Judge rules that banks can sue Target for 2013 credit card hack

On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group of banks can proceed to sue Target for negligence in the December 2013 breach that resulted in the theft of 40 million consumer credit card numbers as well as personal information on 70 million customers. The banks alleged that Target had “failed to heed warning signs” that would have stymied the banks' losses.

The breach occurred between mid-November and mid-December in 2013, after hackers placed malware on Target POS systems that made it possible for them to steal credit card numbers as consumers swiped. The vast number of people affected by the breach made Target's hack the most notorious, but subsequent reports revealed that Target was only one of many big-name retail stores that had credit card data stolen—Neiman Marcus, Michaels, and later Home Depot customers were also revealed to be targets.

After the breach, multiple banks and consumers sued Target in Minnesota, where the company is headquartered. The lawsuits from both banks and consumers were grouped together into two consolidated class action complaints. Target filed a motion to dismiss the claims made by the financial institutions, but District Court Judge Paul A. Magnuson ruled that the plaintiffs' claims were valid.

Read 8 remaining paragraphs | Comments

Exposed: NSA program for hacking any cell phone network, no matter where it is

The National Security Agency has spied on hundreds of companies and groups around the world, including in countries allied with the US government, as part of an effort designed to allow agents to hack into any cellular network, no matter where it's located, according to a report published Thursday.

Armed with technical details of a specific provider's current or planned networks, agents secretly attempt to identify or introduce flaws that will make it possible for communications to be covertly tapped, according to an article published by The Intercept. Security experts warned that programs that introduce security flaws or suppress fixes for existing vulnerabilities could cause widespread harm, since the bugs can also be exploited by criminal hackers or governments of nations around the world.

"Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities," Karsten Nohl, a cryptographer and smartphone security expert, told The Intercept. "Because once NSA introduces a weakness, a vulnerability, it's not only the NSA that can exploit it."

Read 3 remaining paragraphs | Comments

Sony Pictures malware tied to Seoul, “Shamoon” cyber-attacks

The “wiper” malware that knocked Sony Pictures’ corporate network offline for over a week, now being called Destover, bears a striking resemblance not only to the “DarkSeoul” malware that struck South Korean companies last year, but the Shamoon “wiper” that struck Saudi Aramco in 2012, according to analysis by Kaspersky Labs and other security researchers. While there is nothing in the analysis that would tie the three attacks to the same malware developers, they all used similar techniques, as well as some of the same commercial Windows drivers to attack the hard drives of their victims.

In an e-mail exchange with Ars, Kaspersky Lab security researcher Kurt Baumgartner said, “Of the three, the Shamoon and Destover implementations share the most similarities, and based on these similarities it is possible that there was shared guidance or expertise between the two projects. All three share operational similarities.”

The Sony Pictures malware used commercial software to do its damage to the victim computers’ hard drives—the RawDisk library from EldoS, which allows Windows applications to gain direct access to disk hardware without having to run in administrator mode. As EldoS advertises on its website for RawDisk, the library “offers software developers direct access to files, disks and partitions of the disks (hard drives, flash disks, etc,) for user-mode applications, bypassing security limitations of Windows operating systems.” This allowed the malware to skip past any restrictive security permissions in Windows’ NTFS file system and overwrite the data on the drive, including the master boot record (MBR). (Further details of the malware's behavior are in Ars' updated analysis article.)

Read 5 remaining paragraphs | Comments

IBM Releases Security Update for MDM

Original release date: December 04, 2014

IBM has released Tivoli Endpoint Manager Mobile Device Management (MDM) version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system.  

Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.