Guest column by Citadel Information Group
CyberCrime
Thieves Planted Malware to Hack ATMs: A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come. KrebsOnSecuritry, May 30, 2014
Cyber Attack
Complexity as the Enemy of Security: Late last month, hackers allied with the Syrian Electronic Army (SEA) compromised the Web site for the RSA Conference, the world’s largest computer security gathering. The attack, while unremarkable in many ways, illustrates the continued success of phishing attacks that spoof top executives within targeted organizations. It’s also a textbook example of how third-party content providers can be leveraged to break into high-profile Web sites. KrebsOnSecurity, May 27, 2014
Cyber Privacy
AS SNOWDEN ANNIVERSARY NEARS, EFF URGES USERS TO RAMP UP PRIVACY AND SECURITY: Time flies when you’re having fun. But it apparently also flies when there’s a new story every other day about NSA surveillance. It’s been nearly one year since the first story sourced from the documents Edward Snowden stole from the agency appeared, and with that in mind, the EFF is encouraging people to commemorate the day by installing privacy and security tools to protect their communications. ThreatPost, May 30, 2014
Some Privacy, Please? Facebook, Under Pressure, Gets the Message: SAN FRANCISCO — Do you know who can see what you are posting on Facebook, including your photos, birthday and personal cellphone number? The New York Times, May 23, 2014
Cyber Threat
Researchers: Recent Zero-Day Attacks Linked Via Common Exploit Package: Elderwood Platform, a two-year-old package of exploits, has been used to create multiple zero-day threats, Symantec researchers said. DarkReading, May 19, 2014
Cyber Warning
Backdoor in Call Monitoring, Surveillance Gear: If your company’s core business is making software designed to help first responders and police record and intercept phone calls, it’s probably a good idea to ensure the product isn’t so full of security holes that it allows trivial access by unauthorized users. Unfortunately, even companies working in this sensitive space fall victim to the classic blunder that eventually turns most software into Swiss Cheese: Trying to bolt on security only after the product has shipped. KrebsOnSecurity, May 28, 2014
Hackers use ‘Find My iPhone’ to lockout, ransom Mac and iOS device owners in Australia: Owners of Macs and iOS devices in Australia woke up on Tuesday to find their machines locked by Find My iPhone, with the nefarious hackers responsible demanding payment via PayPal before they return control. AppInsider, May 26, 2014
Cyber Security Management
Keeping Up with Cybersecurity Framework: The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government’s cybersecurity framework goals. BankInfoSecuriy, May 30, 2014
Why are Chief Information Security Officers Critical?: In some corporations, the role of the Chief Information Security Officer (CISO) is becoming as important or even more important than the functions of the once-revered Chief Information Officer (CIO). PaymentWeek, May 29, 2014
Cyber Security Management – Cyber Awareness
How to Avoid Cyberspies on Facebook, LinkedIn: The first line of defense against a social media-related attack recently perpetrated by a suspected Iranian hacker group is to teach employees how to spot cyberspies, experts say. CIO, May 30, 2014
Cyber Security Management – Cyber Defense
A beginner’s guide to BitLocker, Windows’ built-in encryption tool: The creators of TrueCrypt shocked the computer security world this week when they seemingly ended development of the popular open source encryption tool. Even more surprising, the creators said TrueCrypt could be insecure and that Windows users should migrate to Microsoft’s BitLocker. Conspiracy theories immediately began to swirl around the surprise announcement. PCWorld, May 30, 2014
The Mystery Of The TrueCrypt Encryption Software Shutdown: Developers of the open-source software call it quits, saying software “may contain unfixed security issues.” DarkReading, May 30, 2014
True Goodbye: ‘Using TrueCrypt Is Not Secure’: The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP. KrebsOnSecurity, May 29, 2014
Cyber Security Management – Cyber Update
APACHE PATCHES DOS, INFORMATION DISCLOSURE BUGS IN TOMCAT: Apache recently patched Tomcat, fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container. ThreatPost, May 30, 2014
Securing the Village
Richard Clarke calls for Information Security Manifesto during Keynote Address at ISSA-LA Summit VI: Clarke is Chairman & CEO, Good Harbor and former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States. May 16, 2014.
RETAILERS FORM ISAC TO SHARE THREAT DATA: From the beginning of the cybercrime epidemic, retailers have been among the most frequent targets, and the last year has seen some of the larger compromises in history. The Target data breach is at the top of that list, involving more than 100 million customers, and after years of increasingly serious compromises the retail industry is finally getting together to share information about attacks, threats and vulnerabilities. ThreatPost, May 19, 2014
Financial Cyber Security
Banks Challenged By Cybersecurity Threats, State Regulators Acting: A new report concludes that while financial institutions have taken significant steps to bolster cyber security efforts, they will continue to be challenged by the speed of technological change and the increasingly sophisticated nature of threats. Forbes, May 26, 2014
National Cyber Security
Report: Hackers in Iran use social media to target senior U.S., Israeli officials: Hackers based in Iran used social networks to spy on high-ranking U.S. and Israeli officials, a new report by a cybersecurity firm claims. CNN, May 30, 2014
Daily Report: U.S. Indictments Shed Some Light on China’s Hacker Army: One man accused of being a hacker for the Chinese military, Wang Dong, better known as UglyGorilla, wrote in a social media profile that he did not “have much ambition” but wanted “to wander the world with a sword, an idiot,” Edward Wong reports. The New York Times, May 23, 2014
Critical Infrastructure
Large Electric Utilities Earn High Security Scores: Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries. DarkReading, May 29, 2014
Cyber Law
House Panel Investigating FTC Data Breach Enforcement: IDG News Service (Washington, D.C., Bureau) — A U.S. House of Representatives committee has reportedly launched an investigation into the Federal Trade Commission’s use of information from a peer-to-peer security vendor to bring a data breach complaint against a medical testing laboratory. CIO, May 30, 2014
Cyber Sunshine
Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say: A prominent hacker set to be sentenced in federal court this week for breaking into numerous computer systems worldwide has provided a trove of information to the authorities, allowing them to disrupt at least 300 cyberattacks on targets that included the United States military, Congress, the federal courts, NASA and private companies, according to a newly filed government court document. The New York Times, May 24, 2014
Cyber Misc
Investors Couldn’t Care Less About Data Breaches: On May 21, EBay (EBAY) revealed that it had suffered a cyber attack and data security breach, and users’ information—names, account passwords, e-mail addresses, physical addresses, phone numbers, and birth dates—was exposed to hackers. While security experts, the news media, and actual EBay users may have all been alarmed, the stock investors weren’t. EBay’s stock finished trading virtually unchanged that day, dropping all of 8 pennies to $51.88. Bloomberg, May 23, 2014
Copyright © 2014 Citadel Information Group. All rights reserved.
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, June 1, 2014 appeared first on Citadel Information Group.