- From Bank Info Security - AT&T is paying $25 million for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
- Bloomberg reports that data breaches don’t just affect retailers and banks, most big law firms have been hacked, too.
- According to Threat Post, new evasion techniques helped AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations.
- Just last weekend Linux Australia got pwned, rooted, RATted and botted, reports Naked Security.
- And Wired tells us about a security flaw in drug infusion pumps that allows hackers to raise dosage levels.
- President Obama proposes to spend $14 billion in fiscal year 2016, which starts Oct. 1, to support cybersecurity efforts across the government, including continuous monitoring and intrusion detection initiatives. Read more at Bank Info Security.
- Krebs On Security reports that for the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation.
- Federal Communications Commission Chairman Tom Wheeler officially proposed tough new rules for Internet lines Wednesday, regulations he said would prohibit wired and wireless broadband providers from “paid prioritization and the blocking and throttling of lawful content and services.” Details at Re / code.
- The FBI is investigating a potentially massive computer hacking attack on Anthem, Inc., one of the nation's largest health insurance companies, a federal official told NBC News late Wednesday. The company confirmed the attack.
- Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Full story at Krebs On Security.
A flaw has been discovered in one of the Internet’s key security methods, potentially forcing a wide swath of websites to make changes to protect the security of consumers.
The problem was first discovered by a team of Finnish security experts and researchers at Google last week and disclosed on Monday. By Tuesday afternoon, a number of large websites, including Yahoo, Facebook, Google and Amazon Web Services, said they were fixing the problem or had already fixed it.
Researchers were still looking at the impact on consumers but warned it could be significant. Users’ most sensitive information — passwords, stored files, bank details, even Social Security numbers — could be vulnerable because of the flaw.
The most immediate advice from security experts to consumers was to wait or at least be cautious before changing passwords. Changing a password on a site that hasn’t been fixed could simply hand the new password over to hackers. Experts recommended that, before making any changes, users check a site for an announcement that it has dealt with the issue. “This is a good reminder that there are many risks online and it’s important to keep a watchful eye around what you’re doing, just as you would in the physical world,” said Zulfikar Ramzan, the chief technology officer of Elastica, a security company.
The extent of the vulnerability was unclear. Up to two-thirds of websites rely on the affected technology, called OpenSSL. But some organizations appeared to have had advance notice of the issue and had already fixed the problem by Tuesday afternoon. Many others were still working on restoring security.
Read the full article at The New York Times.