Cyber Security News of the Week, March 24, 2013by Fred F. Farkel, Monday, March 25th, 2013
Guest column by Citadel Information Group
Computer Networks in South Korea Are Paralyzed in Cyberattacks: SEOUL, South Korea – Computer networks running three major South Korean banks and the country’s two largest broadcasters were paralyzed Wednesday in attacks that some experts suspected originated in North Korea, which has consistently threatened to cripple its far richer neighbor. The New York Times, March 20, 2013
Apple security flaw discovered; two-step verification recommended: A major security flaw was discovered Friday that makes it possible to easily change another user’s Apple ID password and hijack the account. LA Times, March 22, 2013
A DHL delivery which is nothing but malware – Windows users warned of email attack:Just earlier this week, I warned about a malware attack that had been widely spammed out posing as a message from DHL Express International. NakedSecurity, March 20, 2013
Botnet Business Booming: Some dismantled botnets rank in the top ten most prevalent as old bot malware gets repurposed, according to new Fortinet report. Dark Reading, March 19, 2013
The Obscurest Epoch is Today: To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday. KrebsOnSecurity, March 18, 2013
Privacy 101: Skype Leaks Your Location: The events of the past week reminded me of a privacy topic I’ve been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses. KrebsOnSecurity, March 21, 2013
Here’s The Judge’s Order Banning The FBI’s Secret Requests For Companies’ User Data:For the FBI, secret, warrantless snooping on companies’ user data may be about to get much more difficult. Forbes, March 15, 2013
Apple Strengthens iCloud Security With 2-Step Authentication: Apple on Thursday rolled out a tool that strengthens password security for Apple accounts: two-step verification, a feature widely available for many Web services. The New York Times, March 21, 2013
Google Fully Implements Security Feature on DNS Lookups: IDG News Service – Google has fully implemented a security feature that ensures a person looking up a website isn’t inadvertently directed to a fake one. CIO, March 19, 2013
Security-Bug Rating System Gets A Makeover: The Common Vulnerability Scoring System will be moving to its third iteration next year, aiming to make the rankings more objective and add more ratings to increase accuracy. DarkReading, March 19, 2013
Security of Open-Source Software Again Being Scrutinized: A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions. CIO, March 13, 2013
Cyber Security Management
Most Small Businesses Don’t Recover From Cybercrime: In light of the growing number of high-profile cyber-attacks hitting tech and financial institutions across the country, the U.S. House Small Business Subcommittee on Health and Technology held a hearing Thursday on the topic of “Protecting Small Businesses Against Emerging and Complex Cyber-Attacks.” Fox News, March 21, 2013
The Seven Deadly Sins of Data Security: There is no shortage of advice on how to secure electronic information. Companies can look to pronouncements by state and federal agencies (for example, the recent statements by the California Attorney General and the Federal Trade Commission on mobile application security), private industry (like the Payment Card Industry’s Data Security Standards) and foreign standards (like the European Union Data Protection Directive). There is guidance regarding technical standards, corporate protocols, contracting requirements and others. Michael Gold, Esq., Robert Braun, Esq., Jeffer Mangels Butler Mitchell, March 18, 2013
National Cyber Security
Privacy Protection for Documents Stored in the Cloud Gets DoJ Nod: As House subcommittee weighs overhaul of 1986 statute to strengthen privacy in the cloud, senators introduce their own legislation to update Electronic Communications Privacy Act. Department of Justice affirms the Obama administration’s support for an overhaul.CIO, March 19, 2013
America’s 3 Biggest Cybersecurity Vunerabilities: When James Clapper, the country’s top intelligence official, visited Capitol Hill this week to discuss the major threats facing America, he put cyberattacks at the top of the list. National Journal, March 13, 2013
Wholesalers Hid Data Breach From Customers, Suit Says: Restaurant and grocery suppliers Jetro Holdings LLC, Jetro Cash & Carry Enterprises LLC and Restaurant Depot LLC were hit Friday with a proposed class action over their alleged failure to notify consumers of a data breach that exposed confidential credit and debit card information. LAW 360, February 27, 2013
Genesco takes VISA to court over data breach: Nashville-based retailer Genesco Inc. is suing VISA, accusing the credit-card company of wrongfully taking more than $13 million as punishment for a data breach. The Tennessean, March 8, 2013
Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Year: Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia. ThreatPost, March 15, 2013
Survey: Investors Crave More Cyber Security Transparency: As corporate America continues to grapple with the mounting cyber threat, a new survey reveals investors want more information about security practices and may even shun stocks of companies with a poor cyber track record. Fox News, March 4, 2013
Securing the Village-Events Calendar
NAWBO Ventura County March Dinner Meeting, March 28, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at the monthly meeting of the Ventura County Chapter of the National Association of Women Business Owners. In her talk The Growing Cyber Threat: Why the Bad Guys are Winning!, Kimberly will identify threats to information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure.
SecureIT-2013, March 28, 2013: David Lam, our newest Citadel partner and ISSA Los Angeles VP, will be speaking at SecureIT on 28 March regarding the appropriate use of ISO 27001/2 as an information security framework. David will be showing how the framework is extensible to all different sizes of organizations, and how it helps you achieve both security and compliance. For more information and to register, visitwww.secureitconf.com.
ISSA-LA April Lunch Meeting; April 17, 2013. For more information and to register, visitISSA-LA.
Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk – It Takes the Village to Secure the Village SM – Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user’s computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.
ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.
Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.