Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, February 16, 2014
by Fred F. Farkel, Monday, February 17th, 2014


Guest column by Citadel Information Group

Cyber Crime

Hackers circulate thousands of FTP credentials, New York Times among those hit: Hackers are circulating credentials for thousands of FTP sites and appear to have compromised file transfer servers at The New York Times and other organizations, according to a security expert. PC World, February 13, 2014

Criminals Control, Cash Out Bank’s ATM Machines: In what could be a sign of what’s ahead in ATM fraud, a highly sophisticated and well-funded criminal gang targeted an overseas bank and commandeered at least four of its ATM machines with malware-rigged USB sticks in order to empty them of cash. DarkReading, February 13, 2014

Silk Road 2.0 ‘Hack’ Blamed On Bitcoin Bug, All Funds Stolen: The same bug that has plagued several of the biggest players in the Bitcoin economy may have just bitten the Silk Road. Forbes, February 13, 2014

Email Attack on Vendor Set Up Breach at Target: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. KrebsOnSecurity, February 12, 2014

Experts warn of coming wave of serious cybercrime: The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cybercrime, as hackers become increasingly skilled at breaching the nation’s antiquated payment systems, experts say. Washington Post, February 9, 2014

Unveiling ‘The Mask’: Sophisticated malware ran rampant for 7 years: A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries. PC World, February 11, 2014

Cyber Attack

Attack on US Veterans Website May have Been Aimed At Military Members: IDG News Service — A cyberattack against the Veteran of Foreign Wars website, believed to have been initiated in China, may have sought to spy on U.S. military members, security company FireEye said Thursday. CIO, February 13, 2014

Cyber Privacy

Sidestepping the Risk of a Privacy Breach: This week, we reached the inevitable point in the controversy over the credit and debit card breaches where grim-faced retail executives from Target and Neiman Marcus, industry experts and consumer advocates turned up in Washington. They raised their hands and delivered well-rehearsed statements to our elected representatives. The New York Times, February 7, 2014

Identity Theft

Dogged by Data Theft: “What is stopping us from moving to this kind of technology?” asked a perplexed Senator Amy Klobuchar, Democrat from Minnesota. It was last Tuesday, and the Senate Judiciary Committee, on which Klobuchar sits, was holding a hearing about the recent breaches of Target and Neiman Marcus in which the data from tens of millions of credit and debit cards were stolen. The New York Times, Febraury 10, 2014

Keeping Swindlers Out of Your Bank and Brokerage Accounts: Data breaches at Target and Neiman Marcus were certainly scary. Personal information from tens of millions of people fell into the hands of cybercriminals. The New York Times, February 8, 2014

Cyber Warning

Bizarre attack infects Linksys routers with self-replicating malware: Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware. ars technica, February 13, 2014

New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated): Microsoft has confirmed reports of a recently active attack that surreptitiously installed malware on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9, the company warned. ars technica, February 13, 2014

CERTIFICATES SPOOFING GOOGLE, FACEBOOK, GODADDY COULD TRICK MOBILE USERS: Dozens of phony SSL certificates were discovered this week mocking legitimate certs from banks, e-commerce sites, ISPs and social networks. If a user stumbled over one of the bogus certificates on a mobile device it could put them at risk for a man-in-the-middle attack. ThreatPost, February 13, 2014

Instagram Bug Would Have Let Hackers Peek At Private Photos For At Least Last Six Months: If at any point before last Tuesday you suddenly found your private Instagram pics embarrassingly exposed to public perusal, Christian Lopez might be able to offer an explanation. Forbes, February 10, 2014

New Mac OS X Malware Steals Your Bitcoins: There’s a new piece of Mac malware that can spy on your web browser to steal your bitcoins. ReadWrite, February 10, 2014

Cyber Security Management

REALISTIC RISK ASSESSMENT KEY TO SECURITY MANAGEMENT: PUNTA CANA – Although it may not be the most thrilling part of a security team’s job, the idea of operational risk assessment and management is perhaps the most important aspect of organizational security. ThreatPost, February 10, 2014

How To Get The Most Out Of Risk Management Spend: Even with most security budgets growing or at least staying flat for 2014, no organization ever has unlimited funds for protecting the business. That’s where a solid risk management plan can be a lifesaver. DarkReading, January 24, 2014

The 7 best habits of effective security pros: It’s easy for security professionals who are passionate about their careers to get caught up in the technology, but success today requires a lot more than technical savvy. Here are the traits successful security pros say are needed to succeed. CSO, January 8, 2014

Cyber Security Management – Cyber Update

Security Updates for Shockwave, Windows: Adobe and Microsoft today each issued patches to fix critical security flaws in their software. Microsoft’s February Patch Tuesday includes seven patch bundles addressing at least 31 vulnerabilities in Windows and related software. Adobe pushed out an update that fixes two critical bugs in its Shockwave Player. KrebsOnSecurity, February 11, 2014

Cyber Security Management – Cyber Defense

Microsoft Offers Multifactor Authentication to All Office 365 Users: IDG News Service (Bangalore Bureau) — Microsoft is offering multifactor authentication free as an option to all users of its Office 365 suite, a hosted set of Microsoft Office tools and applications. CIO, February 11, 2014

Cyber Security Management – HIPAA

Healthcare Information Security: Still No Respect: More than a decade after publication of HIPAA’s security rule, healthcare information security officers still struggle to be heard. Information Week, Febraury 10, 2014

National Cyber Security

Feds Launch Cyber Security Guidelines For US Infrastructure Providers: The White House on Wednesday released the first version of its cyber security framework for protecting critical infrastructure. Critics say these voluntary guidelines enshrine the status quo. Information Week, February 12, 2014

NIST Framework Released to Widespread Praise, But What Happens Next?: Following a solid year of intensive work, the National Institute of Standards and Technology (NIST) released yesterday its “final” framework for improving critical infrastructure cybersecurity as mandated under a February 2013 executive order by President Obama. The 41-page document closely tracks, with some notable changes, the preliminary framework released by NIST in November. CIO, February, 13, 2014

Launch of the Cybersecurity Framework: Today the Obama Administration is announcing the launch of the Cybersecurity Framework, which is the result of a year-long private-sector led effort to develop a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity. The Framework is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that President Obama announced in the 2013 State of the Union. The White House, February 12, 2014

Cyber Law

FFIEC issues risk management guidance on social media: FFIEC issues risk management guidance on social media. Lexology, January 31, 2014

Cyber Sunshine

Florida Targets High-Dollar Bitcoin Exchangers: State authorities in Florida on Thursday announced criminal charges targeting three men who allegedly ran illegal businesses moving large amounts of cash in and out of the Bitcoin virtual currency. Experts say this is likely the first case in which Bitcoin vendors have been prosecuted under state anti-money laundering laws, and that prosecutions like these could shut down one of the last remaining avenues for purchasing Bitcoins anonymously. KrebsOnSecurity, February 7, 2014

Cyber Calander

ISSA-LA February Lunch Meeting: In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. Spamhaus gave us permission to talk about the details of the attack. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet’s infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here’s what the network needs to do in order to protect itself. ISSA-LA, Event Date: February 19, 2014

Cybersecurity Essentials for Business Professionals: Please join us in this free presentation where we will discuss essential issues that every entrepreneur and business professional must know about cybersecurity laws, guidelines, and protocols. This event will be moderated and conducted by Salar Atrizadeh, Esq., principal and founder of the Law Offices of Salar Atrizadeh. Also, Stan Stahl, Ph.D., President of Citadel Information Group and ISSA-LA, Brad Maryman, and Howard Miller will serve as panelists Law Offices of Salar Atrizadeh, Event Date: February 21, 2014

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 16, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, February 16, 2014

Comments are closed.