Morning Security Brief: ‘Breaking News’ Phishing Attack, Drone Strike Stats, Parliament Breach Reviewed, and More
Phishing attack disguised as breaking news from CNN. Researchers from Columbia find most drone strike statistics inaccurate. A staffing error leads to a security breach in Australian Parliament. And more.
►Fake e-mails disguised as “CNN Breaking News” are making the rounds as part of a phishing campaign. Clicking malicious links in the e-mail take a user to a CNN news article while downloading a Trojan called Zeus in the background. Zeus logs keystrokes and steals information entered in online forms. The security firm Websense discovered the phishing campaign.
►A study finds that two organizations that monitor the number of civilians killed in drone strikes have been undercounting casualties in Pakistan “by a huge margin,” The Bureau of Investigative Journalism reports. Researchers from Columbia Law School analyzed every drone strike reported in 2011 and compared it to data from The Long War Journal, The New America Foundation , and The Bureau of Investigative Journalism. The study warns the media not to use numbers from The New American Foundation (which underestimated by 2,300 percent) or the Long War Journal. The problem with undercounting is that it runs the risk of distorting public understanding and providing false justification to expand drone strikes to new areas, the study says.
►A man who breached Australia’s Parliament House security was the same man who disrupted a committee hearing 10 days before. After that disruption, the man's photo was distributed and security was given instructions to keep him out, but in August he made his way past security and into a private wing of the building. Officials say human error is to blame. “He walked into the Speaker's office and the office of another MP before finding himself in the office of Treasurer Wayne Swan around 1:40pm. Two minutes later, after briefly attending the prime minister's media conference which was being televised live, the man was picked up by security,” Sky News reports. A review of the breach found that because of a rostering mix-up, no security officer was on post.
►Quantum Direct Key took out a full-page ad in The New York Times challenging hackers to take on its “virtually unbreakable” encryption. ♦ Kaspersky Lab discovers a variant of Flame it’s calling miniFlame . “If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool,” says a Kaspersky Lab researcher. ♦ National Defense produces a list of what it says are the top 10 national security threats of the next decade. Nuclear and biological weapons and cyberattacks top the list.