Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, March 23, 2014
by Fred F. Farkel, Monday, March 24th, 2014


Guest column by Citadel Information Group

Cyber Crime

California Leads The Nation In Cybercrime: The same high-profile assets that make California an engine for America’s creativity and economy – think Silicon Valley and Hollywood – have made it a magnet for international criminal enterprises. If that sounds like a cover story for “Duh Magazine,” the first comprehensive report about it was released here Thursday, and it backs up the assertions with data and investigative evidence – and recommends what to do next. Business Insider, March 20, 2014

Citroen becomes the latest victim of Adobe ColdFusion hackers: One of the carmaker’s German websites hacked to include a backdoor last year, following similar cases elsewhere. The Guardian, March 17, 2014

The Long Tail of ColdFusion Fail: Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions. KrebsOnSecurity, March 17, 2014

Sally Beauty Confirms Card Data Breach: Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores. The admission comes nearly two weeks after KrebsOnSecurity first reported that the company had likely been compromised by the same criminal hacking gang that stole 40 million credit and debit cards from Target. KrebsOnSecurity, March 17, 2014

Bitcoin-stealing malware hidden in Mt. Gox data dump, researcher says: An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles also contains bitcoin-stealing malware for Windows and Mac. PCWorld, March 17, 2014

Cyber Attack

NATO websites attacked by hackers: (CNN) — Hackers apparently attacked several NATO websites Saturday, but they did not interrupt operations nor was the integrity of NATO’s systems affected, NATO spokeswoman Oana Lungescu said on Twitter. CNN, March 16, 2014

Cyber Privacy

Microsoft Software Leak Inquiry Raises Privacy Issues: SEATTLE — Technology companies have spent months denying they know anything about broad government spying on people who use their Internet services. The New York Times, March 20, 2014

FORMER CHURCH COMMITTEE MEMBERS SEE NEED FOR NEW GROUP TO INVESTIGATE NSA: In a letter sent to President Obama and members of Congress, former members and staff of the Church Committee on intelligence said that the revelations of the NSA activities have caused “a crisis of public confidence” and encouraged the formation of a new committee to undertake “significant and public reexamination of intelligence community practices”. ThreatPost, March 20, 2014

Identity Theft

Are Credit Monitoring Services Worth It?: In the wake of one data breach after another, millions of Americans each year are offered credit monitoring services that promise to shield them from identity thieves. Although these services can help true victims step out from beneath the shadow of ID theft, the sad truth is that most services offer little in the way of real preventative protection against the fastest-growing crime in America. KrebsOnSecurity, March 19, 2014

Consumers Union’s Guide to Security Freeze Protection: There are more than eight million new victims of identity theft each year in the U.S. Many of these victims find that crooks have used stolen personal information like Social Security numbers to open new accounts in their victim’s name. A security freeze gives consumers the choice to “freeze” or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name.When a security freeze is in place at all three major credit bureaus, an identity thief cannot open a new account because the potential creditor or seller of services will not be able to check the credit file. When the consumer is applying for credit, he or she can lift the freeze temporarily using a PIN so legitimate applications for credit or services can be processed. DefendYourDollars, February 5, 2014

Cyber Warning

EA Games hackers get Apple ID, Origin passwords and payment info: If you’ve been prompted to enter your Apple ID login, payment and security credentials via an EA Games subdomain recently, change your passwords immediately. ZDNet, March 20, 2014

Android Upgrades Open A Backdoor To Malware, Researchers Show: Updating software is to malware as flossing is to gingivitis: a basic practice meant to minimize the risk of infection. But a team of researchers has found that for Google’s Android platform, operating system upgrades can also serve as a stealthy new method for malware to sneak its tricks past Android’s security measures. Forbes, March 19, 2014

Botnet of thousands of Linux servers pumps Windows desktop malware onto web: As many as 25,000 web servers infected with Linux malware have been used in the past two years to hit website visitors with two variants of Windows malware. ZDNet, March 19, 2014

Hackers Use Missing Malaysia Airlines Flight to Bait Users: Cyber scammers are exploiting intense interest in missing Malaysia Airlines Flight 370 to spread malicious malware aimed at attacking users, according to a new warning from security software company Trend Micro. FoxBusiness, March 19, 2014

Cyber Security Management

6 greatest cybersecurity myths and why you should not trust them: Cybersecurity is, without a doubt, becoming one of the dominant security topics (and concerns), not only for security professionals, but also for any executives or managers who want to protect their organizations. Defense Systems, March 17, 2014

Cyber Security Management – Cyber Update

Windows XP Holdouts: 6 Top Excuses: Microsoft cuts support for Windows XP in less than a month, but millions still use the OS. Are these rationales worth the risk? InformationWeek, March 17, 2014

GOOGLE PATCHES FOUR PWN2OWN BUGS IN CHROME 33: Now that the dust has settled after the Pwn2Own contest, the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux. ThreatPost, March 17, 2014

Government computers running Windows XP will be vulnerable to hackers after April 8: The deadline for installing secure operating systems on federal government computers will pass next month with the job incomplete, leaving hundreds of thousands of machines running outdated software and unusually vulnerable to hackers. The Washington Post, March 16, 2014

Cyber Security Management – Cyber Defense

FULL DISCLOSURE SECURITY MAILING LIST SHUTS DOWN: The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said. ThreatPost, March 20, 2014

The Year of Encryption: Government spying gives a giant push to data scrambling on the Web. MIT Technology Review, March 18, 2014

Cyber Underworld

Cyber Criminals Using Online Attack Kits to Steal Data: Cyber criminals are now using online attack kits to steal data. The cyber criminal does not need to have advanced hacking skills today to steal someone’s personal banking information. In a few simple steps, they can download a so-called “attack kit” and online theft is just a matter of a few clicks away. LibertyVoice, MArch 16, 2014


ISSA-LA Donates $25,000 for Nonprofits to Attend the Sixth Annual Information Security Summit on Cybercrime Solutions: The Los Angeles Chapter of the Information Systems Security Association has created a donation fund of up to $25,000 for 100 free registrations to Executives and IT personnel of nonprofits to attend the Sixth Annual Information Security Summit. PRWeb, March 19, 2014

Cyber Sunshine

Men from Ukraine and New York indicted in U.S. cybercrime case: (Reuters) – Federal prosecutors on Monday announced the indictment of three men they accuse of being members of an international cybercrime ring that tried to steal at least $15 million by hacking into U.S. customer accounts at 14 financial institutions and the Department of Defense’s payroll service. Reuters, March 18, 2014

Cyber Calander

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney; Roland Cloutier, CSO of ADP. For more information and to register, visit ISSA-LA.

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.  The post Cyber Security News of the Week, March 23, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, March 23, 2014

Comments are closed.