DHS Daily Open Source Infrastructure Report (2013-Aug-08)
August 5, KSDK 5 St. Louis - (Missouri) MO HealthNet sends personal information of more than 1,300 participants to wrong address. MO HealthNet notified 1,357 participants that their personal information was mailed to an incorrect address by one of their contractors, Infocrossing, Inc. The contractor said a software programming error caused the mix-up.
August 7, Threatpost - (International) Fort Disco brute-force attack campaign targets CMS websites. A researcher at Arbor Networks reported that a botnet called Fort Disco is active in attacks targeting Web sites built on content management systems (CMS) to gain control of systems. Fort Disco is currently made up of around 25,000 compromised Windows machines.
August 7, Help Net Security - (International) Expect more Android security issues in 2013. Trend Micro released their second quarter 2013 Security Roundup Report which found that the number of malicious and high-risk Android apps has grown rapidly from the previous quarter, to 718,000 from 509,000. Malware targeting online banking also grew, increasing 29 percent from the first quarter.
August 7, Softpedia - (International) Malware disguised as "F-Secure Security Pack" browser extension. F-Secure warned users that cybercriminals are using the company's name to distribute a malicious browser extension called "F-Secure Security Pack" that makes social media posts on users' networks without permission.
August 7, Softpedia - (International) Four critical security holes fixed in Firefox 23. Mozilla released the newest version of its browser, Firefox 23, closing 13 security vulnerabilities, 4 of which were rated critical.
August 6, Computerworld - (International) Digital stakeout of Chinese hacker gang reveals 100+ victims. Two researchers from Dell SecureWorks presented findings of their surveillance of the "Beijing Group" Chinese hacking team during its campaign using the Comfoo remote access trojan (RAT) to target IT, energy, government, and communications organizations. The surveillance gave insight into the group's methods and patterns, including their attempts to target makers of videoconferencing hardware for use in eavesdropping.
August 6, The Register - (International) Xerox copier flaw changes numbers in photocopied docs. A student researcher discovered a flaw in some Xerox printers can alter numbers when printing from .pdf documents at certain quality settings.