Guest column by Citadel Information Group
Cyber Crime
Heartbleed Internet Security Flaw Used in Attack: Within 24 hours of the Heartbleed bug’s disclosure last week, an attacker used it to break into a major corporation, security experts said Friday. The New York Times, April 18, 2014
Hardware Giant LaCie Acknowledges Year-Long Credit Card Breach: Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past year. The disclosure comes almost a month after the breach was first disclosed by KrebsOnSecurity. KrebsOnSecurity, April 15, 2014
Cyber Privacy
Google Revises Terms of Its Scans of Gmail: Google updated its terms of service on Monday, informing users that their incoming and outgoing emails are automatically analyzed by software to create targeted ads. The New York Times, April 14, 2014
Identity Theft
1 in 5 Web users report personal info theft, study says: Nearly 1 in 5 Internet users say they’ve had their personal information stolen as a result of online activities, according to a Pew Research Center study. Detroit Free Press, April 15, 2014
Cyber Warning
Heartbleed Hackers Steal Encryption Keys in Threat Test: The crown jewel of secure websites is a single string of data – a very long jumble of letters and numbers and symbols that looks like gibberish. The Heartbleed bug allows hackers to crack it. Bloomberg, April 15, 2014
Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers: The heavily marketed fingerprint sensor in Samsung’s new Galaxy 5 smartphone has been defeated by whitehat hackers who were able to gain unfettered access to a PayPal account linked to the handset. ars technica, April 15, 2014
Cyber Security Management
SEC to Launch Cybersecurity Exams of Investment Firms, Offers Sample Document Requests: On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations quietly disclosed its examination module pertaining to cybersecurity. The disclosure came in the form of a Risk Alert providing “additional information concerning [OCIE's] initiative to assess cybersecurity preparedness in the securities industry.” Compliance Week, April 18, 2014
The Board’s Role in Cybersecurity: The costs of cyber attack can be significant. To protect finances, liability, reputation, and future growth, corporate boards must ensure that their companies have appropriate processes in place to manage cyber risk in the context of their business. Richard Clarke and Jacob Olcott, The Conference Board. Good Harbor, March 2014
Cyber Security Management – Cyber Defense
Three Rules for Password Sanity: Let’s start with the obvious. We all hate passwords. Users hate passwords because they are hard to remember and they slow you down, getting in the way of the computing experience. IT staff hate passwords because they’re just one more critical thing that needs to be managed, taking valuable time away from keeping computer systems running and users happy. [We originally published this in April 2013. We are reprinting it to guide users as they change passwords in light of Heartbleed.] Citadel Information Group, April 11, 2013
Cyber Security Management – Cyber Update
Critical Java Update Plugs 37 Security Holes: Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all). KrebsOnSecurity, April 16, 2014
Securing the Village
Public-private shield needed against hackers, Tom Ridge says: April 16–The threat cyberwarfare poses to the American economy demands a far more coordinated response from government and the private sector, former Homeland Security Secretary Tom Ridge said Tuesday. SecurityInfoWatch, April 16, 2014
National Cyber Security
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say: WASHINGTON — Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday. The New York Times, April 12, 2014
US government denies being aware of Heartbleed internet bug: The White House and US intelligence agencies said on Friday that neither the National Security Agency nor any other part of the government were aware before this month of the “Heartbleed” bug, denying a report that the spy agency exploited the glitch in widely used web encryption technology to gather intelligence. The Guardian, April 12, 2014
Cyber Misc
OpenSSL and Linux: A Tale of Two Open-Source Projects: The Heartbleed bug has cast a bright and not entirely flattering light on the open-source movement’s incentive model. The New York Times, April 18, 2014
Heartbleed Highlights a Contradiction in the Web: SAN FRANCISCO — The Heartbleed bug that made news last week drew attention to one of the least understood elements of the Internet: Much of the invisible backbone of websites from Google to Amazon to the Federal Bureau of Investigation was built by volunteer programmers in what is known as the open-source community. The New York Times, April 18, 2014
GAO Scolds SEC for Ongoing Cyber-Security Deficiencies: The message is increasingly common: “Information security is a critical consideration.” But this time the cyber-security warning wasn’t handed down by a regulator – it was the Securities and Exchange Commission being scolded for its own security gaps and lapses. Compliance Week, April 17, 2014
Cyber Sunshine
U.S. Agent Lures Romanian Hackers in Subway Data Heist: U.S. Secret Service Agent Matt O’Neill was growing nervous. For three months, he’d been surreptitiously monitoring hackers’ communications and watching as they siphoned thousands of credit card numbers from scores of U.S. retailers. Bloomberg, April 17, 2014
Cyber Calendar
ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman, Founder & iCEO, WhiteHat Security; Marcus Ranum, CSO, Tenable; Marc Maiffret, CTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira Winkler, ISSA International President; Andrea Hoy, ISSA International Vice-President. For more information and to register, visit ISSA-LA.
Copyright © 2014 Citadel Information Group. All rights reserved.
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, April 20, 2014 appeared first on Citadel Information Group.