Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, November 24, 2013
by Fred F. Farkel, Monday, November 25th, 2013


Guest column by Citadel Information Group

Cyber Crime

Cupid Media Hack Exposed 42M Passwords: An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays, according to information obtained by KrebsOnSecurity. KrebsOnSecurity, November 20, 2013

Mass. police department pays $750 ransom to open computer files locked by hackers; payment is made in virtual currency bitcoins: Swansea police say they were forced to pay $750 in ransom earlier this month to hackers after a virus locked all of their computer files., November 19, 2013

Vendor Breach Exposes Card Data, PII: The breach of an Ireland-based loyalty marketing company, which authorities confirm exposed payment card data on more than 376,000 consumers plus other personally identifiable information about more than 1 million, illustrates, yet again, the privacy vulnerabilities third parties pose, experts say. BankInfoSecurity, November 14, 2013

Cyber Attack

Hackers Broke Into Syria’s Secret Police Computers And Found… Porn: An exiled Syrian hacker has claimed to have cracked the systems of the country’s brutal secret police to find evidence that intelligence officers spent their working days watching pornography. Fobes, November 20, 2013

Cyber Privacy

UPDATE: Encrypt the Web Report: Who’s Doing What: We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies-Dropbox, Google, SpiderOak and implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress. See the infographic. Electronic Frontier Foundation, November 20, 2013

LG investigates Smart TV ‘unauthorised spying’ claim: LG is investigating allegations that some of its TVs send details about their owners’ viewing habits back to the manufacturer even if the users have activated a privacy setting. BBC, November 20, 2013

Health Care Website Has Security Bugs, Expert Warns: The website at the center of President Barack Obama’s health care overhaul has security flaws that put user data at "critical risk" despite recent government assurances it is safe to use, a respected security expert said Tuesday. Daily Finance, November 19, 2013

LG Smart TVs logging USB filenames and viewing info to LG servers: Earlier this month I discovered that my new LG Smart TV was displaying ads on the Smart landing screen. DoctorBeet’s Blog, November 18, 2013

Cyber Warning

Evernote Is Telling Users To Change Their Passwords – And Blaming Adobe By Name: Evernote is warning thousands of its users to change their passwords immediately. Business Insider, November 22, 2013

Hackers actively exploiting JBoss vulnerability to compromise servers: Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner. PC World, November 18, 2013

vBulletin Breach Prompts Password Reset: Forum software maker vBulletin is urging users to change their passwords following a recent breach of its networks. The attackers who claimed responsibility for the intrusion say they broke in using a zero-day flaw that is now being sold in several places online, but vBulletin maintains it is not aware of any zero-day attacks against current versions of its product. KrebsOnSecurity, November 18, 2013

Cyber Security Management – Cyber Defense

Introducing Office 365 Message Encryption: Send encrypted emails to anyone!: We’re pleased to announce the upcoming release of Office 365 Message Encryption, a new service that lets you send encrypted emails to people outside your company. No matter what the, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it-you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential. We’ve listed just a few. Office 365 Technology Blog, November 21, 2013

Don’t Like Spam? Complain About It: Cynical security experts often dismiss anti-spam activists as grumpy idealists with a singular, Sisyphean obsession. The cynics question if it’s really worth all that time and effort to complain to ISPs and hosting providers about customers that are sending junk email? Well, according to at least one underground service designed for spammers seeking to avoid anti-spam activists, the answer is a resounding "yes!" KrebsOnSecurity, November 19, 2013

Tech giants turn to encryption to deter NSA spying: Google, Facebook and Yahoo are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying. Concord Monitor, November 17, 2013

Cyber Defenders

FBI as cyber crime sleuth: Is it any match for computer bad guys?: The FBI’s evolution into a cyber-crime-fighting agency, a decade in the works, has made the bureau ‘one of the best in the world’ at cracking computer crime. Cyber threats are poised to rival terrorism as the primary danger to US, says FBI’s director. Christian Science Monitor, November 18, 2013

National Cyber Security

Pentagon Beefs Up Contractor Information Security Requirements: WASHINGTON, Nov. 19, 2013 – An amendment published yesterday to the Defense Federal Acquisition Supplement will require defense contractors to incorporate established information security standards on their unclassified networks and to report cyber-intrusion incidents that result in the loss of unclassified controlled technical information from these networks. US Department of Defense, November 19, 2013

Cyber Survey

Online threats: survey shows impact of cybercrime: Internet users in the EU are very concerned about cyber-security, according to a Eurobarometer survey published today. 76% agree that the risk of becoming a victim of cybercrime has increased in the past year, more than in a similar study from 2012. 12% of Internet users have already had their social media or email account hacked. European Comission, November 22, 2013

McAfee Labs Sees New Threats Subverting Digital Signature Validation: SANTA CLARA, Calif.-(BUSINESS WIRE)-McAfee Labs today released the McAfee Labs Threats Report: Third Quarter 2013, which found new efforts to circumvent digital signature app validation on both PCs and Android-based devices. The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30% increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. Less surprising but no less daunting was a 125% increase in spam. Dark Reading, November 20, 2013

Cyber Misc

More bitcoins, more problems: How hackers are targeting bitcoins: Bitcoin has a lot going for it these days. Its price is soaring, mainstream businesses are increasingly adopting it as a form of payment and venture capitalists are pouring money into bitcoin start-ups. CNBC, November 20, 2013

Cyber Sunshine

Six arrested in $45 million global cybercrime scheme: (Reuters) – Six people were arrested and charged on Monday for participating in a worldwide ATM heist that stole $45 million from two Middle East banks. Reuters, November 18, 2013

Massive cybercrime case unfolding in Las Vegas: The organization was about as big as any criminal syndicate could get until an undercover Las Vegas federal agent put a crimp in its worldwide operations. Las Vegas Review-Journal, November 17, 2013

Members Of New York Cell Of Cybercrime Organization Plead Guilty In $45 Million Cybercrime Campaign: Cyberattacks employed by the defendants and their co-conspirators known in the cyberunderworld as "Unlimited Operations" DarkReading, November 13, 2013

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, November 24, 2013

Comments are closed.