This week’s cybersecurity news roundup features a US ICS-CERT warning about a “spear phishing” campaign aimed at natural-gas pipeline companies; Twitter spammers’ logins exposed; a University of North Carolina data breach; and more.
CERT: Gas-Pipeline Companies are Phishing Targets: The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says an active “spear phishing” campaign is being aimed at natural-gas pipeline companies. ICS-CERT said in a warning issued last week that it has received information about targeted attacks and intrusions into multiple organizations over the past several months. The Christian Science Monitor reports that at least three confidential “amber” alerts–the second most serious alerts next to “red”–have been issued since March 29. The alerts all warned of a “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies.
Twitter Says Spam-Account Logins Exposed: Login details for 55,000 Twitter accounts posted on Pastebin are either inaccurate or refer to already blocked spam accounts, according to Twitter. It is unclear how the information was obtained or who posted it on the document-sharing site. “We’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked – that is, the password and username are not actually associated with each other,” a spokesperson told The Inquirer.
U.S. Cyber Command Uses Classified Intelligence to Scare CEOs: The U.S. Cyber Command has held special briefings with CEOs to “scare the bejeezus out of them,” according to an NPR report. The Enduring Security Framework program was launched in 2008, and it brings chief executives from top technology and defense companies to Washington, D.C., for classified briefings to share information about the latest developments in offensive and defensive cyber war capabilities. The focus is on highlighting the attacks that could be used against executives’ companies.
University of North Carolina Exposes Private Data on 350,000: Some 350,000 University of North Carolina-Charlotte students, staff and faculty have had confidential data, including bank account and Social Security numbers, exposed due to settings that made the electronic data publicly available. The school discovered the breach in February. It then brought in a forensics team to conduct an in-depth investigation and hired an IT security firm to find and fix the issue, along with any other security vulnerabilities. Although some of the data had been exposed for nearly 15 years, officials say they don’t believe any of the information was accessed improperly, and there is no evidence of identity theft.
(On another note, check out the Funniest Security Fail of the Week: Look closely at the sign behind the guy who’s being interviewed by ESPN.)
Twitter Says Spam-Account Logins Exposed: Login details for 55,000 Twitter accounts posted on Pastebin are either inaccurate or refer to already blocked spam accounts, according to Twitter. It is unclear how the information was obtained or who posted it on the document-sharing site. “We’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked – that is, the password and username are not actually associated with each other,” a spokesperson told The Inquirer.
U.S. Cyber Command Uses Classified Intelligence to Scare CEOs: The U.S. Cyber Command has held special briefings with CEOs to “scare the bejeezus out of them,” according to an NPR report. The Enduring Security Framework program was launched in 2008, and it brings chief executives from top technology and defense companies to Washington, D.C., for classified briefings to share information about the latest developments in offensive and defensive cyber war capabilities. The focus is on highlighting the attacks that could be used against executives’ companies.
University of North Carolina Exposes Private Data on 350,000: Some 350,000 University of North Carolina-Charlotte students, staff and faculty have had confidential data, including bank account and Social Security numbers, exposed due to settings that made the electronic data publicly available. The school discovered the breach in February. It then brought in a forensics team to conduct an in-depth investigation and hired an IT security firm to find and fix the issue, along with any other security vulnerabilities. Although some of the data had been exposed for nearly 15 years, officials say they don’t believe any of the information was accessed improperly, and there is no evidence of identity theft.
(On another note, check out the Funniest Security Fail of the Week: Look closely at the sign behind the guy who’s being interviewed by ESPN.)
Constantine von Hoffman writes CIO.com’s IT Security Hack blog. Follow Constantine on Twitter @CurseYouKhan. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Constantine at cvon@areporter.com.
Read Constantine ‘s bio
Read Constantine ‘s bio
Source: http://blogs.cio.com