zero-day vulnerabilities in Adobe's Flash Player when thieves discovered that method was more effective.
  • China’s Great Firewall Gets Taller: Guess what? Communists still hate the free flow of information. Case in point: The Chinese government’s Great Firewall 2.0. Yes, the long-standing authoritarian regime has reconstructed its Internet filter to make it even harder for people inside China to read criticism of their government or access social media. In addition, the re-made wall is able to restrict VPN connections. Until now, VPNs were a work-around for Chinese citizens who wanted to connect and communicate with the outside world. Somewhere, Chairman Mao is smiling. And he’s also wondering, “What’s the heck’s a VPN?”
  • Canadian Banks Targeted In Malware Attacks: For the past twelve months, U.S. banks have been the target of malware attacks but now thieves have set their sites on our friendly northern neighbors. Recently discovered variants of the Zeus online banking malware have apparently been aimed at customers of Bank of Montreal, Royal Bank of Canada and National Bank of Canada. Talk about bad news, eh?