Sensitive and personal information for some 40 million people was stolen from Avid Life Media, a Toronto-based organization that owns the “world’s leading dating service” for those looking to have an affair, Ashley Madison, which has 37 million users, and hookup sites like Established Men and Cougar Life, KrebsOnSecurity reported Sunday. The company confirmed it had been hacked and was investigating the origin, nature and scope of the incident, in a statement Monday. The hackers identified themselves as the “Impact Team” and left a message instructing Avid Life Media to permanently shut down Ashley Madison and Established Men or the hackers would release the data taken from the company. “We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails,” Impact Team’s message said. The message singled out Avid Life Media Chief Technology Officer Trevor Stokes, who had noted in an internal document that protecting personal information was his biggest “critical success factor” and that he would “hate to see our systems hacked and/or the leak of personal information.” Impact Team welcomed Stokes to his “worst fucking nightmare.” The hackers demanded Avid Life media permanently shut down Ashley Madison and Established Men, “or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.” Other Avid Life Media websites were allowed to stay online. Avid Life Media said it secured its sites and closed "the unauthorized access points,” and is working with law enforcement to hold any and all parties responsible.
CVS Photo was temporarily shut down after a hacker successfully infiltrated the network, the company’s website said Monday. “Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the site said. “Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies.” Financial transactions on other CVS sites and in-store aren't affected, the site said.
UCLA Health was the victim of a criminal cyberattack last year that may have resulted in hackers obtaining personal information including names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information for patients, it said in a statement Friday. “While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information.” Data for 4.5 million individuals may have been involved in the attack that is believed to have occurred in September, it said. UCLA Health is working with the FBI and private computer forensic experts to “further secure information on network servers,” it said. Hospital System President James Atkinson said UCLA Health takes the attack “extremely seriously” and has “taken significant steps to further protect data and strengthen our network against another cyber attack.”
A Jan. 27 FCC Enforcement Bureau advisory that suggested that a WLAN operator's use of wireless intrusion detection systems (WIDS) or wireless intrusion prevention systems (WIPS) to block a wireless network access point from being used to launch a cyberattack violates federal law was meant only to “illuminate” the issue, said FCC Chairman Tom Wheeler in letters to House and Senate Homeland Security Committee leaders posted Friday. House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Senate Homeland Security Committee Chairman Ron Johnson, R-Wis., jointly sought Wheeler's clarification last month about the advisory, which they said conflicted with a 2011 Department of Homeland Security publication about WIDS/WIPS (see 1506180061 and 1506190040). The FCC believes its position in the Enforcement Bureau advisory “is consistent” with the DHS publication in its position that network operators “should not use 'blocking' to interfere with the operation of independent wireless networks,” Wheeler said. The bureau advisory “provided narrowly tailored guidance” regarding a specific situation and doesn't “change policy regarding the legitimate use of WIDS/WIPS by non-federal users and does not address any practices of federal government network operators,” Wheeler said.
Some 70 members of Darkode, an underground, invite-only, online meeting forum for those interested in buying, selling and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials and other pieces of data and software obtained from cybercrimes, were arrested and charged, the Department of Justice and the FBI said in a blog post Wednesday. Law enforcement agencies from 20 countries were involved in Operation Shrouded Horizon, making the Darkode takedown the largest coordinated international law enforcement effort ever directed at an online cybercrime forum, a DOJ news release said. A dozen individuals in the U.S. were indicted, search warrants were served in the U.S. and the FBI seized Darkode’s domain and servers, DOJ and the FBI said. The investigation focused primarily on the Darkode members responsible for developing, distributing, facilitating and supporting the “most egregious and complex cyber criminal schemes targeting victims and financial systems around the world,” they said. “Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” U.S. Attorney David Hickton of the Western District of Pennsylvania said. “This is a milestone in our efforts to shut down criminals’ ability to buy, sell, and trade malware, botnets and personally identifiable information used to steal from U.S. citizens and individuals around the world,” FBI Deputy Director Mark Giuliano said.
“Recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges” by “convincing a user to visit a website or open a file” that could allow an attacker to combine Flash and Windows vulnerability to take “full control of an affected system,” said the U.S. Computer Emergency Readiness Team in an alert Wednesday. US-CERT said that “since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.” Don't "run untrusted Flash content,” and “review the Bulletin and apply the necessary updates,” US-CERT said.
Rackspace said Tuesday that it’s making a “significant investment” in CrowdStrike’s $100 million Series C financing round. CrowdStrike received $156 million through the financing round, which has been led by Google Capital. “Security is a top priority for Rackspace, and we're committed to being world-class in our ability to deter, detect and respond to cyber attacks,” Rackspace Chief Security Officer Brian Kelly said in a news release. Rackspace adopted CrowdStrike’s Falcon platform in 2013 and CrowdStrike provides Rackspace’s security operations center with technology and expertise to protect Rackspace customers against advanced cyberattacks, Rackspace said. “Rackspace has been an influential proponent of disruptive technologies and sees the value of our cloud-based endpoint protection platform as well as our unique proactive security services,” CrowdStrike CEO George Kurtz said in the Rackspace news release. Rackspace said Monday that it’s partnering with Microsoft to ease companies into using Microsoft’s Azure cloud computing service. “Our strategy at Rackspace has always been to provide the world's best expertise and service for industry-leading technologies -- including a broad selection of Microsoft products,” Rackspace CEO Taylor Rhoades said in a news release. The partnership extends Rackspace’s existing 13-year collaboration with Microsoft, which means “our mutual customers will have even more options for migrating their diverse IT workloads to the cloud,” Microsoft Executive Vice President-Cloud + Enterprise Scott Guthrie said in a Rackspace news release.
Adobe released a security update to address “critical vulnerabilities” in Shockwave Player for Macintosh and Windows Tuesday, said an alert from the U.S. Computer Emergency Readiness Team. U.S.-CERT said in a separate alert that Adobe also released security updates addressing vulnerabilities within the classes of Flash Player that could allow a “remote attacker to execute arbitrary code on a vulnerable system." Affected versions of Adobe include Adobe Flash Player 9 through 18.0.0.204.
Vladimir Tsastsin, 35, of Estonia, pleaded guilty Wednesday to wire fraud and computer intrusion charges “arising from his operation of a massive and sophisticated Internet fraud scheme that infected” more than four million computers in more than 100 countries with malware, said a news release from the Southern District of New York’s U.S. Attorney’s office. “The malware secretly altered the settings on infected computers, enabling Tsastsin and the six other charged defendants -- Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev, Andrey Taame and Anton Ivanov -- to digitally hijack Internet searches, re-route computers to certain websites and advertisements, and receive payment for the hijacked Internet traffic,” the release said. Tsastsin faces a maximum sentence of 20 years in prison for wire fraud and five years in prison for computer intrusion. Sentencing is Oct. 14.
“Technology makes it easy for scammers to fake or ‘spoof’ caller ID information” and can make it look like they’re calling from a different place or number, including the receiver's’ own number, said a blog post Tuesday from FTC Do Not Call Program Coordinator Bikram Bandy. “Scammers use this trick as a way to get around call-blocking and hide from law enforcement,” Bandy said. Don’t pick up, press buttons to be taken off the call list or talk to a live person as it’s an illegal robocall, he said. Ignore them and move on with your day, Bandy said.