Landmark Leadership Conferences for IT Executives
 
Cyber Security News of the Week, June 23, 2013
by Fred F. Farkel, Monday, June 24th, 2013

 

Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Privacy

Facebook admits year-long data breach exposed six million users: (Reuters) – Facebook Inc has inadvertently exposed 6 million users’ phone numbers and email addresses to unauthorized viewers over the past year, the world’s largest social networking company disclosed late Friday. Reuters, June 22, 201 

Newly disclosed papers give rules for NSA surveillance without a warrant: Classified documents newly made available to The Washington Post and the Guardian describe the National Security Agency’s procedures for protecting the privacy of U.S. citizens. Since Edward Snowden, a former NSA contractor, first leaked documents describing the agency’s surveillance program this month, it has become the subject of intense controversy here and abroad. The new disclosures did not mollify the agency’s critics:The Washington Post, June 21, 2013

Edward Snowden: the truth about US surveillance will emerge: The NSA whistleblower Edward Snowden has warned that the truth about the extent of surveillance carried out by US authorities would emerge, even if he was eventually silenced. The Guardian, June 17, 2013

Intel Leaker Edward Snowden Attacks NSA’s Distinction Between Americans And Foreigners: Debate over the National Security Agency’s spying powers has long focused on its potentially unconstitutional spying on Americans. But as NSA leaker Edward Snowden reveals more of his motives to the public, it now seems he’s equally critical of the NSA’s legal core mission: practically unlimited spying on foreigners. Forbes, June 17, 2013

Cyber Warning

COMMON WEB VULNERABILITIES PLAGUE TOP WORDPRESS PLUG-INS: Since late March, no fewer than a half-dozen high profile attacks have involved a compromised website built on the WordPress platform. Attackers abuse vulnerabilities in the content management system’s customizable plug-ins and themes to pull off anything from drive-by downloads to watering hole attacks. ThreatPost, June 20, 2013

Online Bank Fraud

Double Cashing With Mobile Banking: The case of a Kentucky man arrested this month for using mobile banking to steal thousands of dollars from a local supermarket chain highlights the security loopholes that thieves can exploit in mobile check deposit schemes being deployed by financial institutions across the country. KrebsOnSecurity, June 17, 2013

ACH Fraud Cases: Lessons for Banks: Former federal banking examiner Amy McHugh says banks can learn a lot from recent legal decisions and settlements in account takeover cases, including which authentication and online-banking security investments they should make. BankInfoSecurity, June 17, 2013

Cyber Security Management

Cyber crime: Is it on your radar?: The costs associated with cyber crime are rising. Annie Plaskett looks at the solutions available to business. Financial Director, June 17, 2013

How ME Bank moved information security from IT to the boardroom: A concerted effort to push information-security risk from the IT group across the business organisation has had “a dramatic effect” on the profile of IT security at ME Bank, according to information security manager Lachlan McGill. CSO, June 17, 2013

Cyber Security Management – Cyber Update

Critical Update Plugs 40 Security Holes in Java: Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows. KrebsOnSecurity, June 18, 2013

Cyber Security Management – Cyber Defense

Microsoft to Offer Standing Bug Bounty: Microsoft said today it will pay up to $100,000 to security researchers who find and report novel methods for bypassing the security built into the latest version of the company’s flagship operating system. Researchers who go the extra mile and can also demonstrate a way to block the new attack method they’ve reported can earn an extra $50,000. KrebsOnSecurity, June 19, 2013

Windows Security 101: EMET 4.0: Several years ago, Microsoft released the Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help Windows users beef up the security of third-party applications. This week, Microsoft debuted EMET 4.0, which includes some important new security protections and compatibility fixes for this unobtrusive but effective security tool. KrebsOnSecurity, June 18, 2013

Cyber Security Management – HIPAA

Six legal tips for HIPAA omnibus compliance: The HIPAA omnibus rule will go into effect on Sept. 23, but law firms are already doling out HIPAA advice to covered entities. Eileen Elliott, a partner in the Burlington, VT-based law firm Dunkiel, Saunders, Elliott, Raubvogel & Hand, concentrates on healthcare law and provided six tips for healthcare providers as they prepare for potential HIPAA audits in 2014. Health IT Security, June 18, 2013

Sara Boyns: New definition of ‘breach’ under HIPAA: Q: I am a covered health care provider subject to the Health Insurance Portability and Accountability Act (HIPAA). I recently heard there is a new rule about when we have to report if an employee accesses a patient’s medical record in violation of HIPAA. I know that I am supposed to report breaches of my patient’s protected health information, but how am I supposed to determine whether a breach has occurred? Monterey Herald, May 30, 2013

National Cyber Security

U.S. charges Snowden with espionage: Federal prosecutors have filed a criminal complaint against Edward Snowden, the former National Security Agency contractor who leaked a trove of documents about top-secret surveillance programs, and the United States has asked Hong Kong to detain him on a provisional arrest warrant, according to U.S. officials. The Washington Post, June 21, 2013

MICROSOFT’S BUG BOUNTY PROGRAM AND THE LAW OF UNINTENDED CONSEQUENCES: The Microsoft bug bounty program has been nearly a decade in the making and it is clear from the shape and size of it that the company did not simply slap the program together in order to join the cool kids. Rather, Microsoft’s security team spent years watching the way other programs work, seeing what incentives attract good researchers and looking for a system that made sense for Microsoft’s specific goals. The result is a well thought-out reward system that likely will reward good research while making customers safer at the same time. But the program may also create some unintended consequences and ripples in the security world.ThreatPost, June 21, 2013

NSA Implementing ‘Two-Person’ Rule To Stop The Next Edward Snowden: The next Edward Snowden may need a partner on the inside. On Tuesday, National Security Agency Director Keith Alexander told a congressional hearing of the Intelligence Committee that the agency is implementing a “two-person” system to prevent future leaks of classified information like the one pulled off by 29-year-old Booz Allen contractor Edward Snowden, who exfiltrated “thousands” of files according to the Guardian, to whom he has given several of the secret documents. Forbes, June 18, 2013

Obama Defends Authorization of Surveillance Programs: WASHINGTON – President Obama defended his authorization of recently revealed domestic and international surveillance programs in comments broadcast Monday night but rejected the suggestion that his policies were basically a warmed-over version of those of the last White House. The New York Times, June 17, 2013

GCHQ intercepted foreign politicians’ communications at G20 summits: Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic. The Guardian, June 17, 2013

Forget PRISM: Global Cyberchiefs Say They Need to Pry Even Further: The exposure of the PRISM data-collection program might not fall squarely under the heading of the third annual International Cyber Security Conference, which concluded on Wednesday at Tel Aviv University. The secret data-collection program, by which U.S. intelligence agencies routinely vacuum up huge amounts of private communications from Internet users, stands outside the realm of safeguarding the cyberworld from attacks. PRISM is defended as an antiterrorism measure, necessary to detect plots as they are hatched between evildoers communicating with one another online. Time, June 13, 2013

Critical Infrastructure

Energy secretary creates cybersecurity council: Energy Secretary Ernest Moniz said he has created a cybersecurity council to bring together various Energy Department branches, a move that underscores increasing political and policy focus on cyber threats. The Hill, June 12, 2013

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, June 23, 2013

Comments are closed.