2014-03-10

Guest column by Citadel Information Group

Cyber Crime

Personal data on L.A. County medical patients stolen from contractor: As many as 168,500 patients of Los Angeles County medical facilities may have had their data stolen in a break-in at a county contractor’s office last month, county officials said Thursday. The Los Angeles Times, March 6, 2014

Sally Beauty Hit By Credit Card Breach: Nationwide beauty products chain Sally Beauty appears to be the latest victim of a breach targeting their payment systems in stores, according to both sources in the banking industry and new raw data from underground cybercrime shops that traffic in stolen credit and debit cards. KrebsOnSecurity, March 5, 2014

Thieves Jam Up Smucker’s, Card Processor: Jam and jelly maker Smucker’s last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers’ credit card data. Closer examination of the attack suggests that the company was but one of several dozen firms — including at least one credit card processor — hacked last year by the same criminal gang that infiltrated some of the world’s biggest data brokers. KrebsOnSecurity, March 4, 2014

Cybercrime hits financial firms hardest: survey: (Reuters) – Cybercrime is the second most common type of fraud reported by financial firms, more than double the level across other industries, as criminals turn increasingly to technology as their main weapon against banks, a survey showed. Reuters, March 3, 2014

Detroit Reveals Malware Targeted City Employees: Detroit revealed details of a recent computer security breach Monday that affected files containing personal information for a large number of city employees. CBS Detroit, March 3, 2014

Breach Blind Spot Puts Retailers on Defensive: In response to rumors in the financial industry that Sears may be the latest retailer hit by hackers, the company said today it has no indications that it has been breached. Although the Sears investigation is ongoing, experts say there is a good chance the identification of Sears as a victim is a false alarm caused by a common weaknesses in banks’ anti-fraud systems that becomes apparent mainly in the wake of massive breaches like the one at Target late last year. KrebsOnSecurity, February 28, 2014

Cyber Attack

Meetup.com fights off hackers, refuses to pay $300 ransom: TORONTO (Reuters) – Social networking website Meetup.com is fighting a sustained battle against cyber-criminals who are demanding $300 to call off an attack that has kept the site offline for much of the past four days. Chicago Tribune, March 3, 2014

Identity Theft

After Debit Card Fraud, a Chicago Bank Feels Its Customers’ Frustration: People should no longer use debit or credit cards in Chicago taxicabs. Bank of America should shut off the card-swiping terminals in the back of those cabs. And MasterCard ought to learn to share more information with its customers. The New York Times, March 7, 2014

Illinois Bank: Use Cash for Chicago Taxis: First American Bank in Illinois is urging residents and tourists alike to avoid paying for cab rides in Chicago with credit or debit cards, warning that an ongoing data breach seems to be connected with card processing systems used by a large number of taxis in the Windy City. KrebsOnSecurity, March 3, 2014

Financial Fraud

BMO customer’s account emptied of $87K as bank falls for scam: The Bank of Montreal has reimbursed one of its customers following a CBC Go Public story about how the bank wired $87,555 of his inheritance money into the hands of a scammer. CBC, March 3, 2014

Cyber Warning

95% of bank ATMs face end of security support: Banks everywhere are in a race against time to upgrade their ATMs before they become hot targets for hackers. CNN, March 4, 2014

INDIAN HACKERS POSE AS NETFLIX TECH SUPPORT, AIM TO STEAL FILES, IDENTITY: Malwarebytes, an Internet security firm and developer of anti-malware software, told a story about an attempt on the part of some hackers based in India to pose as Netflix tech support in an effort to steal the poster’s data and identity. Malwarebytes detailed the incident via an official blog post. DigitalTrends, March 3, 2014

Hackers hijack 300,000-plus wireless routers, make malicious changes: Researchers said they have uncovered yet another mass compromise of home and small-office wireless routers, this one being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others. ars technica, March 3, 2014

FireEye names malware’s favorite targets, sources: Malware activity has become so pervasive globally that attack servers communicating with Malware are now hosted in 206 countries and territories. PC World, March 2, 2014

Mobile Malware Evolution: Three Infection Attempts Per User In 2013: Nearly 145,000 new malicious programs for mobile devices were detected in 2013. DarkReading, February 28, 2014

New Scam Tricks Caller ID to Show Real Tech Support Phone Numbers: Tech bloggers are warning about a scam that tricks a phone’s caller ID to display a real Verizon Wireless tech support number, duping people into providing personal information to fraudsters. Yahoo News, February 28, 2014

Cyber Security Management

Target CIO resigns following breach: The retailer announces the resignation after data breaches affecting up to 110 million people. CSO, March 5, 2014

Top Tech Internships Pay Big Bucks: How much were you paid when you were an intern? If your college internships were anything like mine, you were paid in experience, not dollars. Enterprise Efficiency, March 3, 2014

Daily Report: Lax Data Security a Problem for Many Start-Ups: While signing up users and raising money are big priorities for young technology companies, data security is often much further down the to-do list, Jenna Wortham and Nicole Perlroth report. The New York Times, March 3, 2014

Cyber Security Management – Cyber Update

CISCO PATCHES AUTHENTICATION FLAW IN WIRELESS ROUTERS: There’s a serious security flaw in some of Cisco’s wireless routers that could allow a remote attacker to take complete control of the router. The bug is in a number of the Cisco small business routers, as well as a wireless VPN firewall. ThreatPost, March 6, 2014

Users Refuse to Chuck XP As Windows 8 Uptake Flattens: For the second month in a row, Windows XP and Windows 8 defied their maker’s wishes, as XP, which Microsoft just wants to go away, gained user share, and Windows 8, the OS Microsoft hopes will fuel sales of new devices, flatlined in February, an analytics firm reported. CIO, March 3, 2014

ISSA-LA

Cybersecurity Expert Richard A. Clarke and LA County District Attorney Jackie Lacey to Speak at ISSA-LA Sixth Annual Information Security Summit on Cybercrime: Former White House cybersecurity czar Richard A. Clarke and Los Angeles County District Attorney Jackie Lacey are among a roster of prominent speakers at the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) Sixth Annual Information Security Summit on May 16, 2014 at Hilton Universal City Hotel in Los Angeles. The theme of the Summit—The Growing Cyber Threat: Protect Your Business—reflects the reality that cybercrime impacts the financial health of all our organizations: businesses, not-for-profits, government agencies, schools and others. PRWeb, March 5, 2014

National Cyber Security

N.S.A. Director Says Snowden Leaks Hamper Efforts Against Cyberattacks: WASHINGTON — Gen. Keith B. Alexander, the director of the National Security Agency, said Tuesday that the leaks by the former agency contractor Edward J. Snowden had slowed the effort to protect the country against cyberattacks on Wall Street and other civilian targets. The New York Times, March 4, 2014

Cyber Law

California Court Rules it is Okay for Drivers to Check Mobile Maps: IDG News Service (Bangalore Bureau) — An appeals court in California ruled that it is legal for a person to hold his phone to look at a map application while driving, though he is prohibited from “listening and talking” on the phone unless it is used in a hands-free mode. CIO, February 28, 2014

Cyber Misc

Nearly 150 Breeds Of Bitcoin-Stealing Malware In The Wild, Researchers Say: With a potentially massive hack of the Mt. Gox exchange still unfolding, it’s no secret that cybercriminals see a gold mine in cryptocurrencies. But a new study by security researchers shows just how quickly the cottage industry in Bitcoin theft is evolving: Nearly 150 types of malware are actively stealing bitcoins, more than a hundred of which were created in just the last year. Forbes, February 26, 2014

Cyber Calander

Business and Personal Guide to Staying Safe in Cyber-Space: Join me, Toni Patillo, along with Dr. Stan Stahl, president of the Information Systems Security Association, Los Angeles Chapter, as he speak about cyber security – arguably the greatest challenges of the Internet age. Lunch N Learn, Event Date: March 12, 2014

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney; Roland Cloutier, CSO of ADP. For more information and to register, visit ISSA-LA.

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.  The post Cyber Security News of the Week, March 9, 2014 appeared first on Citadel Information Group.

Show more