LexisNexis breach much worse than first reported
Data aggregator LexisNexis announced today it will notify a total of 310,000 consumers that their identities are at risk after concluding thieves stole far more data than originally reported, mainly by using IDs and passwords of legitimate customers. That's 10 times the number originally mentioned in March. The announcement comes after the Dayton, Ohio-based company finished "an extensive review of data search activity at its recently acquired Seisint unit" and discovered at least 59 incidents where imposters accessed individuals' Social Security numbers or driver's license numbers, according to a news release.
In addition to the 30,000 already notified their private data may have been stolen, LexisNexis said it will contact another 280,000 -- eclipsing the number of potential victims in the widely publicized ChoicePoint breach, which impacted 145,000. Like that case, LexisNexis stressed this was fraud and not the result of a network attack. "At no time was the LexisNexis or Seisint technology infrastructure hacked into or penetrated, nor was any customer data residing with that infrastructure accessed or compromised," according to the company's statement.
LexisNexis, a division of Reed Elsevier Group plc, will offer free services such as credit monitoring and fraud counseling to consumers impacted by the thefts. It also says it's strengthened its customers' password and ID administration and will further limit access to Social Security numbers, which will appear only in truncated form in non-public documents to all but law enforcement and "legally authorized organizations, such as banks and insurance companies."
Spam campaign exploits Pope's passing
Beware of e-mails that offer you a free collection of books on Pope John Paul II. Chances are it is part of a sinister spam campaign, according to Lynnfield, Mass.-based antivirus firm Sophos.
The e-mails offer users free copies of the books if they click on a link. Those who do are directed to a Web site that says the offer isn't available in the user's location. The user is then automatically redirected to another Web site offering advice on "free money-making secrets" with no mention of the late Pope.
"Spammers are prepared to plumb the depths in their attempt to get Internet users to buy their goods or services. The Pope's death has been mourned by millions around the world, yet for the spammers it's just another opportunity to sell their unwanted wares," Graham Cluley, Sophos' senior technology consultant, said in a statement. "Everyone should defend their e-mail systems with industrial strength antispam software, and follow best practice advice, to minimize the nuisance of spam."
Visual examples of such scam mail is available on Sophos' Web site.
Flaws in CA's BrightStor software
Computer Associates' BrightStor software has a security hole attackers could exploit to launch malicious code, Reston, Va.-based security firm iDefense said in an advisory.
The advisory, which includes a full list of patches the vendor has made available, said, "Remote exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s BrightStor ARCserve Backup Universal Agent may allow attackers to execute arbitrary code."
BrightStor software uses a network agent to perform backups on nodes across the network. This agent service requires either administrative credentials or a node-specific password and is capable of backing up system settings as well as files, iDefense said. This agent will listen on TCP and UDP ports 6050 by default.
"When an agent request is received on the TCP port with the 'option' field set to 0, 3 or 1,000, and [when there is] a large string preceding this 'option' field in the packet, an overflow will occur," iDefense said.
iDefense added that the agent software includes its own exception handler, preventing the service from actually crashing. "Each time an exception occurs due to this overflow, the handler will kick in and restore the service back to an operating state. This particular overflow will cause three exceptions, two of which are non-exploitable, and one which can be used to hijack execution," the advisory said.
The vulnerability only seems to affect Windows environments, according to Danish security firm Secunia.
McAfee surpasses 1,000 IPS customers
Santa Clara, Calif.-based McAfee Inc., which recently reinvented itself as a leader in intrusion prevention systems, announced Monday it's surpassed its 1,000th IPS customer -- a sign that IPS is a rapidly growing technology in enterprises. The company claims it now has the largest installed base of IPS customers in the industry and that its flagship McAfee IntruShield, now almost two years old, is the most reviewed IPS product. The company, formerly known as Network Associates Inc., changed its name and its focus a couple of years ago from offering a broad range of security products to those targeting specific markets, particularly IPS and antivirus. The company considers its rapid customer adoption as validation of that shift in focus, according to a news release.