Guest column by Citadel Information Group
Cyber Crime
Target Had Chance to Stop Breach, Senators Say: WASHINGTON — Two Democratic senators on Wednesday criticized Target’s management for not stopping a huge data breach of its systems, citing several missed opportunities to thwart the attack and protect customer data. The New York Times, March 26, 2014
ZIP Codes Show Extent of Sally Beauty Breach: Earlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. The analysis published in this post suggests that the Sally Beauty breach may have impacted virtually all 2,600+ Sally Beauty locations nationwide. KrebsOnSecurity, March 25, 2014
Cyber Attack
Basecamp falls to blackmail-fueled denial of service attack: Users of the popular web-based project management app Basecamp may have a hard time loggoing on the service Monday morning. The company behind the app, also named Basecamp (formerly 37Signals), says it is under a distributed denial of service (DDoS) attack from extortionists hoping to make a quick buck. PCWorld, March 24, 2014
HOOTSUITE BACK ONLINE FOLLOWING DENIAL OF SERVICE ATTACK: Social media management system Hootsuite recovered rapidly from a denial of service (DoS) attack late last week, bouncing back after being offline for a few hours Thursday morning. ThreatPost, March 24, 2014
Cyber Privacy
Microsoft to Stop Inspecting Private Emails in Investigations: SEATTLE — Microsoft will no longer snoop on customers’ private communications during investigations of stolen property, the company’s general counsel said on Friday. The New York Times, March 28, 2014
Obama to Call for End to N.S.A.’s Bulk Data Collection: WASHINGTON — The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency’s once-secret bulk phone records program in a way that — if approved by Congress — would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials. The New York Times, March 24, 2014
Cyber Warning
Forget Stealing Credit Cards, Now Hackers Just Straight-Up Blackmail You: While hackers tried to get rich by stealing millions of credit cards from Target, other cybercriminals have quietly tried another method to make a quick buck: Asking companies to pay them to go away. Huffington Post, March 29, 2014
Watch out, journalists: Hackers are after you: Google security experts say that many of the world’s largest news organizations are being targeted by hackers that are likely state-sponsored. CNet, March 28, 2014
IRS Warns of Email Scam Impersonating Taxpayer Advocate Service: The Internal Revenue Service is warning consumers to beware of a new email phishing scam in which fraudulent emails purport to come from the IRS Taxpayer Advocate Service, complete with a bogus case number. AccountingToday, March 28, 2014
Law Firms Are Pressed on Security for Data: A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount. The New York Times, March 26, 2014
Microsoft: 0Day Exploit Targeting Word, Outlook: Microsoft warned today that attackers are exploiting a previously unknown security hole in Microsoft Word that can be used to foist malicious code if users open a specially crafted text file, or merely preview the message in Microsoft Outlook. KrebsOnSecurity, March 24, 2014
TARGETED ATTACKS EXPLOIT MICROSOFT WORD ZERO DAY: Targeted attacks have been spotted against a zero-day vulnerability in Microsoft Word 2010, leading Microsoft to issue a special security advisory and produce a Fix-it solution for users until a patch is ready. ThreatPost, March 24, 2014
Cyber Security Management – Cyber Update
CISCO PATCHES DENIAL-OF-SERVICE VULNERABILITIES IN IOS: Cisco this week patched a handful of denial-of-service vulnerabilities in its IOS software. The security updates are part of a biannual release from Cisco; the next one is due in September. ThreatPost, March 28, 2014
Cyber Security Management – Cyber Defense
The new security perimeter: Human Sensors: Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference. CSO, March 13, 2014
Cyber Underworld
Who Built the ID Theft Service SSNDOB.ru?: Previous stories on this blog have highlighted the damage wrought by an identity theft service marketed in the underground called ssndobru, which sold Social Security numbers, credit reports, drivers licenses and other sensitive information on more than four million Americans. Today’s post looks at a real-life identity behind the man likely responsible for building this service. KrebsOnSecurity, March 27, 2014
National Cyber Security
Cybercrime could be ‘next black swan event’: ASIC chief: Australian Securities and Investment Commission chairperson Greg Medcraft has used the ASIC Annual Forum to issue a warning about the potential for poor information security to destabilise financial markets. ComputerWorld, March 24, 2014
Cyber Lawsuit
FTC SETTLES WITH FANDANGO, CREDIT KARMA OVER SSL ISSUES IN MOBILE APPS: The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being sent over secure SSL connections, but the apps had disabled the validation process. ThreatPost, March 28, 2014
Cyber Misc
How does the FBI Know Your Network has been Breached before You Do?: Many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation. [Dr. Stahl is quoted.] ComputerWorld, March 27, 2014
Markets for Cybercrime Tools and Stolen Data: Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Rand Corporation, 2014
Cyber Calendar
ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman, Founder & iCEO, WhiteHat Security; Marcus Ranum, CSO, Tenable; Marc Maiffret, CTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira Winkler, ISSA International President; Andrea Hoy, ISSA International Vice-President. For more information and to register, visit ISSA-LA.
Copyright © 2014 Citadel Information Group. All rights reserved.
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, March 30, 2014 appeared first on Citadel Information Group.