Gartner just named Q1 Labs to the Leaders Quadrant of their SIEM Magic Quadrant. This Gartner report examines the major vendors of security infrastructure products and services, along with their key offerings, differentiators, and strategies. Find out how their research assesses various SIEM products by looking at five critical capabilities including: * Log Management; * Compliance Reporting; * Security Event Management; * User and Resource Access Monitoring; * Deployment/Support Simplicity.
Virginia Notifying Those Affected by Prescription Database Breach (June 4, 2009)
The state of Virginia is notifying 530,000 people by mail that their Social Security numbers (SSNs) may have been compromised in a computer security breach. In late April of this year, an intruder gained access to the state's Prescription Monitoring Program system. The database was created to detect and thwart drug abuse in Virginia. The breach also affected approximately 1,400 registered database users, largely pharmacists and physicians. The records include patients' names, addresses, dates of birth, names of prescribed drugs, and physician and pharmacist information. Some records also contained nine-digit patient identification numbers, which could be SSNs. -http://hamptonroads.com/2009/06/officials-hacker-may-have-stolen-social-security -numbers
Aviva Acknowledges Data Security Breach (June 3, 2009)
Insurance company Aviva, formerly known as Norwich Union, has notified the New Hampshire Attorney General of a breach that exposed sensitive customer information. Aviva blames a virus infection for the data exposure, which affects approximately 550 records. Compromised data include names, addresses and SSNs. The hardware infected by the malware has been disconnected, and affected customers are being notified by mail. -http://www.theregister.co.uk/2009/06/03/aviva_data_breach/
ATTACKS & ACTIVE EXPLOITS
Trojans Found Embedded in ATMs (June 3 & 4, 2009)
Researchers have found a group of Trojan horse programs that have been embedded in automatic teller machines (ATMs) in Eastern Europe. The programs collect magnetic stripe data and PINs for cards used at the machines; the malware has been updated at least 16 times in the last 18 months. The malware also lets those behind the scam manipulate the ATMs with controller cards and use the machines to print out the stolen information, restore a machines' log files to their pre-malware state, or uninstall the malware. The controller card can also be used to make the machine dispense all the cash it holds. The software requires manual installation, suggesting the likelihood of insider help. ISC: -http://isc.sans.org/diary.html?storyid=6508 -http://www.theregister.co.uk/2009/06/03/atm_trojans/ -http://news.cnet.com/8301-1009_3-10257277-83.html?part=rss&subj=news&tag =2547-1009_3-0-20 [Editor's Note (Pescatore): In the ATM world, there is a need for the local bank to be able to customize what gets displayed on the ATM screen. That means local access will happen - but access and change controls need to be applied. Many ATM manufacturers have added third party products to lock down the kernel and only allow changes to display content and the like. It really is not that hard to do but sounds like it wasn't done here. ]
Sears Settles FTC Complaint Regarding Customer Internet Data Collection (June 4, 2009)
Sears has settled charges brought by the US Federal Trade Commission (FTC) regarding the company's failure to accurately describe the amount of information gathered by tracking software. Sears offered the customers US $10 to participate in "My SHC Community;" those who agreed were asked to download software that they were told would gather information about their "online browsing." The FTC charges allege that the software also monitored secure sessions, such as online banking, e-shopping cart contents, drug prescription information and information about web-based email the users sent. Under the terms of the settlement, Sears would cease collecting data with the software and would destroy all the data it has already collected. The settlement also calls for Sears to "clearly and prominently disclose the types of data (their software) will monitor, record, or transmit." -http://www.ftc.gov/opa/2009/06/sears.shtm -http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9133965
Chinese Censors Blocking Tiananmen Anniversary Coverage (June 2, 2009)
Censors in China are apparently blocking access to Twitter, Flickr, Hotmail and Microsoft's live.com in an effort to prevent citizens from seeing user-posted media coverage of the approaching 20th anniversary of the Tiananmen Square military crackdown. Several weeks ago, Chinese authorities blocked access to all videos on YouTube and there are reports that stories on BBC World news that mention the event have been blacked out. Some sites hosting China-based bloggers have been blocked as well. -http://www.nytimes.com/2009/06/03/world/asia/03china.html?_r=1 -http://www.wired.com/threatlevel/2009/06/cfp-china/
********************************************************************** The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/