Zero Day Weekly: Anthem hack controversy, iOS espionage app, Obama's cyber unit

A collection of notable security news items for the week ending February 6, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more. UPDATED.
Written by Violet Blue, Contributor


Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending February 6, 2015. Covers enterprise, controversies, reports and more.

This week the Anthem breach saw millions exposed from an unencrypted database, Obama created a new White House cyber unit, HipChat got popped, we learned more about the iOS espionage app Pawn Storm. About.com ignored its massive XSS problem, and much more.

  • Healthcare insurance provider Anthem admitted this week that hackers accessed a database containing "tens of millions" of records, including customers and employees. The unencrypted data included names, birthdates, physical/email addresses, medical IDs and SS#'s. Apparently, encrypting your data would have been inconvenient. UPDATE/CORRECTION: Mandiant/FireEye has been engaged by Anthem, and we incorrectly reported here this morning that the firm had accused China: This was based on reports from several news outlets, which we have now been told by FireEye was media speculation. We also included a tweet representing a number of tweets criticizing FireEye/Mandiant for naming China as the Anthem hack culprit, when, in fact, it had not. ZDNet and I apologize for any part we had in perpetuating this inaccuracy. Even more relevant to this report in light of this correction is that some researchers say this current attribution blame game trend isn't necessarily helpful or accurate.
  • Stolen names, address, birth dates and social security numbers used to buy $700,000 of Apple gift cards: On Thursday, the Manhattan District Attorney's office said it has indicted five people for using personal information stolen from around 200 people to fund the purchase of hundreds of thousands of dollars in Apple gift cards, which in turn were used to buy Apple products.
  • This week over 110,000 Facebook users have been tricked into downloading a porn-based Trojan attack. The malware lures users of the social network by offering up a link to a porn video via a friend's account, which has already been infected, according to security researcher Mohammad Faghani. By clicking the link, users get a video preview, but it stops midway through, prompting them to download a Flash player to continue watching.
Editorial standards