- From Bank Info Security - AT&T is paying $25 million for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
- Bloomberg reports that data breaches don’t just affect retailers and banks, most big law firms have been hacked, too.
- According to Threat Post, new evasion techniques helped AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations.
- Just last weekend Linux Australia got pwned, rooted, RATted and botted, reports Naked Security.
- And Wired tells us about a security flaw in drug infusion pumps that allows hackers to raise dosage levels.
- KrebsOnSecurity asks "Who's Watching Your WebEx" - a look inside the world of online meetings and webinars.
- Millions and millions of Dropbox logins have not been stolen - well, not recently, anyway - the company said on Monday. Naked Security investigates the potential breach.
- A new report says ATM malware incidents are migrating to new markets. Read the full story at Bank Info Security.
- Russian hackers target NATO, Ukraine through Windows zero-day exploit. Full coverage at ZDNet.
- Starting Monday Oct. 20 - Apple Pay will be available. Learn more about the new service at Bank Info Security.
- Home Depot investigates possible payment data breach - The source of the possible breach, as well as the number of people who might be affected, was not immediately clear. Read more at CSO Online.
- Federal officials recently confirmed that Hackers uploaded malware to a test server for the Obamacare insurance exchange website HealthCare.gov in July. The full story is available at Health Care Info Security.
- Via Dark Reading - "China has become infamous for politically motivated intelligence gathering, but new research from Trend Micro shows that a financially motivated, politically independent cybercrime underground is alive and growing behind the Great Wall, as well."
- Goodwill release an update this week about a breach affecting about 330 of its stores that exposed information from approximately 868,000 payment cards. Read more at Bank Info Security.
- In the aftermath of the recent hacking incidents including the one at Community Health Systems, the healthcare sector is collaborating to evaluate ways to improve cybersecurity intelligence, threat information sharing and incident preparedness. Read more.
Here's a look at this week's top information security news stories:
- UPS reveals data breach - POS malware compromises transactions at UPS Store locations. All told, 51 of its U.S. franchised center locations across 24 states were infected, which may have resulted in attackers compromising customers' personal information and payment card details, thus placing them at risk of identity theft and fraud.
- Is Heartbleed Behind Healthcare Breach? Healthcare Info Security analyzes the cause of Community Healthcare Systems' breach.
- A Chinese national is facing prison time after a federal grand jury indicted him on five felony charges related to a computer hacking ruse that targeted defense contractors Boeing and Lockheed Martin. The full story is available at SC Magazine.
- Recently, news broke that a possible data breach at various supermarket chains may have affected 1,000 stores across the US, thanks to hackers being able to install malware on point-of-sale (PoS) systems. Response from the security community has been less than forgiving. Read more at Info Security Magazine.
- Vitamin seller website attacked, payment cards and other info compromised. Learn more about the recent attack on TheNaturalOnline.com via SC Magazine.
Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that over seven years penetrated computer networks of more than a dozen major American and international corporations, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars.
Indictments were announced Thursday in Newark, where U.S. Attorney Paul Fishman called the case the largest hacking and data breach scheme ever prosecuted in the United States.
The victims in a scheme that allegedly ran from 2005 until last year included the electronic stock exchange Nasdaq; 7-Eleven Inc.; JCPenney Co.; the New England supermarket chain Hannaford Brothers Co.; JetBlue; Heartland Payment Systems Inc., one of the world's largest credit and debit processing companies, French retailer Carrefour S.A., and the Belgium bank Dexia Bank Belgium.
Read the rest of the article via NBC News.