Guest column by Citadel Information Group
Cyber Crime
A New Army Of Chinese Hackers Is Stealing Secrets From U.S. Companies, Researchers Say:Researchers at security vendor FireEye say they’ve uncovered a disturbing scheme: what looks like random hack attacks against a variety of U.S. companies is really an organized group of Chinese hackers stealing intellectual property. Business Insider, November 13, 2013
Cybercrime’s bottom line: $500 billion: No one knows the true cost of cybercrime. Annual loss estimates for U.S. corporations range from $70-140 billion in a recent report from the Center for Strategic and International Studies (CSIS) to $400 billion quoted by U.S. House of Representatives Intelligence Committee leaders who introduced the Rogers-Ruppersberger Cybersecurity Bill. USA TODAY, November 8, 2013
Now, Your Reward for Being a Loyal Customer: Identity Theft: They signed up to receive discounts on vacation travel and other perks. Instead, more than 1.5 million Europeans who had enrolled in customer-loyalty programs learned this week that their personal data, including credit-card details in some instances, had been stolen in a cyber attack on an Irish company they’d never heard of. BusinessWeek, November 13, 2013.
Hackers Take Limo Service Firm for a Ride: A hacker break in at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. KrebsOnSecurity, November 4, 2013
Cyber Attack
Anonymous-Linked Hackers Accessed U.S. Government Computers, FBI Reportedly Warns: BOSTON/SAN FRANCISCO (Reuters) – Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week. Huffington Post, November 15, 2013
Indonesian hackers crash Australian intelligence agency’s site: The hacking comes one week after a wave of cyberattacks against over 170 Australian sites, mainly belonging to small businesses. The attacks were in retaliation against Australia for reportedly using its Jakarta embassy for spying. ZDNet, November 11, 2013
Cyber Warning
CryptoLocker Crew Ratchets Up the Ransom: Last week’s article about how to prevent CryptoLocker ransomware attacks generated quite a bit of feedback and lots of questions from readers. For some answers – and since the malware itself has morphed significantly in just a few day’s time – I turned to Lawrence Abrams and his online help forum BleepingComputer.com, which have been following and warning about this scourge for several months. KrebsOnSecurity, November 6, 2013
Microsoft Warns of Zero-Day Attack on Office: Microsoft warned today that attackers are targeting a previously unknown security vulnerability in some versions of Microsoft Office and Windows. The company also has shipped an interim “Fix-It” tool to blunt attacks on the flaw until it has time to develop and release a more comprehensive patch. KrebsOnSecurity, November 5, 2013
Cyber Security Management
Cybersecurity Threats Are Rising – EY: Cyber security has moved from operations to a concern of the C-suite and the board, EY (formerly known as Ernst & Young before getting carried away with hip rebranding), the consultancy, has found in its work across industries. Forbes, November 11, 2013
Western Union: Their bold new approach to awareness training (and why it’s working): ’ve been involved with security awareness training for several years now, and I can’t remember one single compliment on any of our previous courses,” sighed Alex Yokley, Director of Corporate Information Security at Western Union. CSO, November 6, 2013
Cyber Security Management – Cyber Update
Zero-Days Rule November’s Patch Tuesday: Microsoft today issued security updates to fix at least 19 vulnerabilities in its software, including a zero-day flaw in Internet Explorer browser that is already being actively exploited. Separately, Adobe has released a critical update that plugs at least two security holes in its Flash Player software. KrebsOnSecurity, November 12, 2013
Microsoft: IE Zero Day Patch Among November Patch Tuesday Updates: Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow. Threatpost, November 11, 2013
Cyber Security Management – Cyber Defense
Next-gen HTTP 2.0 protocol will require HTTPS encryption (most of the time): Sending data in plain text just doesn’t cut it in an age of abundant hack attacks and mass metadata collection. Some of the biggest names on the Web-Facebook, Google, Twitter, etc.-have already embraced default encryption to safeguard your precious data, and the next-gen version of the crucial HTTP protocol will only work for URLs protected by HTTPS. PCWorld, November 13, 2013
Tenable Joins AWS Marketplace To Provide On-Demand AMI Vulnerability Scanning: Tenable Network Security, Inc., the leader in real-time vulnerability management, today announced that Amazon Web Services (AWS) customers can now leverage Nessus to scan, audit, and monitor software vulnerabilities on all of their Amazon Machine Images (AMI). Together, the collaboration between Tenable and AWS provides added security through unparalleled vulnerability, configuration and patch assessment- for enterprise customers looking to build, operate or maintain their applications in the AWS cloud. DarkReading, November 13, 2013
The quest for weak links in information security: A widely accepted definition of information security risk is the potential of a specific threat exploiting the vulnerabilities of an information asset, with the following formula used to represent information security risks: Risk = Likelihood x Impact. CSO, November 12, 2013
Cyber Underworld
Silk Road 2.0 Launches, Promising A Resurrected Black Market For The Dark Web: The Silk Road is dead. But the dark web dream lives on. Forbes, November 6, 2013
Securing the Village
Microsoft’s new Cybercrime Center combines tactics against hacking groups: (Reuters) – The maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center. Reuters, November 14, 2013
Major Banks, Card Schemes, Retailers And Vendors Launch The World’s First Association Dedicated To Wireless Biometric Authentication: Lille, 13th November, 2013 – Pioneering standard-setter, Natural Security has today announced the launch and newly elected governing board of the world’s first open Alliance dedicated to secure transactions based on wireless and biometrics. DarkReading, November 13, 2013
Facebook Warns Users After Adobe Breach: Facebook is mining data leaked from the recent breach at Adobe in an effort to help its users better secure their accounts. Facebook users who used the same email and password combinations at both Facebook and Adobe’s site are being asked to change their password and to answer some additional security questions. KrebsOnSecurity, November 11, 2013
National Cyber Security
Russian draft UN resolution on information security winning support thanks to Snowden: A Russian-proposed draft UN resolution calling for an international code of conduct for information security is beginning to win support as Washington loses moral authority in the wake of Edward Snowden’s revelations. The Voice of Russia, November 11, 2013
Obama’s Portable Zone of Secrecy (Some Assembly Required): WASHINGTON – When President Obama travels abroad, his staff packs briefing books, gifts for foreign leaders and something more closely associated with camping than diplomacy: a tent. The New York Times, November 9, 2013
Cyber Law
Cybersecurity Legislation Gets Renewed Push From Financial Firms: WASHINGTON- Top financial-industry lobbyists pressed senators to move forward with cybersecurity legislation, part of an effort to re-energize a campaign that has lost steam amid revelations about the National Security Agency’s extensive domestic surveillance. The Wall Street Journal, November 13, 2013
Cyber Misc
Big Data’s Little Brother: Start-Ups Are Mining Hyperlocal Information for Global Insights. The New York Times, November 10, 2013
Cyber Sunshine
Feds Charge Calif. Brothers in Cyberheists: Federal authorities have arrested two young brothers in Fresno, Calif. and charged the pair with masterminding a series of cyberheists that siphoned millions of dollars from personal and commercial bank accounts at U.S. banks and brokerages. KrebsOnSecurity, November 14, 2013
Cyber Calander
ISSA-LA November Lunch Meeting: Topic: Using Hackers’ Own Methods & Tools to Defeat Persistent Adversaries - In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn’t really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they’re watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. ISSA-LA, Event Date: November 20, 2013
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.