Skip to content ↓ | Skip to navigation ↓

Our security roundup series covers this week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about.

Here’s what you don’t want to miss from the week of November 9, 2015:

  • More than 70 million records of phone calls made by United States inmates were leaked to reporters of The Intercept by an anonymous hacker. The publication reported that the data points to a major security breach at Securus Technologies, a provider of phone services inside the nation’s jails and prisons. Not only did the database include links downloadable recordings of the calls but also at least 14,000 conversations between inmates and attorneys, a violation of prisoners’ rights to confidential attorney-client communications.

“This may be the most massive breach of the attorney-client privilege in modern U.S. history, and that’s certainly something to be concerned about,” said David Fathi, director of the ACLU’s National Prison Project. “A lot of prisoner rights are limited because of their conviction and incarceration, but their protection by the attorney-client privilege is not.”

  • A breach of Comcast customer credentials prompted the cable provider to reset more than 200,000 accounts after a database of users’ email addresses and corresponding passwords were found for sale on the Dark Web. The list contained details of approximately 590,000 accounts for a total price of $1,000. However, only around 200,000 of those combinations were reportedly still current. Although it’s unclear how the breach occurred, Comcast claims its systems were not compromised.
  • Researchers have discovered two new strains of point-of-sale (PoS) malware, including one that’s gone largely undetected for nearly five years, reported Threatpost. Dubbed ‘Cherry Picker,’ the malware has been targeting businesses selling food and beverage since 2011, stealthily using a combination of configuration files, encryption, obfuscation and command line arguments. The other type of PoS malware – known as ‘Abbadon’ – is the “latest in a long line of sophisticated PoS malware samples that have popped up,” said Kevin Epstein, VP of Threat Operations at Proofpoint.

“AbbadonPOS appears to have features for anti-analysis, code obfuscation, persistence, location of credit card data, and a custom protocol for exfiltrating data. Much like malware as a general category, the sophistication of this new malware over prior malware continues to increase,” said Epstein.

 

Image courtesy of Shutterstock.com