Morning Security Brief: UMD Data Breach Update, GAO Report on Critical Infrastructure, and Job Sites Hacked

By Lilly Chapa

► In the month since hackers stole personal data of 310,000 students, faculty, and staff involved with The University of Maryland, the school has moved most of its Web sites to the cloud, expunged 80 percent of its databases, and hired experts to improve its protections, UMD president Dr. Wallace Loh told Congress yesterday. However, since the attacker used the anonymous browser Tor, nobody may ever be caught for the data breach, according to WUSA. Loh told the Committee on Commerce, Science, and Transportation that the hacker uploaded a Trojan horse to a university Web site meant for uploading photos. The malware found the passwords for some IT managers, which gave the hacker full access to troves of personal information dating 20 years back. UMD has offered five years of free credit monitoring to victims, Loh said.

►The Government Accountability Office has released a report on the Department of Homeland Security’s efforts to implement a partnership approach with industry players in order to better protect critical infrastructure. One issue that has come up repeatedly is the information sharing barrier, according to GAO. “Industry partners reported concerns that sharing sensitive, proprietary information with the federal government could compromise their competitive advantage if shared more widely,” the report stated. GAO also recommended that DHS gather systematic feedback on its outreach to the critical infrastructure industry and develop timeframes for sharing results of security assessments.
►Job seekers and recruiters beware: a new variant of a popular Trojan is stealing login credentials for and accounts. Variants of the malicious program Gameover have been around since 2011 and are traditionally used to steal online banking credentials, according to Computerworld. However, the technique is being used more often to target other types of accounts. Anyone active on the two job sites should be wary of irregularities on login pages. A computer infected with Gameover will display a new ‘Sign In’ button on the Web page. Once clicked, the malware asks users to answer three security questions out of 18, which exposes additional personal information. 


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.