Landmark Leadership Conferences for IT Executives
 

The IT Blog



by Fred F. Farkel, Monday, September 30th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Important Security Updates

Apple iOS: Apple  has released version 7.0.2 of its iOS for several versions of the iPhone, iPad and iPod touch to fix 2 security bypass weaknesses in previous versions. The update is available through the device or through Apple’s website.

Apple TV: Apple has released version 6.0 of its Apple TV to fix at least 52 unpatched vulnerabilities, some of which are highly critical, in previous versions. Upgrade to version 6.0.  

VLC Media Player: VLC has released version 2.1.0 (32-bit) of its Media Player. Download from the VLC website.

Current Software Versions

Adobe Flash  11.8.800.174 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.8.800.168 [Windows 8: IE]

Adobe Flash  11.8.800.168 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.04

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 24.0 [Windows]

Google Chrome 29.0.1547.57

Internet Explorer 10.0.9200.16686 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 40 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.0.5 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

D-Link DSL-2740B Wireless Router: Secunia reports an unpatched vulnerability in D-Link’s DSL-2740B Wireless Router in firmware version EU_1.00. Other versions may also be affected. No official solution is currently available.  

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco’s IOS XR, IOS Network Address Translation,  IOS XE, Unified Computing System, IOS Zone-Based Firewall and others. Apply appropriate updates.

Citrix XenClient XT: Secunia reports that Citrix has released updates for its XenClient XT to fix at least 8 moderately critical vulnerabilities. Update to version 2.1.3 or 3.1.4.

McAfee Application Control: McAfee has released an update to its Application Control, affecting only Linux installations, to fix a security bypass vulnerability. Apply hotfix SOLIDCOR610-9500_LNX.zip.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, September 29, 2013

by Fred F. Farkel, Monday, September 30th, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Crime

Data Broker Giants Hacked by ID Theft Service: An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity. KrebsOnSecurity, September 25, 2013

Identity Theft

Sapphire credit card holders to be on their own for fraud protection: Holders of Chase bank’s popular Sapphire credit card may be wondering why they’ll soon be on their own when it comes to keeping fraudsters at bay. LA Times, September 26, 2013

Cyber Privacy

Schools’ Use of Cloud Services Puts Student Privacy at Risk. Schools that compel students to use commercial cloud services for email and documents are putting privacy at risk, says a campaign group calling for strict controls on the use of such services in education. CIO, September 23, 2013

Cyber Warning

New Mac OS Malware exploited two known Java vulnerabilities: A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user’s machine. The Hacker News, September 24, 2013

COMPROMISED JAPANESE MEDIA SITES SERVING EXPLOITS FOR LATEST IE ZERO DAY: Attackers exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser have compromised several popular local Japanese media outlets and have infected systems belonging to government, high tech and manufacturing organizations in Japan. Researchers at FireEye said the attacks appear to be a large-scale intelligence gathering operation and are dropping a knock-off of the McRAT remote access malware to exfiltrate data from compromised computers. ThreatPost, September 23, 2013

Another iOS 7 Bug Lets Anyone Make Calls From Locked iPhones-And This One Has No Quick Fix: Apple has yet to fix one nasty bug in the lockscreen of iOS 7, and the next one has already appeared. Forbes, September 23, 2013

Security Org Raises Internet Threat Level After Seeing Expanded IE Attacks: Computerworld – The Internet Storm Center on Saturday boosted its threat level to “Yellow,” indicating a “significant new threat” to Internet users from attacks exploiting an unpatched vulnerability in all versions of Microsoft’s Internet Explorer (IE) browser. CIO, September 23, 2013

Dropbox and Similar Services Can Sync Malware: A growing body of research shows how to use cloud storage synchronization services to get around firewalls. MIT Technology Review, August 21, 2013

Cyber Update

Apple Fixes Two iOS 7 Bugs That Allowed Access To Locked iPhones. One week after the first of two flaws were revealed that opened major security holes in the iPhone’s lockscreen, Apple has stamped out the bugs with the release of iOS 7.0.2. Forbes, September 26, 2013

Cyber Security Management

Five Habits IT Security Professionals Need To Break. If security professionals want to take their craft in new directions, then they need to stop thinking in old ways, experts said in a panel here Tuesday. Dark Reading, September 25, 2013

Attackers sharpen skills: What that really means for CISOs: Today, IBM is revealing the results of its X-Force 2013 Mid-Year Trend and Risk Report, which shows that Chief Information Security Officers (CISOs) must increase their knowledge of the evolving vulnerability and attack landscape, such as mobile and social technologies, to more effectively combat emerging security threats. Help Net Security, September 24, 2013

Critical Infrastructure

Destructive Attacks On Oil And Gas Industry A Wake-Up Call: Some 30,000 or so hard drives were scrapped and replaced with new ones last year on Saudi Aramco’s internal corporate network after a massive cyberattack destroyed data on the oil and natural gas company’s Windows machines. While the massive attack didn’t directly affect Saudi Aramco’s oil production and exploration systems, it raised the stakes for the increasingly targeted oil and gas industry and also raised concerns of possible market fallout from such attacks. Dark Reading, September 23, 2013

National CyberSecurity

Brazilian president: US surveillance a ‘breach of international law.Brazil’s president, Dilma Rousseff, has launched a blistering attack on US espionage at the UN general assembly, accusing the NSA of violating international law by its indiscriminate collection of personal information of Brazilian citizens and economic espionage targeted on the country’s strategic industries. The Guardian, September 23, 2013

Cyber Sunshine

FBI arrests Temecula man, 19, in ‘sextortion’ of Miss Teen USA: The FBI has arrested a 19-year-old Temecula man who authorities believe to be involved in a “sextortion” case involving Miss Teen USA Cassidy Wolf from Orange County, officials said Thursday. LA Times, September 26, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, September 29, 2013

by Fred F. Farkel, Monday, September 23rd, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Apple iOS: Apple  has released version 7 of its iOS for several versions of the iPhone, iPad and iPod touch to fix at least 69 unpatched vulnerabilities, some of which are highly critical,  in previous versions. The update is available through the device or through Apple’s website.

Apple iOS iPhone 5: Apple  has released version 7.0.1 for the iPhone 5c and iPhone 5s. The update is available through the device or through Apple’s website.

Apple iTunes: Apple  has released version 11.1 of iTunes to fix a highly critical vulnerability. The update is available through iTunes or through the iTunes website.

Microsoft Internet Explorer: Microsoft has released a partial fix to address an extremely critical vulnerability in Internet Explorer versions 6 through 11, 32-bit version only. The fix is available through Microsoft’s website.

Mozilla Firefox: Mozilla has released version 24.0 of Firefox to fix at least 16 highly critical unpatched vulnerabilities in previous versions. Updates are available through Firefox browser. Updates are also available for SeaMonkey and Thunderbird.

Current Software Versions

Adobe Flash  11.8.800.174 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.8.800.168 [Windows 8: IE]

Adobe Flash  11.8.800.168 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.04

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 24.0 [Windows]

Google Chrome 29.0.1547.57

Internet Explorer 10.0.9200.16686 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 40 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.0.5 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Apple OS X Server: Apple has released an update to its OS X Server to fix at least 6 moderately critical vulnerabilities. Update to version 2.2.2.

Apple Xcode GIT: Apple has released an update to its Xcode to fix an unpatched security issue in previous versions. Update to version 5.0.

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco’s AnyConnect VPN Client,  IPS Authentication Manager, Prime Data Center Network Manager, Nexus 3000 Series Switches and others. Apply appropriate updates.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, September 22, 2013

by Fred F. Farkel, Monday, September 23rd, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Crime

Crooks Hijack Retirement Funds Via SSA Portal: If you receive direct deposits from the Social Security Administration but haven’t yet registered at the agency’s new online account management portal, now would be a good time take care of that: The SSA and financial institutions say they are tracking a rise in cases wherein identity thieves register an account at the SSA’s portal using a retiree’s personal information and have that retiree’s benefits diverted to prepaid debit cards that the crooks control. KrebsOnSecurity, September 18, 2013

Cyber Privacy

LinkedIn Appeals For National Security Letter Transparency, Calls Ban "Unconstitutional": LinkedIn on Tuesday joined the fray of Internet companies requesting permission from the Foreign Intelligence Surveillance Court to publish data on the number of National Security Letters it receives. ThreatPost, September 18, 2013

Government Standards Agency "Strongly" Suggests Dropping its Own Encryption Standard: Following revelations about the NSA’s covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. ProPublica, September 13, 2013

Online Bank Fraud

Shylock Financial Malware Back and Targeting Two Dozen Major Banks: Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. ThreatPost, September 18, 2013

Computer hackers arrested over plot to steal millions from Santander: An audacious bid to hack into a high street bank’s computer system and steal millions of pounds has been foiled, according to police. The Telegraph, September 13, 2013

Cyber Warning

‘Lily Collins And Nude Photos’ Results Could Lead To Malware: Why Is She The Most Dangerous Celebrity To Search?: Lily Collins, Phil Collins’ daughter and star of "The Mortal Instruments: City of Bones," has been named McAfee’s "Most Dangerous Celebrity" for 2013. Collins is one of the top young stars today, but searching for her online could land users on a page full of spam, adware or malware. International Business Times, September 17, 2013

Microsoft releases temporary fix for vulnerability in all IE versions, warns of targeted IE8 and IE9 attacks: Microsoft is investigating a new remote code execution vulnerability in Internet Explorer and preparing a security update for all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11). The company has issued a security advisory in the meantime because it has confirmed reports that the issue is being exploited in a "limited number of targeted attacks" specifically directed at IE8 and IE9. The Next Web, September 17, 2013

Cyber Security Management

Deliberately flawed? RSA Security tells customers to drop NSA-related encryption algorithm: An encryption algorithm with a suspected NSA-designed backdoor has been declared insecure by the developer after years of extensive use by customers worldwide, including the US federal agencies and government entities. RT.com, September 20, 2013

6 essential components for security awareness programs: There’s more to security awareness programs than just computer-based training and phishing exercises. Ira Winkler and Samantha Manke outline the six must-haves to ensure your program is effective CSO, September 18, 2013

Social engineering and phishing attacks are getting smarter, but are employers?: September 16, 2013 – A new study on user risk shows that employers are willingly conducting user awareness training, but only half of them follow-up with additional tests to gauge such training’s effectiveness. CSO, September 16, 2013

How to Stop the In-House Data Thief: Edward Snowden has triggered a blizzard of media coverage with his revelations of classified intelligence information he stole while working as a U.S. National Security Agency contractor. That should serve as a warning to corporate executives: It could happen to you. The Wall Street Journal, September 15, 2013

Cyber Security Management – HIPAA

Healthcare IT Security Is Difficult, But Not Impossible: Data breaches threaten healthcare organizations from all angles – from hackers, thieves and forgetful employees – and touch all facets of IT infrastructure. Updated HIPAA rules make organizations responsible for the actions of their business associates, too. Healthcare IT security is a daunting task, but with a little planning, it’s not an impossible one. CIO, September 18, 2013

Cyber Underworld

Why Are Hackers Flooding Into Brazil?: The answer, to channel notorious bank robber Willie Sutton: Because that’s where the money is. Bloomberg, September 13, 2013

Cyber Insurance

Cyber insurance: Understanding the legal language: Chief risk officers (CROs) and others worried about cyber risk are increasingly turning to cyber insurance to offset their risk. But is the cover as black and white as it first seems? ComputerWeekly, September 17, 2013

Cyber Misc

WHOIS Privacy Plan Draws Fire: Internet regulators are pushing a controversial plan to restrict public access to WHOIS Web site registration records. Proponents of the proposal say it would improve the accuracy of WHOIS data and better protect the privacy of people who register domain names. Critics argue that such a shift would be unworkable and make it more difficult to combat phishers, spammers and scammers. KrebsOnSecurity, September 16, 2013

Cyber Sunshine

Barclays Cybercrime Suspects Arrested Over $2.1 Million Theft: London police arrested eight men in connection to a 1.3 million pound ($2.1 million) computer-aided robbery from a Barclays Plc (BARC) branch in the capital. Bloomberg, September 20, 2013

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack: It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Wired, September 13, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, September 22, 2013

by Fred F. Farkel, Monday, September 16th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Important Security Updates

Adobe Flash Player: Adobe has released updates to fix highly critical vulnerabilities in its Flash Player for the Windows, Mac, Linux and Android versions. See version numbers below. Updates are available from Adobe’s website. Updates are also available for Adobe AIR.

Adobe Reader: Adobe has released version 11.0.04 to fix highly critical vulnerabilities in its Reader for the Windows, Mac, Linux and Android versions. Updates are available from Adobe’s website. Updates are also available for Acrobat.

Adobe Shockwave Player: Adobe has released version 12.0.4.144 to fix highly critical vulnerabilities in its Shockwave Player for the Windows, Mac, Linux and Android versions. Updates are available from Adobe’s website.

Apple AirPort: Apple has released an update to its AirPort Base Station Firmware to fix a vulnerability. Update to 7.6.4  available through the AirPort Utility or Apple’s website.

Apple Mac OS X: Apple has released 10.8.5 to fix at least 31 highly critical vulnerabilities in OS X. Updates are available through Apple’s website.

Apple Safari: Apple has released version 5.1.10 to fix two highly critical vulnerabilities in Safari. Updates are available through Apple’s website.

Microsoft Patch Tuesday: Microsoft released several updates addressing at least 47 security vulnerabilities, some of which are highly critical, in Windows, Office, Internet Explorer, Sharepoint, and more. Updates are available via Windows Update or from Automatic Update.

Siber Systems RoboForm: Siber Systems has released version 7.9.1.1 of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.

Current Software Versions

Adobe Flash  11.8.800.174 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.8.800.168 [Windows 8: IE]

Adobe Flash  11.8.800.168 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.04

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 23.0.1 [Windows]

Google Chrome 29.0.1547.57

Internet Explorer 10.0.9200.16660 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.0.5 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Blackberry Multiple Products: Secunia reports that Blackberry has released updates to fix many highly critical vulnerabilities for multiple products, including Blackberry 10 OS  PlayBook OS WebKit, PlayBook OS Flash Player, WebKit JavaScript and Playbook OS. Apply appropriate updates. 

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco’s Prime LAN Management Solution, Virtualization Experience,  Unified MeetingPlace, ASA software Certificate and others. Apply appropriate updates.

Cisco Multiple Products Unpatched: Secunia reports that several Cisco products have unpatched vulnerabilities, some of which are highly critical, for which there is no official solution available;  including Cisco’s Unified Operations Manager and Prime LAN Management.

IBM OS/400 Java: IBM has released an update to its OS/400 bundled with Java to fix at least 27 vulnerabilities, some of which are highly critical, reported in versions V5R4M0 and V6R1M0.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, September 15, 2013

by Fred F. Farkel, Monday, September 16th, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Attack

Hackers Attack NASA’s Website to Protest NSA: Several sub-domains on the website of the National Aeronautics and Space Administration are offline following an attack by hackers opposed to National Security Agency surveillance programs. US News, September 12, 2013

Cyberspies attack key South Korean institutions, North Korean hackers suspected: IDG News Service – South Korean organizations that conduct research on international affairs, national security and Korean unification are under siege from cyberspies whose attack may have its origins in North Korea. CIO, September 11, 2013

Cyber Privacy

Intelligence Officials Admit That Edward Snowden’s NSA Leaks Call For Reforms: The intelligence community’s reaction to National Security Agency contractor Edward Snowden’s leaks has moved through the typical stages of denial, anger, and depression. Now it seems to be coming to acceptance. Forbes, September 13, 2013

Government Announces Steps to Restore Confidence on Encryption Standards: SAN FRANCISCO – The federal agency charged with recommending cybersecurity standards said Tuesday that it would reopen the public vetting process for an encryption standard, after reports that the National Security Agency had written the standard and could break it. The New York Times, September 10, 2013 

NSA Secretly Admitted Illegally Tracking Thousands Of ‘Alert List’ Phone Numbers For Years: The next time the National Security Agency claims that it works only within the strict oversight of the judicial branch and other watchdogs, its critics will have a new story to tell in response: That in 2009, the agency was found to be routinely misleading those overseers, and that it took another four years for those violations to become public. Forbes, September 10, 2013

Identity Theft

3 simple things consumers can do to curtail medical ID theft: It’s no surprise that medical identity theft is increasing. But the extent to that spike since just last year and the increasing value of medical information to criminals are startling indeed. Government Health IT, September 12, 2013

Cyber Threat

4 Mobile Device Dangers That Are More Of A Threat Than Malware: Worried about malware? Other threats should come to mind first for North American users, from losing the phone to inadvertently connecting to an insecure or rogue access point. DarkReadin, September 11, 2013

Cyber Warning

New Tibet malware variant found for OS X: After over a year of no apparent activity, a new variant of the Tibet malware affecting OS X systems has been found. CNet, September 11, 2013

Smart Devices That Make Life Easier May Also Be Easy To Hack, Says FTC: Wireless devices let us control our household appliances through the Internet with ease, but do they also make it easier for hackers to disrupt our daily lives? Hari Sreenivasan speaks with Kashmir Hill of Forbes on a recent finding by the Federal Trade Commission of inadequate security protections for some products. PBS, September 2013

Cyber Security Management

NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds: New details of the NSA’s capabilities suggest encryption can still be trusted. But more effort is needed to fix problems with how it is used. MIT Technology Review, September 9, 2013

Cyber Security Management – Cyber Update

Buggy Microsoft Update Hamstrings Outlook 2013: An Office 2013 non-security update, part of yesterday’s massive Patch Tuesday, blanks the folder pane in Outlook 2013, the suite’s email client, drawing complaints from customers on Microsoft’s support forum. CIO, September 11, 2013

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft each separately released a raft of updates to fix critical security holes in their software. Adobe pushed patches to plug holes in Adobe Acrobat/Reader and its Flash and Shockwave media players. Microsoft released 14 13 patch bundles to fix at least 47 security vulnerabilities in Windows, Office, Internet Explorer and Sharepoint. KrebsOnSecurity, September 10, 2013

Cyber Security Management – Cyber Defense

3 habits of successful data center security teams: In the Northern Hemisphere, most countries are experiencing a bountiful summer and hopefully along with it, some much needed downtime for overworked data center security teams. As an IT professional, you should use this downtime to reflect on ways to move data center security forward in keeping with new technology and workforce trends. CSO, September 10, 2013

Cyber Underworld

‘Yahoo Boys’ Have 419 Facebook Friends: Earlier this week, I wrote about an online data theft service that got hacked. That compromise exposed a user base of mostly young Nigerian men apparently engaged in an array of cybercrime activities – from online dating scams to 419 schemes. It turned out that many of these guys signed up for the data theft service using the same email address they used to register their Facebook accounts. Today’s post looks at the social networks between and among these individuals. KrebsOnSecurity, September 11, 2013

Spy Service Exposes Nigerian ‘Yahoo Boys’: A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored. KrebsOnSecurity, September 9, 2013

Cyber Law

Critics question FTC’s authority to bring data security complaints: The Federal Trade Commission should back away from its claim of broad authority to seek sanctions against companies for data breaches when it has no clearly defined data security standards, critics of the agency said Thursday. PCWorld, September 12, 2013

Cyber Survey

Internet Census 2012 Data: Millions of Devices Vulnerable by Default: Embedded device manufacturers have been warned for ages about the risks of making networking, telecom and critical infrastructure gear reachable online, worse yet, leaving default credentials in place for authenticating to those devices. ThreatPost, September 13, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, September 15, 2013

by Fred F. Farkel, Monday, September 9th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Opera: Opera has released an update to its browser. Updates are available from within the browser or from Opera’s website.

Current Software Versions

Adobe Flash  11.8.800.94 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.8.800.94 [Windows 8: IE]

Adobe Flash  11.8.800.94 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.03

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 23.0.1 [Windows]

Google Chrome 29.0.1547.57

Internet Explorer 10.0.9200.16660 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.0.5 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

Samsung Galaxy S4: Secunia reports an unpatched highly critical vulnerability in Samsung’s Galaxy S4. No official solution is currently available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released at least 3 security advisories and updates for multiple products, including Cisco’s Prime Network Control System (NCS),  Jabber for Windows, WebEx ARF and WRF, Secure Access Control System (ACS), IOS , Mobility Services Engine and others. Apply appropriate updates.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, September 8, 2013

by Fred F. Farkel, Monday, September 9th, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Privacy

Privacy Groups Ask FTC to Oppose Facebook’s Policy Changes: IDG News Service (Bangalore Bureau) – Six privacy groups have asked the U.S. Federal Trade Commission to strike down proposed changes to Facebook’s policies, as they violate a 2011 settlement with the agency over user privacy. CIO, September 5, 2013

Government to Release Hundreds of Documents Related to NSA Surveillance: In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government’s secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the Foreign Intelligence Surveillance Court. ThreatPost, September 6, 2013

Identity Theft

Facebook Security Issues Might Stymie Payments Push: Facebook (FB) created a stir recently on word it’s testing a payments product that lets shoppers make purchases on mobile devices using their Facebook login information. Investors.com, September 4, 2013

Online Bank Fraud

Sophisticated, ‘potent’ trojan targets online bank users: A new trojan has been discovered by security researchers, who say that although similar to the infamous Zeus and SpyEye, “Hesperbot” is a potent member of a new malware family. ZDNet, September 6, 2013

Banks’ resilience to cyber crime to be tested by Government: Banks’ resilience to cyber attacks are being rated by government officials for the first time amid concerns about the increasing risks to the financial system from electronic criminals and terrorists. The Telegraph, August 31, 201 

Warning: A New DDoS-Fraud Link: Gartner analyst Avivah Litan says fraudsters are using DDoS attacks as a distraction for a new, extremely effective account takeover scheme. How should institutions respond to this emerging threat? GovInfoSecurity, August 26, 2013

Cyber Threat

World’s Trouble Spots Escalating Into Cyberthreats For Businesses: As regional troubles spill over to the digital world, companies should reinforce their defenses and demand their suppliers do the same, experts say. DarkReading, September 5, 2013

Cyber Warning

Why Your iPhone Will Inevitably Catch A Virus: Android may dominate mobile market share, but it also comes with a host of ills like fragmentation and, more potently, malware. While the mobile malware threat has been surprisingly light to date, that’s starting to change. For now, Android is the malware capital of mobile in part because of its popularity and in part because of its more open approach to engineering. ReadWrite.com, September 5, 2013

Researchers: Oracle’s Java Security Fails: Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research suggests that the integrity and accuracy of these warning messages can be subverted easily in any number of ways, and that Oracle’s new security scheme actually punishes Java application developers who adhere to it. KrebsOnSecurity, September 4, 2013

Cyber Security Management

COBIT 5 for information security: The underlying principles: COBIT 5, a governance model for enterprise IT, introduces a framework that is better focused on information security. TechRepublic, September 4, 2013

Cyber Security Management – HIPAA

FTC Charges LabMD with Exposing Data to Identity Thieves: The Federal Trade Commission is taking action against medical laboratory services firm LabMD for enabling patient information to be accessible on a peer-to-peer file sharing network, which resulted in identity theft. LabMD vigorously disputes the charges. Health Data Management, August 30, 2013

Securing the Village – ISSA-LA

ISSA-LA & OWASP-LA September Dinner Meeting: Developers cannot defend against unknown threats. Understanding vulnerabilities and security controls is an absolute necessity – not only for developers, but for Architects, QA and anyone else involved in the creation of software. This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs. ISSA-LA Event – September 18, 2013

National Cyber Security

NSA Able to Foil Basic Safeguards of Privacy on Web: The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents. The New York Times, September 5, 2013

Terrorists tout new encryption technology that thwarts U.S. intelligence: Terrorists and jihadists say they have a new tool to undercut American and Western intelligence – a mobile encryption software system that operates cell phone-to-cell phone, and works on even those devices that aren’t equipped with the technology. The Washington Times, August 5, 2013

Budget Documents Detail Extent of U.S. Cyberoperations: WASHINGTON – Newly disclosed budget documents for America’s intelligence agencies show how aggressively the United States is now conducting offensive cyberoperations against other nations, even as the Obama administration protests attacks on American computer networks by China, Iran and Russia. The New York Times, August 31, 2013

Cyber Sunshine

Romanian Hackers Get Hefty Sentences in NH: Two Romanian computer hackers who stole credit card information from more than 800 U.S. merchants and more than 150,000 credit and debit card holders have been given lengthy prison sentences by a federal judge in New Hampshire. ABC News, September 5, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, September 8, 2013

by Fred F. Farkel, Monday, September 2nd, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

RealPlayer 16.03.51: RealNetworks has updated RealPlayer to patch two vulnerabilities which can be exploited by malicious people to compromise a user’s system. Updates are available from within the program.

Current Software Versions

Adobe Flash  11.8.800.94 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.8.800.94 [Windows 8: IE]

Adobe Flash  11.8.800.94 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.03

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 23.0.1 [Windows]

Google Chrome 29.0.1547.57

Internet Explorer 10.0.9200.16660 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.0.5 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco: Secunia reports five new security advisories for various Cisco products. Additional information is available from Secunia and Cisco.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, September 1, 2013

by Fred F. Farkel, Monday, September 2nd, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Attack

How Syrian Hackers Found the New York Times’s Australian Weak Spot: A hacking attack launched by the Syrian Electronic Army may have targeted the New York Times and other U.S. media companies, but the weak link was Melbourne IT (MLB:AU), a domain registrar that directs Internet traffic to the companies’ servers. How can an assault on obscure Australian Web-services provider lead to a more than 20-hour disruption at the Times’ website? BusinessWeek, August 28, 2013

Syrian Hack Of NYTimes.com Could Have Inflicted Much More Than Mere Embarrassment: When hackers take down a website, their weapon of choice is often a less-than-subtle technique known as a denial of service attack, which merely overwhelms a site’ servers with junk traffic. But the trick that the hacker group known as the Syrian Electronic Army pulled against the New York Times, Twitter, and the Huffington Post UK Tuesday seems to have been very different-and potentially far more invasive. Forbes, August 28, 2013

Syrian Hackers Might Have Used More Sophisticated Method to Bring Down the New York Times: The New York Times’ website went down midafternoon Tuesday, marking the second time in August the Grey Lady has gone dark. While the company blamed the first outage on an “internal issue,” a company VP tweeted Tuesday that an “initial assessment” concluded the new outage, which was still plaguing the site as of Tuesday evening, was due to a “malicious external attack.” It didn’t take long for Twitter users to come to a consensus that the most likely culprit was the Syrian Electronic Army, or SEA, and soon enough the SEA claimed credit. But as more details emerge about the attack, it appears the SEA may be using more-sophisticated methods to wreak havoc online than was previously believed. Time, August 27, 2013

SERVICE RESTORED TO .CN DOMAIN AFTER LARGE DDOS ATTACK: Long fingered as the source of denial-of-service attacks and other hacks against foreign interests, China’s .cn domain was targeted on Sunday and approximately one-third of the sites registered to that domain were kept offline for a period of time. A statement from the China Internet Network Information Center blamed the outage on the largest ever denial of service attack the country has faced. ThreatPost, August 26, 2013

Hackers deface Google Palestine, object to Google Maps labeling of Israel: Google’s presence in the Palestinian territories, Google.ps, has been defaced by hackers, apparently objecting to the Google Maps labeling of the Israel and Palestinian borders. The Washington Post, August 26, 2013

Cyber Privacy

Facebook reveals governments asked for data on 38,000 users in 2013: Government agencies around the world demanded access to the information of over 38,000 Facebook users in the first half of this year, and more than half the orders came from the United States, the company said on Tuesday. The Guardian, August 28, 2013

Report: NSA Broke Into UN Video Teleconferencing System: IDG News Service – The U.S. National Security Agency reportedly cracked the encryption used by the video teleconferencing system at the United Nations headquarters in New York City. CIO, August 26, 2013

U.S. Surveillance Fallout Costing Third-Party Providers: E-mail encryption provider Lavabit shuts down, Silent Circle shutters its own service, and analysts are forecasting tens of billions of lost revenue for cloud and service providers DarkReading, August 23, 2013

FISA Judge: NSA misrepresented themselves, violated the Constitution: A federal judge said in a recently declassified opinion, issued during his time serving on the Foreign Intelligence Surveillance Court, that the National Security Agency misrepresented themselves and violated the Constitution for several years. CSO, August 22, 2013

Online Bank Fraud

Mobile Trojan Defeats Dual Authentication: A new cross-device mobile Trojan that already has targeted online-banking customers has been linked to the same group that waged the successful High Roller attacks last summer. So far, customers of several top-tier institutions in Northern Europe and a handful in the U.S. have been victimized. BankInfoSecurity, August 29, 2013

Account Takeovers Get More Sophisticated: Account takeover techniques are getting more sophisticated. Now, attackers no longer need to use phishing, vishing and smishing attacks to get users to cough up their account logins and passwords. BankInfoSecurity, August 22, 2013

Identity Theft

Call DirecTV, risk identity theft?: Despite the risk of identity theft and fraud, DirecTV asks for the Social Security numbers of people who aren’t even signing up for service but are merely checking out costs. LA Times, August 26, 2013

Cyber Warning

Apple Mac flaw gives hackers ‘super status,’ root access: An unaddressed five-month-old flaw in Apple’s Mac OS X gives hackers near unlimited access to files by altering clock and user timestamp settings. ZDNet, August 30, 2013

Gone Phishing: How Major Websites Get Hacked: Two digital publishing giants, the New York Times and Twitter, succumbed to hackers on Tuesday, with the Times going dark for six long hours and with Twitter forced to reassure its millions of users that their personal information had not been compromised. National Geographic, August 28, 2013

Crooks are using new “vishing” scam to plunder bank accounts: In the latest swindle householders are called on their landlines and are duped into parting with personal and ­financial details Mirror News, August 28, 2013

Malicious Software Poses as Video From a Facebook Friend: A piece of malicious software masquerading as a Facebook video is hijacking users’ Facebook accounts and Web browsers, according to independent Italian security researchers who have been investigating the situation. The New York Times, August 26, 2013

Internal US government memo warns authorities about Android malware threats: Public Intelligence has published a joint release from the US Department of Homeland Security and Department of Justice cautioning government workers about the severity of malware threats on the Android platform. According to the government’s findings, 79% of mobile operating malware threats in 2012 took place on Android, compared to 0.7% on iOS. The Next Web, August 26, 2013

Spear-Phishing E-mail with Missing Children Theme: The FBI is aware of a spear-phishing e-mail appearing as if it were sent from the National Center for Missing and Exploited Children. The subject of the e-mail is “Search for Missing Children,” and a zip file containing three malicious files is attached. E-mail recipients should always treat links and attachments in unsolicited or unexpected e-mail with caution. US Cert, August 22, 2013

Cyber Security Management

How To Prevent Cyber Crime: Prevention will always be your best line of defense against cyber criminals. Like any other criminal activity, those most vulnerable tend to be the first targeted. Forbes, August 28, 2013

How Worried Should Small Businesses Be Regarding Cyber Security?: By some estimates, network-based attacks, such as DDOS (short for Distributed Denial of Services), which have the ability to take down large computing networks, have increased by 700 percent this year. Forbes, August 27, 2013

CDSA Releases Updated Version of its Content Protection Security Standard, Making Ongoing Improvements to its International Certification Program: NEW YORK – The Content Delivery & Security Association (CDSA), the international association advocating the secure and responsible delivery and storage of entertainment, software, and information media, announced today the release of an updated version of its Content Protection and Security (CPS) Certification Standard. CDSA, August 27, 2013

Another Amazon Outage Exposes the Cloud’s Dark Lining: It was likely another eventful weekend for the engineers in Amazon’s Web services division. On Sunday afternoon, a hardware failure at Amazon’s U.S.-East data center in North Virginia led to spiraling problems at a host of well-trafficked online services, including Instagram, Vine, AirBnB, and the popular mobile magazine app Flipboard. Bloomberg, August 26, 2013

Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched: One in five IT professionals say they either have not fully patched their organizations’ endpoint operating systems – or they aren’t sure whether the machines are up-to-date. DarkReading, August 23, 2013

ISO Updates Information Security Management Standard: ISO/IEC 27001, the information security management system standard, is being revised to strengthen risk management practices and encourage them to be integrated into the operational whole for organizations. InfoSecurity Magazine, August 21, 2013

Cyber Security Management – Cyber Update

Hackers Target Java 6 With Security Exploits: Warning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks. InformationWeek, August 26, 2013

Securing the Village

Secretive Companies Allow Hackers To Thrive: U.S. Attorney: Some American companies are still unwilling to report to law enforcement they have been hacked, a reluctance that is making it more difficult to combat cybercrime, a top federal prosecutor told The Huffington Post. Huffington Post, August 28, 2013

Dynamic cooperation: the best weapon for cybersecurity: In the furious public debate on how best to protect the nation’s electric system from cyber attacks, it’s easy to forget that all of us-public officials, utility leaders and consumers-are in this together. That’s why we took note when Dr. Patrick Gallagher, Director of the National Institute of Standards and Technology, testified that the “partnership with industry to develop, maintain and implement voluntary consensus standards related to cybersecurity best ensures the interoperability, security and resiliency of this global infrastructure and makes us all more secure.” Intelligent Utility, August 26, 2013

Cyber Underworld

Cybercrime service automates creation of fake ID verification documents: A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity-verification processes used by some banks, e-commerce businesses, and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB. PC World, August 27, 2013

Cyber Career

Cybersecurity And Privacy Specialists In Short Supply: A cover story in the Los Angeles Daily Journal (subscription required) reported that the need for privacy and cybersecurity legal specialists has exploded in California, yet general counsel say there is a shortage of qualified practitioners who can do the job. LinkedIn Corp.’s General Counsel Erika Rottenberg was featured in the story, she speculated that technology companies in Silicon Valley were hiring most of the qualified attorneys, leaving less talent for law firms. Amidst a legal job market in which law graduates are clamoring to find jobs, the demand for privacy and cybersecurity specialists may present an opportunity for the law schools that are nimble enough to respond to the demand. Forbes, August 26, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, September 1, 2013