Cyber Security News of the Week, April 7, 2013by Fred F. Farkel, Monday, April 8th, 2013
Guest column by Citadel Information Group
SSA-LA – Securing the Village
Ira Winkler to Speak at ISSA-LA Fifth Annual Information Security Summit on Cybercrime in May: Ira Winkler, president of the Information Systems Security Association to be a featured speaker at the LA Chapter of the Information Systems Security Association Fifth Annual Information Security Summit on Wednesday, May 21, 2013, in Los Angeles. For more information and to register, visit ISSA-LA.
Cyber Security Management – Awareness Training
Hacking The User Security Awareness And Training Debate: Bruce Schneier says training end users on security is a waste of time. But security awareness experts argue there’s a whole new generation and approach emerging that better schools users on security behaviors. Dark Reading, April 4, 2013
Cyber Security Management – Cyber Defense
A Different Approach To Foiling Hackers? Let Them In, Then Lie To Them: Most systems administrators describe the task of network security as something like defending a castle. Kristin Heckman talks about fighting hackers in terms that sound more like a job as a Walmart greeter.Forbes, April 5, 2013
Google Uses Reputation To Detect Malicious Downloads: Using data about Web sites, IP addresses and domains, researchers find that they can detect 99 percent of malicious executables downloaded by users, outperforming antivirus and URL-reputation services.DarkReading, April 5, 2013
Cyber Security Management – Cyber Warning
Shylock Trojan Going Global with New Features, Resilient Infrastructure: The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. ThreatPost, April 5, 2013
Skype Malware Stealing Victims’ Processing Power to Mine Bitcoins: Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. … now there is a piece of malware in circulation that is using Skype as a spreading mechanism and then using infected machines’ processing power to mine Bitcoins. ThreatPost, April 5, 2013
DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks: As if emergency responders weren’t already overloaded: Increasingly, extortionists are launching debilitating attacks designed to overwhelm the telephone networks of emergency communications centers and personnel, according to a confidential alert jointly issued by the Department of Homeland Security and the FBI.KrebsOnSecurity, April 1, 2013
AMI Firmware Source Code, Private Key Leaked: Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. ThreatPost, April 5, 2013
Anonymous hackers take control of North Korean propaganda accounts: A Twitter and Flickr account associated with a North Korean news agency has been taken over by hackers claiming to be from the hacktivist collective Anonymous. Instead of pro-North Korea propaganda, the accounts are now criticizing North Korea and its leader Kim Jong-un for building nuclear weapons. The hackers controlling the Twitter account also claimed to have hacked the news agency’s website and other North Korean websites, which appear to be offline. Ars Technica, April 4, 2013
Who Wrote the Flashback OS X Worm?: A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I’ve gathered over the past year that point to the real-life identity of the Flashback worm’s creator.KrebsOnSecurity, April 3, 2013
Google Fights U.S. National Security Probe Data Demand: Google Inc operator of the world’s largest search engine, is challenging a demand by the U.S. government for private user information in a national security probe, according to a court filing. Bloomberg, April 4, 2013
Apple’s iMessage encryption trips up feds’ surveillance: Encryption used in Apple’s iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects’ conversations, an internal government document reveals. CNET, April 4, 2013
How valuable are security certifications today?: Will investing your time in earning security-industry certifications ultimately mean more money in your paycheck? Which certifications are vital in today’s job market?. CSO Leadership, April 1. 2013
National Cyber Security
Chinese Hackers May Gain Advantage From U.S. Attempt to Block Chinese Hackers: Congress has for years tried to block China’s major telecommunications companies from entering the U.S. market, fearing they may help Chinese hackers snoop on American companies and government agencies. Huffington Post, April 5, 2013
NIST Outlines Next Steps in Drafting Cybersecurity Framework: The first of three in-depth workshops on the drafting of a cybersecurity framework will take place at Carnegie Mellon University in Pittsburgh, Pa., May 29-31, allowing time for the National Institute for Standards and Technology (NIST) to coalesce feedback from industry into a guiding document, the agency announced Thursday. HSToday, April 4, 2013
Securing the Village – Events Calendar
ISSA-LA April Lunch Meeting; April 17, 2013. For more information and to register, visitISSA-LA.
Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk – It Takes the Village to Secure the Village SM – Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user’s computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.
ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.
Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.