Guest column by Citadel Information Group
Cyber Crime
Fire Sale on Cards Stolen in Target Breach: Last year’s breach at Target Corp. flooded underground markets with millions of stolen credit and debit cards. In the days surrounding the breach disclosure, the cards carried unusually high price tags — in large part because few banks had gotten around to canceling any of them yet. Today, two months after the breach, the number of unsold stolen cards that haven’t been cancelled by issuing banks is rapidly shrinking, forcing the miscreants behind this historic heist to unload huge volumes of cards onto underground markets and at cut-rate prices. KrebsOnSecurity, February 19, 2014
Database Attack Exposes Personal Data At University of Maryland: IDG News Service — Personal records for more than 309,000 students and staff were exposed this week in a “sophisticated” database attack at the University of Maryland, the university said Wednesday. CIO, February 19, 2014
Kickstarter hacked, user data stolen:The crowd-funding site says hackers broke into its systems and made off with data. Apparently credit card numbers escaped the attack. Cnet, February 15, 2014
Cyber Privacy
Facebook Deal on Privacy Is Under Attack: SAN FRANCISCO — Despite a class-action settlement in August that was supposed to ensure that Facebook users clearly consent to their comments, images and “likes” being used in ads, it has been business as usual on the service. The New York Times, February 13, 2014
Cyber Warning
70 PERCENT OF ANDROID DEVICES EXPOSED FOR 93 WEEKS TO SIMPLE ATTACK: Android devices prior to version 4.2.1 of the operating system—70 percent of the phones and tablets in circulation—have been vulnerable to a serious and simple remote code execution vulnerability in the Android browser for more than 93 weeks. ThreatPost, February 18, 2014
TWO-FACTOR AUTHENTICATION VULNERABILITY IDENTIFIED IN WORDPRESS PLUGINS: Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin (duo_wordpress plugin) that could allow a user to bypass two-factor authentication (2FA) on a multisite network. ThreatPost, February 19, 2014
Security message from FORBES: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Forbes, February 2014
The New Normal: 200-400 Gbps DDoS Attacks: Over the past four years, KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet — a nearly 200 Gbps assault leveraging a simple attack method that industry experts say is becoming alarmingly common. KrebsOnSecurity, February 14, 2014
Cyber Security Management
How CFOs Can Face The Threat Of Cyber Crime: Cyber threats are a serious problem for businesses, and boards, investors and finance executives are sitting up and taking notice. Forbes, February 6, 2014
Cyber Security Management – Cyber Update
Adobe, Microsoft Push Fixes For 0-Day Threats: For the second time this month, Adobe has issued an emergency software update to fix a critical security flaw in its Flash Player software that attackers are already exploiting. Separately, Microsoft released a stopgap fix to address a critical bug in Internet Explorer versions 9 and 10 that is actively being exploited in the wild. KrebsOnSecurity, February 20, 2014
Cyber Security Management – Cyber Defense
Time to Harden Your Hardware?: Most Internet users are familiar with the concept of updating software that resides on their computers. But this past week has seen alerts about an unusual number of vulnerabilities and attacks against some important and ubiquitous hardware devices, from consumer-grade Internet routers, data storage and home automation products to enterprise-class security solutions. KrebsOnSecurity, February 18, 2014
Cyber Security Management – HIPAA
HEALTH CARE SYSTEMS POORLY PROTECTED, MANY ALREADY COMPROMISED: A new report from the SANS Institute warns that the push to digitize all health care records along with the emergence of HealthCare.gov and the general proliferation of electronic protected health information (ePHI) online will only exacerbate the security problems faced by those that store sensitive health care data. In other words, the report says, health care critical information assets are poorly protected and already compromised in many cases. ThreatPost, February 18, 2014
Securing the Village
Closing the cyber security threat intelligence gap: It’s no secret that one of the effects of the Edward Snowden revelations has been a slowdown in the effort to pass new cyber security legislation that facilitates information sharing between the government and the private sector. However, the need for cyber threat intelligence sharing is still vital, and with Congress sidelined, it’s going to take leadership from the nation’s corporate executives to make progress on this issue within the framework of our current laws. SC Magazine, February 18, 2014
National Cyber Security
Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses: WASHINGTON — The director of national intelligence acknowledged Tuesday that nearly a year after the contractor Edward J. Snowden “scraped” highly classified documents from the National Security Agency’s networks, the technology was not yet fully in place to prevent another insider from stealing top-secret data on a similarly large scale. The New York Times, February 11, 2014
Cyber Law
The Year Ahead in Privacy and Data Security: 2014 promises to be another eventful year in the privacy and data security fields. Although predictions are necessarily risky, there is little sign that the revelations regarding government surveillance will cease, that cyber criminals and insiders will stop hacking into personal and proprietary data and that the FTC and other regulatory authorities will stop focusing on companies’ privacy and security policies and practices. [Author Tim Toohey is a member of ISSA-LA Community Outreach Advisory Board.] Morris, Pollich & Purdy, January 27, 2014
Cyber Misc
Reporting From the Web’s Underbelly: SAN FRANCISCO — In the last year, Eastern European cybercriminals have stolen Brian Krebs’ identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner. The New York Times, February 17, 2014
Cyber-Calendar
ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney; Roland Cloutier, CSO of ADP. For more information and to register, visit ISSA-LA.
Copyright © 2014 Citadel Information Group. All rights reserved.
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 23, 2014 appeared first on Citadel Information Group.