Guest column by Citadel Information Group
Cyber Crime
Tax Fraud Gang Targeted Healthcare Firms: Earlier this month, I wrote about an organized cybercrime gang that has been hacking into HR departments at organizations across the country and filing fraudulent tax refund requests with the IRS on employees of those victim firms. Today, we’ll look a bit closer at the activities of this crime gang, which appears to have targeted a large number of healthcare and senior living organizations that were all using the same third-party payroll and HR services provider. KrebsOnSecurity, April 30, 2014
Identity Theft
California Bills Would Address Consumer Financial Information Security: Two bills dealing with credit card security will be taken up over the next week in California legislative committees. Recent data security breaches at Target and other big retailers prompted the legislation. Capital Public Radio, May 2, 2014
Do Identity Theft Protection Services Work?: With more and more major retailers being hit by hackers and major security flaws on the Internet like Heartbleed, identity theft is becoming more and more of a threat. Huffington Post, May 1, 2014
Susan Tompor: Time to get a ‘little paranoid’ after credit, debit card breaches: Mike Rosinski, 51, doesn’t really know how a string of fraudulent charges ranging from as little as $3.19 for some odd outfit in Missouri to $434.10 at a Fry’s Electronics in another state ended up hitting his Visa credit card in mid-April. Detroit Free Press, May 1, 2014
AOL asking users to change passwords after discovering breach: AOL is asking potentially millions of its email users to change their passwords and security questions after discovering a cyber attack that potentially comprised the accounts of a small portion of its user base. ZDNet, April 28, 2014
Cyber Threat
Europol Cybercrime Chief Believes Cyber Threat Will ‘Change the World’: According to the man tasked with tackling online crime across the European Union, the continent’s reliance on the internet to do business makes it the perfect target for cybercriminals, who don’t even have to leave their armchairs to commit crimes. IBTimes, April 29, 2014
Cyber Warning
Homeland Security: Don’t use IE due to bug: SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend. USA Today, April 29, 2014
Officials Say Russian Hackers May Retaliate for Sanctions: U.S. officials and security specialists are warning that Russian hackers may respond to new sanctions by attacking the computer networks of U.S. banks and other companies. Bloomberg, April 27, 2014
Cyber Security Management
Microsoft sharpens encryption management tools: Microsoft is giving the IT admin crowd an updated toolset for managing encryption with the latest release of its Desktop Optimization Pack, better known as MDOP. PCWorld, May 2, 2014
How to protect your supply chain from cybercrime: As companies start to work with more clients, they run the risk of cybercrime through a whole network of collaborating businesses. Here’s tips on how to protect yourself from an online attack. The Guardian, April 28, 2014
Applying ‘big data’ principles reveals three main types of cyber crime per industry – Verizon report: The overwhelming majority of data breaches tracked by security researchers last year fell into one of nine categories, while three of those categories dominated recorded attacks in any given industry, according to a new report. Out-Law.com, April 24, 2014
Cyber Security Management – Cyber Defense
John Pescatore: BYOIT, IoT among top information security trends: BOSTON — There’s no board game that can help enterprise information security managers win in their jobs, but one of the industry’s most respected security analysts believes identifying key changes in IT and getting the resources to secure them can often seem like a game of “Chutes and Ladders.” SearchSecurity, May 2, 2014
Cyber Security Management – Cyber Update
Microsoft Issues Fix for IE Zero-Day, Includes XP Users: Microsoft has issued an emergency security update to fix a zer0-day vulnerability that is present in all versions of its Internet Explorer Web browser and that is actively being exploited. In an unexpected twist, the company says Windows XP users also will get the update, even though Microsoft officially ceased supporting XP last month. KrebsOnSecurity, May 1, 2014
Adobe Update Nixes Flash Player Zero Day: Adobe Systems Inc. has shipped an emergency security update to fix a critical flaw in its Flash Player software that is currently being exploited in active attacks. The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac and Linux versions of Flash. KrebsOnSecurity, April 28, 2014
Securing the Village
Good information security leadership demands focus on shared knowledge: BOSTON — One of information security’s most venerable thought leaders believes the evolution of leadership in the industry has reached a turning point and without a disciplined, holistic approach emphasizing shared knowledge, enterprise security programs will never achieve their desired results. SearchSecurity, May 1, 2014
Today on CLBR: The State of Cyber Security with Stan Stahl: Dr. Stan Stahl, President of Citadel Information Group, returns to discuss the latest Cyber Security issues and the upcoming ISSA-LA Information Security Summit VI which is the premier information security event in Los Angeles. CyberLawRadio, April 23, 2014
National Cyber Security
White House Details Thinking on Cybersecurity Flaws: WASHINGTON — In a rare insight into the government’s thinking on the use of cyberweapons, the White House on Monday published a series of questions it asks in deciding when to make public the discovery of major flaws in computer security or whether to keep them secret so that American intelligence agencies can use them to enable surveillance or an attack. The New York Times, April 28, 2014
Cyber Underworld
EU Cybercrime Officials Blame TOR for Difficulty in Catching Criminals: EU Cybercrime Officials Blame TOR for Difficulty in Catching Criminals: CoinReport, April 20, 2014
Cyber Espionage
F.B.I. Informant Is Tied to Cyberattacks Abroad: WASHINGTON — An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks. The New York Times, April 23, 2014
Cyber Calendar
ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman, Founder & iCEO, WhiteHat Security; Marcus Ranum, CSO, Tenable; Marc Maiffret, CTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira Winkler, ISSA International President; Andrea Hoy, ISSA International Vice-President. For more information and to register, visit ISSA-LA.
Copyright © 2014 Citadel Information Group. All rights reserved.
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, May 4, 2014 appeared first on Citadel Information Group.