Aimee Chanthadavong reports: A decade-long cyber espionage operation focused on stealing sensitive information for the Chinese government is claimed to have been uncovered by security firm FireEye. The FireEye intelligence report (PDF), APT30 and the Mechanics of a Long-Running Cyber Espionage Operation, has revealed that the group, dubbed APT30, has been maintaining an advanced persistent threat…
Category: Of Note
Here’s a tip for some Crime Stoppers in Canada: you’ve been hacked (UPDATED)
April 14: See update and possible correction at the bottom of this post concerning the storage and encryption of tips. TeaMp0isoN claims that one of the sites they recently “audited” was the web site of Waterloo Crime Stoppers. In a zine about what they describe as a 0day SQLi attack, TeaMp0isoN writes that they found an unprotected…
The train wreck that was (is?) Pasco County School District’s IT security
I continue to look for details on the case of a 14-year old middle school student who is facing two felony counts for allegedly hacking into his district’s network (see previous coverage of the case on this blog here and here). In today’s installment of How Badly Can a District Screw Up InfoSecurity? Ashley Feinberg of…
White Lodging confirms another long-running payment card “suspected breach”
White Lodging, an independent hotel management company, continues to struggle to really secure customer card data. Since January 2014, when Brian Krebs reported that White Lodging card data had been compromised for most of 2013, White Lodging has attempted to harden its security. In February 2014, the firm confirmed the suspected breach of point of sales…
AT&T To Pay $25M To Settle Investigation Into Three Data Breaches
If anyone doubted the FCC was serious about getting more into data breach/security enforcement, they should read this settlement with AT&T released today (pdf). From the order: 1. The Enforcement Bureau (Bureau) of the Federal Communications Commission (Commission) has entered into a Consent Decree to resolve its investigation into whether AT&T Services, Inc. (AT&T or Company)…
UK: Financial firms are responsible for data trading
Tony Hazell nails it in a column that begins: The revelation that intimate financial and medical details are being sold to firms with dubious intentions should have sent shockwaves through the financial community. But it probably will not. The Daily Mail last week revealed that financial details were being sold for as little as 5p…