Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

What’s HOT in Application Security Vol#32

The Sony hacker facing up to 5 years in prison

Raynaldo Rivera who was arrested in August after hacking the Sony Pictures Website has pleaded guilty to the allegations against him and faces a hefty prison sentence of up to five years. The guilty plea was a compromise with the United States Attorney’s Office for the Central District of California. As part of the agreement, Rivera will plead guilty to only one charge against him.

Under his guilty plea, Rivera admitted to joining the hacking group LulzSec in May 2011 and took part in the damaging SQL injection attack on Sony Pictures. The attack is estimated to have cost Sony Pictures over $600,000 in damages and caused the loss of personal information of thousands of individuals.

Rivera faces a possible five year prison sentence as well as a fine of at least $250,000. This as well as some other high profile cases is seen as a new drive by law enforcement officials to prosecute hackers.

For more information please go to:

http://www.techweekeurope.co.uk/news/lulzsec-sony-pictures-guilty-96176

Hackers have managed to gain access to confidential information of almost half a million students, employees in a massive breach at a Florida based College

Initially, the breach was considered to be an isolated event, only affecting the employees at Northwest Florida state college, but after closer examination it is seen to be a breach which affects student records throughout Florida. The hacker succeeded in illegally obtaining through hacking almost a quarter of a million records during the course of this breach. The types of data which were acquired were; names, birth dates, social security numbers- pretty sensitive data which could be used maliciously in a variety of ways ( identity theft is the most common ).

“We speculate this was a professional, coordinated attack by one or more hackers,” Northwest Florida State College President Ty Handy said to employees Monday. “We believe that the hackers are having to do specific work to pull together enough information about an individual employee to steal their identity.”

“We want to be sure that we fully understand the situation and provide accurate information to those impacted,” Florida College System Chancellor Randy Hanna said in a statement. “While some of the contact information is dated, we will be trying to reach every student whose records may have been captured.”

For more information please go to:
http://news.cnet.com/8301-1009_3-57530164-83/thousands-of-student-records-stolen-in-florida-college-breach/

Iran responsible for a wave of Cyber Attacks?

The US intelligence officials are increasingly convinced that it was Iran that was the perpetrator of the recent wave of attacks on Saudi oil companies. These attacks were aggressive in nature and succeeded in severely disrupting the daily operations of computers across the United States.

American officials stated that the original suspicions stemmed from the “cybercorps” that the Iranian military created in 2011, which is said to be in response to the joint American/Israeli cyberattacks on the highly controversial Iranian nuclear plant in Nantz ( although there is no concrete evidence to support this, it is wildly speculated and accepted as fact).

Whilst the Israeli and American joint attacks on Iran have proven to be quite effective, the reciprocal attacks from Iran have not had quite the same effect- inflicting modest damage which merely inconvenienced ‘victims’ instead of hurting them.

The most recent attack which made headlines is the one which hit Saudi Aramco, the World’s largest oil company. Saudi Arabia has a long standing feud with Iran and the Saudis even argued ( privately ) for tougher sanctions against the increasingly isolated state.

The virus in question is named “Shamoon” and spread across a variety of computers linked over the network and succeeded in erasing some thirty thousand files. This attack was extremely aggressive in nature, and made a huge political point to the Saudi’s. Mr Panetta, called it “probably the most destructive attack that the private sector has seen to date.”

For more information please go to:

http://edition.cnn.com/2012/10/15/world/iran-cyber/

   

Jump to Category