Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, March 2, 2014
by Fred F. Farkel, Wednesday, March 5th, 2014


Guest column by Citadel Information Group

Cyber Crime

360 million newly stolen credentials on black market: cybersecurity firm: (Reuters) – A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access. Reuters, February 25, 2014

Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack: Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack. Wired, February 24, 2014

Embassy Suites Acknowledges Data Breach: Credit card information was illegally obtained ‘with a manual device,’ according to the hotel. eSecurity Planet, February 12, 2014

Bank of the West has data breach in online job-application system: Bank of the West job applicants are scrambling for answers regarding a recent data breach that may have involved stolen personal information such as Social Security and driver’s-license numbers. The Denver Post, February 11, 2014

Cyber Privacy

British Spies Said to Intercept Yahoo Webcam Images: SAN FRANCISCO — A British intelligence agency collected video webcam images — many of them sexually explicit — from millions of Yahoo users, regardless of whether they were suspected of illegal activity, according to accounts of documents leaked by Edward J. Snowden. The New York Times, February 27, 2014

Bush cyberczar: NSA created ‘the potential for a police state’: Richard Clarke, the former cyber advisor under President George W. Bush had some harsh words for the United States National Security Agency during an address in California on Monday: “get out of the business of fucking with encryption standards.” RT, February 25, 2014

Identity Theft – HIPAA

The Rise of Medical Identity Theft: If modern technology has ushered in a plague of identity theft, one particular strain of the disease has emerged as most virulent: medical identity theft. Government Technology, February 10, 2014

Cyber Warning

Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks: Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system. ComputerWorld, February 26, 2014

iOS 7: Even if you don’t jailbreak your iPhone, bugs STILL CREEP IN: The comforting notion that unmodified iOS phones are more or less immune to security threats has been shaken to the core with the release of new research that shows mobile monitoring applications can bypass Apple’s app review process and successfully exploit non-jailbroken iOS 7 kit. The Register, February 25, 2014

IRS Releases the “Dirty Dozen” Tax Scams for 2014; Identity Theft, Phone Scams Lead List: The Internal Revenue Service today issued its annual “Dirty Dozen” list of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. IRS, February 19, 2014

Cyber Security Management

How Well Do We Really Understand Information Security?: Information security is very important, but most people think they know it and that’s half the problem. Wall Street & Technology, February 21, 2014

Cyber Security Management – Cyber Update

OS X 10.9.2 arrives to fix SSL vulnerability, Mail problems, and more: What do fixes for critical security vulnerabilities, improvements to mail delivery, and new FaceTime features have in common? Well, they’re all in OS X 10.9.2, which arrived on Tuesday. It’s available in the Updates tab of the Mac App Store, and even if you’re among those who usually take a wait-and-see approach to system updates, this particular release is worth an expedient installation. MacWorld, February 25, 2014

iOS Update Quashes Dangerous SSL Bug: Apple on Friday released a software update to fix a serious security weakness in its iOS mobile operating system that allows attackers to read and modify encrypted communications on iPhones, iPads and other iOS devices. The company says it is working to produce a patch for the same flaw in desktop and laptop computers powered by its OS X operating system. KrebsOnSecurity, February 23, 2014

Cyber Security Management – Cyber Defense

Apple’s SSL iPhone vulnerability: how did it happen, and what next?: SSL vulnerability in iPhone, iPad and on Mac OS X appeared in September 2012 – but cause remains mysterious as former staffer calls lack of testing ‘shameful’. The Guardian, February 25, 2014

Neiman Marcus Hackers Set Off 60,000 Alerts While Bagging Credit Card Data: The hackers who raided the credit-card payment system of Neiman Marcus Group set off alerts on the company’s security systems about 60,000 times as they slunk through the network, according to an internal company investigation. BusinessWeek, February 21, 2014

National Cyber Security

Syria War Stirs New U.S. Debate on Cyberattacks: WASHINGTON — Not long after the uprising in Syria turned bloody, late in the spring of 2011, the Pentagon and the National Security Agency developed a battle plan that featured a sophisticated cyberattack on the Syrian military and President Bashar al-Assad’s command structure. The New York Times, February 24, 2014

Cyber Misc

Card Backlog Extends Pain from Target Breach: Last week’s story about steeply falling prices on credit and debit card data stolen from Target mentioned several reasons why many banks may not have already reissued all of their cards impacted by the breach. But it left out one other key reason: A huge backlog of orders at companies that manufacture credit and debit cards on behalf of financial institutions. KrebsOnSecurity, February 25, 2014

Comment: RSA Conference 2014 – Information Security’s Civil War Takes Center Stage: Brian Honan, security consultant and RSA Conference presenter, explains why he has chosen to remain on the event’s speaking roster despite the withdrawal of some peers. InfoSecurity, February 24, 2014

The anti-RSA conference: More security, less NSA: TrustyCon sets up shop across from the RSA Conference, with hopes of opening a debate on the state of security. InfoWorld, February 21, 2014


ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney; Roland Cloutier, CSO of ADP. For more information and to register, visit ISSA-LA.

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, March 2, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, March 2, 2014

Comments are closed.