Landmark Leadership Conferences for IT Executives
 
Cyber Security News of the Week, July 14, 2013
by Fred F. Farkel, Monday, July 15th, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber-Crime

Nintendo’s Fan Site Hit By Illicit Logins, 24,000 Accounts Accessed: IDG News Service (Tokyo Bureau) – Nintendo said a main fan site was hit by a wave of illicit login attempts in Japan over the last month, with attackers gaining access to nearly 24,000 accounts containing users’ real names, addresses, phone numbers and emails information. CIO, July 8, 2013

Morningstar warns clients of data breach: Morningstar Inc. says personal information of about 2,300 users of its Morningstar Document Research service may have been compromised by a security breach last year. ChicagoTribune, July 5, 2013

Cyber Warning

CRYPTOCAT ENCRYPTED CHAT VULNERABLE TO SIMPLE BRUTE FORCE DECRYPTION: Cryptocat, an open source encrypted Web-based chat application, is taking heat from numerous places after a vulnerability was discovered that put chats at risk for relatively simple decryption, experts say. ThreatPost, July 8, 2013

Cyber Underworld

Styx Exploit Pack: Domo Arigato, PC Roboto: Not long ago, miscreants who wanted to buy an exploit kit – automated software that helps booby-trap hacked sites to deploy malicious code – had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability “stress-test platforms.” KrebsOnSecurity, July 8, 2013

Cyber Security Management

5 Security Bolstering Strategies That Won’t Break the Bank: CSO – Today’s security threats span a broad spectrum of social engineering schemes, international hackers, and insider threats like the recent NSA breach. It’s easy to get overwhelmed by all of the potential threats and where money should be spent to keep up, let alone stay ahead of the curve. CIO, July 8, 2013

Workers Don’t Trust Employers with Personal Data: Survey: A new report from Aruba Networks has outlined a clear disparity between what employees want and what the IT department needs, particularly when it comes to the blending of personal and work-related information. Security Week, July 8, 2013

Cyber Security Management – Cyber Update

Adobe, Microsoft Release Critical Updates: Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks. KrebsOnSecurity, July 9, 2013

Securing the Village

NIST seeks input on cybersecurity framework: Starting tomorrow, July 10th, in San Diego, the National Institute of Standards and Technology (NIST) will host the third, and perhaps most important, in a series of workshops aimed at developing a voluntary comprehensive cybersecurity framework that will apply across sixteen critical infrastructure sectors. CSO, July 9, 2013

Record Number of Executives Attend ISSA-LA Information Security Summit on Cybercrime: A diverse group of nearly 800 leading cybercrime experts, information security professionals, and C-suite business executives recently attended the most successful ISSA-LA Cybercrime Summit. PRLog, July 6, 2013

Securing the Village – Online Bank Fraud

Banks’ Commercial Customers Face Online Risks: Written by Dr. Stahl An L.A. accounting firm recently discovered cybercriminals had fraudulently transferred $150,000 from its bank account … The article describes how ISSA-LA and several forward-looking banks – including City National Bank, American Business Bank, BBCN and California United Bank – are working together to combat online bank fraud. Los Angeles Business Journal, July 7, 2013

Critical Infrastructure

EXPOSED ROOT SSH KEY WAS SHIPPING WITH EMERGENCY ALERT SYSTEM DEVICES: UPDATE – Firmware images for the application servers that distribute messages for the Emergency Alert System in the United States were shipping with a private root SSH key that has been disclosed. Hackers who have this key can access one of these servers and interrupt or manipulate an EAS message. ThreatPost, July 8, 2013

FAA CALLED OUT FOR LAX INFORMATION SECURITY CONTROLS: The Federal Aviation Administration’s (FAA) Civil Aviation Registry lacks proper security controls to prevent unauthorized access to its systems, according to a report based on a recent audit undertaken by the Office of the Inspector General (OIG) for the United States Department of Transportation (DoT). ThreatPost, July 8, 2013

Cyber Law

Senate Commerce panel unveils cybersecurity bill: The Senate Commerce, Science and Transportation Committee announced a draft bill on Thursday aimed at improving the nation’s defenses against hackers. The Hill, July 11, 2013

Cyber Misc

DEF CON To Feds: We Need Some Time Apart: One of the more time-honored traditions at DEF CON – the massive hacker convention held each year in Las Vegas – is “Spot-the-Fed,” a playful and mostly harmless contest to out undercover government agents who attend the show. KrebsOnSecurity, July 10, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, July 14, 2013

Comments are closed.