This Week in Cybersecurity News
Customers Cry Foul in Two More Anthem Suits by Teri Robinson, SC Magazine
Two lawsuits were filed in Denver District Court against Anthem Inc. after a massive data breach exposed private information on more than 80 million of the insurance company’s past and present customers and employees. In both suits, plaintiffs echo the anger and argument of previous lawsuits claiming that Anthem broke faith by failing to protect their information.
Payment Card Data Compromised in Big Fish Games Breach by Eduard Kovacs, Security Week
A piece of malware installed on the systems of casual gaming company, Big Fish Games has been used to steal customer payment information. The malware was installed on the billing and payment pages of the company’s website and it appears to have intercepted customer data such as names, addresses, payment card numbers, expiration dates, and CVV2 codes. According to Big Fish Games, customers who entered new payment information between December 24, 2014 and January 8, 2015 may be been affected. There is no indication that this issue impacted customers who purchased games for iOS and Android devices or through Facebook.
Information Disclosure Flaw Exposes Netgear Wireless Routers to Attacks by Lucian Constantin, IDG News Service
Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys. The vulnerability can be exploited over local area networks, as well as over the Internet if the devices are configured for remote administration and expose their Web interface externally.
Carbanak Hacking Group Steal $1 Billion from Banks Worldwide by Charlie Osborne, ZDNet
Researchers and a variety of international law enforcement agencies uncovered a two-year criminal operation which stole $1 billion from banks worldwide. The cybergang struck banks, e-payment systems and financial institutions in 30 countries using the Carbanak malware. The criminal gang was able to transfer cash fraudulently and compromise ATMs.
Lenovo PCs Ship with Man-in-the-Middle Adware that Breaks HTTPS Connections by Dan Goodin, Ars Technica
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web session and may make users vulnerable to HTTPS man-in-the-middle attacks. The threat is present on Lenovo PCs that have adware from a company called Superfish installed. Attackers can use the private encryption key accompanying the Superfish-signed Transport Layer Security certificate to certify imposter HTTPS websites.