February, 2014 | IT Conference | IT Conferences

	Landmark Leadership Conferences for IT Executives
2016 Conferences The IT Summit Denver 2016 March 16 The IT Summit Seattle 2016 September 21 The IT Summit Los Angeles 2016 October 13 Previous Events The IT Testimonials Contact Us Company Profile Speaker Submission The IT Blog Shop Cart Checkout My Account

The IT Blog

Weekend Vulnerability and Patch Report, February 23, 2014

by Fred F. Farkel, Tuesday, February 25th, 2014

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash Player: Adobe has released version 12.0.0.70 for its Flash Player to fix an extremely critical vulnerability. Updates are available through the program or from Adobe’s Flash Web Site. Updates are also available for Adobe AIR.

Adobe Shockwave Player: Adobe has released version 12.0.9.149 to fix two highly critical vulnerabilities reported in previous versions of Shockwave Player running on Windows and Macintosh. Updates are available through the program or from Adobe’s Shockwave Web Site.

Apple iOS Multiple Devices: Apple has released updates for its iOS to fix a critical vulnerability in the iPhone 3GS, iPod touch 4th generation, iPhone 4, iPod touch 5th generation, iPad 2 and later, Apple TV 2nd generation and later. Updates are available through the device or Apple’s website.

Dropbox: Dropbox has released version 2.6.13 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Foxit Reader: Foxit has released version 6.1.4 to fix a moderately critical vulnerability. Updates are available through the program or from Foxit’s website.

Google Chrome: Google has released version 33.0.1750.117 of Chrome for Windows, Mac, Linux and Chrome Frame to fix highly critical unpatched vulnerabilities in previous versions. Updates are available through the program.

Microsoft Internet Explorer: Microsoft has released an update to versions 9 and 10 of Internet Explorer to fix an extremely critical vulnerability. Updates are available through Windows Updates in the Control Panel. US-CERT recommends upgrading to Internet Explorer 11.

Microsoft Windows: Microsoft has released an update to several versions of Windows, including Windows 8, 8.1 and Server 2012, to fix a highly critical vulnerability caused by the bundling of Adobe Flash Player within Internet Explorer. Updates are available through Windows Updates in the Control Panel.

Siber Systems RoboForm: Siber Systems has released version 7.9.2 of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.

Skype: Skype has released Skype 6.14.0.104. Updates are available from the program.

Current Software Versions

Adobe Flash 12.0.0.70 [Windows 7: IE]

Adobe Flash 12.0.0.70 [Windows 7: Firefox, Mozilla]

Adobe Flash 12.0.0.70 [Windows 8: IE]

Adobe Flash 12.0.0.70 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.13 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 27.0.1

Google Chrome 33.0.1750.117

Internet Explorer 11.0.9600.16518 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 51 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.14.0.104

Newly Announced Unpatched Vulnerabilities

Netgear D6300B: Secunia reports moderately critical security issues in firmware versions 1.0.0.06 and 1.0.0.14. Other versions may also be affected. No official solution is currently available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released updates for its Unified Communications Manager, Intrusion Prevention Software (IPS), Adaptive Security Appliance (ASA), Unified SIP Phone 3905, Unified Computing System (UCS), Firewall Services Module (FWSM), Email Security Appliance, Videoscape Distribution Suite Transparent Caching (VDS-TC) and others. Apply updates.

Citrix ShareFile for Android: Secunia reports that Citrix has released an update to fix a security issue reported in previous versions of Citrix ShareFile Mobile Application for Android and Citrix ShareFile Mobile for Tablets Application for Android. Update to version 2.4.4.

Symantec Endpoint Protection Manager: Secunia reports that Symantec has released updates for its Endpoint Protection Manager to fix a vulnerability in versions prior to 11.0.7405.1424 and 12.1.4023.4080. Update to a fixed version.

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, February 23, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Cyber Security News of the Week, February 23, 2014

by Fred F. Farkel, Tuesday, February 25th, 2014

Guest column by Citadel Information Group

Cyber Crime

Fire Sale on Cards Stolen in Target Breach: Last year’s breach at Target Corp. flooded underground markets with millions of stolen credit and debit cards. In the days surrounding the breach disclosure, the cards carried unusually high price tags — in large part because few banks had gotten around to canceling any of them yet. Today, two months after the breach, the number of unsold stolen cards that haven’t been cancelled by issuing banks is rapidly shrinking, forcing the miscreants behind this historic heist to unload huge volumes of cards onto underground markets and at cut-rate prices. KrebsOnSecurity, February 19, 2014

Database Attack Exposes Personal Data At University of Maryland: IDG News Service — Personal records for more than 309,000 students and staff were exposed this week in a “sophisticated” database attack at the University of Maryland, the university said Wednesday. CIO, February 19, 2014

Kickstarter hacked, user data stolen:The crowd-funding site says hackers broke into its systems and made off with data. Apparently credit card numbers escaped the attack. Cnet, February 15, 2014

Cyber Privacy

Facebook Deal on Privacy Is Under Attack: SAN FRANCISCO — Despite a class-action settlement in August that was supposed to ensure that Facebook users clearly consent to their comments, images and “likes” being used in ads, it has been business as usual on the service. The New York Times, February 13, 2014

Cyber Warning

70 PERCENT OF ANDROID DEVICES EXPOSED FOR 93 WEEKS TO SIMPLE ATTACK: Android devices prior to version 4.2.1 of the operating system—70 percent of the phones and tablets in circulation—have been vulnerable to a serious and simple remote code execution vulnerability in the Android browser for more than 93 weeks. ThreatPost, February 18, 2014

TWO-FACTOR AUTHENTICATION VULNERABILITY IDENTIFIED IN WORDPRESS PLUGINS: Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin (duo_wordpress plugin) that could allow a user to bypass two-factor authentication (2FA) on a multisite network. ThreatPost, February 19, 2014

Security message from FORBES: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Forbes, February 2014

The New Normal: 200-400 Gbps DDoS Attacks: Over the past four years, KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet — a nearly 200 Gbps assault leveraging a simple attack method that industry experts say is becoming alarmingly common. KrebsOnSecurity, February 14, 2014

Cyber Security Management

How CFOs Can Face The Threat Of Cyber Crime: Cyber threats are a serious problem for businesses, and boards, investors and finance executives are sitting up and taking notice. Forbes, February 6, 2014

Cyber Security Management – Cyber Update

Adobe, Microsoft Push Fixes For 0-Day Threats: For the second time this month, Adobe has issued an emergency software update to fix a critical security flaw in its Flash Player software that attackers are already exploiting. Separately, Microsoft released a stopgap fix to address a critical bug in Internet Explorer versions 9 and 10 that is actively being exploited in the wild. KrebsOnSecurity, February 20, 2014

Cyber Security Management – Cyber Defense

Time to Harden Your Hardware?: Most Internet users are familiar with the concept of updating software that resides on their computers. But this past week has seen alerts about an unusual number of vulnerabilities and attacks against some important and ubiquitous hardware devices, from consumer-grade Internet routers, data storage and home automation products to enterprise-class security solutions. KrebsOnSecurity, February 18, 2014

Cyber Security Management – HIPAA

HEALTH CARE SYSTEMS POORLY PROTECTED, MANY ALREADY COMPROMISED: A new report from the SANS Institute warns that the push to digitize all health care records along with the emergence of HealthCare.gov and the general proliferation of electronic protected health information (ePHI) online will only exacerbate the security problems faced by those that store sensitive health care data. In other words, the report says, health care critical information assets are poorly protected and already compromised in many cases. ThreatPost, February 18, 2014

Securing the Village

Closing the cyber security threat intelligence gap: It’s no secret that one of the effects of the Edward Snowden revelations has been a slowdown in the effort to pass new cyber security legislation that facilitates information sharing between the government and the private sector. However, the need for cyber threat intelligence sharing is still vital, and with Congress sidelined, it’s going to take leadership from the nation’s corporate executives to make progress on this issue within the framework of our current laws. SC Magazine, February 18, 2014

National Cyber Security

Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses: WASHINGTON — The director of national intelligence acknowledged Tuesday that nearly a year after the contractor Edward J. Snowden “scraped” highly classified documents from the National Security Agency’s networks, the technology was not yet fully in place to prevent another insider from stealing top-secret data on a similarly large scale. The New York Times, February 11, 2014

Cyber Law

The Year Ahead in Privacy and Data Security: 2014 promises to be another eventful year in the privacy and data security fields. Although predictions are necessarily risky, there is little sign that the revelations regarding government surveillance will cease, that cyber criminals and insiders will stop hacking into personal and proprietary data and that the FTC and other regulatory authorities will stop focusing on companies’ privacy and security policies and practices. [Author Tim Toohey is a member of ISSA-LA Community Outreach Advisory Board.] Morris, Pollich & Purdy, January 27, 2014

Cyber Misc

Reporting From the Web’s Underbelly: SAN FRANCISCO — In the last year, Eastern European cybercriminals have stolen Brian Krebs’ identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner. The New York Times, February 17, 2014

Cyber-Calendar

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney; Roland Cloutier, CSO of ADP. For more information and to register, visit ISSA-LA.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 23, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Weekend Vulnerability and Patch Report, February 16, 2014

by Fred F. Farkel, Monday, February 17th, 2014

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Important Security Updates

Check Point Technologies Zone Alarm: Check Point has released version 12.0.121.000 of the Free version of Zone Alarm. Updates are available from Check Point’s website.

Dropbox: Dropbox has released version 2.6.10 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Microsoft Patch Tuesday: Microsoft released several updates addressing at least 31 security vulnerabilities, some of which are highly critical, in Microsoft Office, Internet Explorer, and more. Updates are available via Windows Update or from Automatic Update.

Mozilla Firefox: Mozilla has released version 27.0.1 of Firefox. Updates are available within the browser or from Mozilla’s website.

Opera: Opera has released version 19.0.1326.63. Updates are available from within the browser or from Opera’s website.

Current Software Versions

Adobe Flash 12.0.0.44 [Windows 7: IE]

Adobe Flash 12.0.0.44 [Windows 7: Firefox, Mozilla]

Adobe Flash 12.0.0.44 [Windows 8: IE]

Adobe Flash 12.0.0.44 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.10 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 27.0.1

Google Chrome 32.0.1700.107

Internet Explorer 11.0.9600.16518 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.13.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released updates for it Unified Communications Manager. Apply updates.

McAfee Firewall Enterprise: McAfee has released version 8.2.1 to its Firewall Enterprise (formerly Sidewinder Firewall) to fix an unpatched vulnerability in previous versions.

SonicWALL UMA EM5000: SonicWALL has released updates for its UMA EM5000 to fix a vulnerability reported in previous versions. Apply 7.1 SP2 or update to version 7.2.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, February 16, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Cyber Security News of the Week, February 16, 2014

by Fred F. Farkel, Monday, February 17th, 2014

Guest column by Citadel Information Group

Cyber Crime

Hackers circulate thousands of FTP credentials, New York Times among those hit: Hackers are circulating credentials for thousands of FTP sites and appear to have compromised file transfer servers at The New York Times and other organizations, according to a security expert. PC World, February 13, 2014

Criminals Control, Cash Out Bank’s ATM Machines: In what could be a sign of what’s ahead in ATM fraud, a highly sophisticated and well-funded criminal gang targeted an overseas bank and commandeered at least four of its ATM machines with malware-rigged USB sticks in order to empty them of cash. DarkReading, February 13, 2014

Silk Road 2.0 ‘Hack’ Blamed On Bitcoin Bug, All Funds Stolen: The same bug that has plagued several of the biggest players in the Bitcoin economy may have just bitten the Silk Road. Forbes, February 13, 2014

Email Attack on Vendor Set Up Breach at Target: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. KrebsOnSecurity, February 12, 2014

Experts warn of coming wave of serious cybercrime: The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cybercrime, as hackers become increasingly skilled at breaching the nation’s antiquated payment systems, experts say. Washington Post, February 9, 2014

Unveiling ‘The Mask’: Sophisticated malware ran rampant for 7 years: A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries. PC World, February 11, 2014

Cyber Attack

Attack on US Veterans Website May have Been Aimed At Military Members: IDG News Service — A cyberattack against the Veteran of Foreign Wars website, believed to have been initiated in China, may have sought to spy on U.S. military members, security company FireEye said Thursday. CIO, February 13, 2014

Cyber Privacy

Sidestepping the Risk of a Privacy Breach: This week, we reached the inevitable point in the controversy over the credit and debit card breaches where grim-faced retail executives from Target and Neiman Marcus, industry experts and consumer advocates turned up in Washington. They raised their hands and delivered well-rehearsed statements to our elected representatives. The New York Times, February 7, 2014

Identity Theft

Dogged by Data Theft: “What is stopping us from moving to this kind of technology?” asked a perplexed Senator Amy Klobuchar, Democrat from Minnesota. It was last Tuesday, and the Senate Judiciary Committee, on which Klobuchar sits, was holding a hearing about the recent breaches of Target and Neiman Marcus in which the data from tens of millions of credit and debit cards were stolen. The New York Times, Febraury 10, 2014

Keeping Swindlers Out of Your Bank and Brokerage Accounts: Data breaches at Target and Neiman Marcus were certainly scary. Personal information from tens of millions of people fell into the hands of cybercriminals. The New York Times, February 8, 2014

Cyber Warning

Bizarre attack infects Linksys routers with self-replicating malware: Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware. ars technica, February 13, 2014

New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated): Microsoft has confirmed reports of a recently active attack that surreptitiously installed malware on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9, the company warned. ars technica, February 13, 2014

CERTIFICATES SPOOFING GOOGLE, FACEBOOK, GODADDY COULD TRICK MOBILE USERS: Dozens of phony SSL certificates were discovered this week mocking legitimate certs from banks, e-commerce sites, ISPs and social networks. If a user stumbled over one of the bogus certificates on a mobile device it could put them at risk for a man-in-the-middle attack. ThreatPost, February 13, 2014

Instagram Bug Would Have Let Hackers Peek At Private Photos For At Least Last Six Months: If at any point before last Tuesday you suddenly found your private Instagram pics embarrassingly exposed to public perusal, Christian Lopez might be able to offer an explanation. Forbes, February 10, 2014

New Mac OS X Malware Steals Your Bitcoins: There’s a new piece of Mac malware that can spy on your web browser to steal your bitcoins. ReadWrite, February 10, 2014

Cyber Security Management

REALISTIC RISK ASSESSMENT KEY TO SECURITY MANAGEMENT: PUNTA CANA – Although it may not be the most thrilling part of a security team’s job, the idea of operational risk assessment and management is perhaps the most important aspect of organizational security. ThreatPost, February 10, 2014

How To Get The Most Out Of Risk Management Spend: Even with most security budgets growing or at least staying flat for 2014, no organization ever has unlimited funds for protecting the business. That’s where a solid risk management plan can be a lifesaver. DarkReading, January 24, 2014

The 7 best habits of effective security pros: It’s easy for security professionals who are passionate about their careers to get caught up in the technology, but success today requires a lot more than technical savvy. Here are the traits successful security pros say are needed to succeed. CSO, January 8, 2014

Cyber Security Management – Cyber Update

Security Updates for Shockwave, Windows: Adobe and Microsoft today each issued patches to fix critical security flaws in their software. Microsoft’s February Patch Tuesday includes seven patch bundles addressing at least 31 vulnerabilities in Windows and related software. Adobe pushed out an update that fixes two critical bugs in its Shockwave Player. KrebsOnSecurity, February 11, 2014

Cyber Security Management – Cyber Defense

Microsoft Offers Multifactor Authentication to All Office 365 Users: IDG News Service (Bangalore Bureau) — Microsoft is offering multifactor authentication free as an option to all users of its Office 365 suite, a hosted set of Microsoft Office tools and applications. CIO, February 11, 2014

Cyber Security Management – HIPAA

Healthcare Information Security: Still No Respect: More than a decade after publication of HIPAA’s security rule, healthcare information security officers still struggle to be heard. Information Week, Febraury 10, 2014

National Cyber Security

Feds Launch Cyber Security Guidelines For US Infrastructure Providers: The White House on Wednesday released the first version of its cyber security framework for protecting critical infrastructure. Critics say these voluntary guidelines enshrine the status quo. Information Week, February 12, 2014

NIST Framework Released to Widespread Praise, But What Happens Next?: Following a solid year of intensive work, the National Institute of Standards and Technology (NIST) released yesterday its “final” framework for improving critical infrastructure cybersecurity as mandated under a February 2013 executive order by President Obama. The 41-page document closely tracks, with some notable changes, the preliminary framework released by NIST in November. CIO, February, 13, 2014

Launch of the Cybersecurity Framework: Today the Obama Administration is announcing the launch of the Cybersecurity Framework, which is the result of a year-long private-sector led effort to develop a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity. The Framework is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that President Obama announced in the 2013 State of the Union. The White House, February 12, 2014

Cyber Law

FFIEC issues risk management guidance on social media: FFIEC issues risk management guidance on social media. Lexology, January 31, 2014

Cyber Sunshine

Florida Targets High-Dollar Bitcoin Exchangers: State authorities in Florida on Thursday announced criminal charges targeting three men who allegedly ran illegal businesses moving large amounts of cash in and out of the Bitcoin virtual currency. Experts say this is likely the first case in which Bitcoin vendors have been prosecuted under state anti-money laundering laws, and that prosecutions like these could shut down one of the last remaining avenues for purchasing Bitcoins anonymously. KrebsOnSecurity, February 7, 2014

Cyber Calander

ISSA-LA February Lunch Meeting: In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. Spamhaus gave us permission to talk about the details of the attack. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet’s infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here’s what the network needs to do in order to protect itself. ISSA-LA, Event Date: February 19, 2014

Cybersecurity Essentials for Business Professionals: Please join us in this free presentation where we will discuss essential issues that every entrepreneur and business professional must know about cybersecurity laws, guidelines, and protocols. This event will be moderated and conducted by Salar Atrizadeh, Esq., principal and founder of the Law Offices of Salar Atrizadeh. Also, Stan Stahl, Ph.D., President of Citadel Information Group and ISSA-LA, Brad Maryman, and Howard Miller will serve as panelists Law Offices of Salar Atrizadeh, Event Date: February 21, 2014

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 16, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Weekend Vulnerability and Patch Report, February 9, 2014

by Fred F. Farkel, Monday, February 10th, 2014

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Important Security Updates

Adobe Flash Player: Adobe has released updates for its Flash Player to fix an extremely critical vulnerability. Updates are available through the program or from Adobe’s Flash Web Site.

AVG Antivirus Free Edition: AVG has released version 2014.0.4335 (32-bit) of its Free Edition Antivirus. Updates are available through the program or from AVG’s website.

Dropbox: Dropbox has released version 2.6.8 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Google Chrome: Google has released version 32.0.1700.107 of Chrome for Windows, Mac, Linux and Chrome Frame to fix a highly critical vulnerability in previous versions. Updates are available through the program.

Microsoft Windows: Microsoft has released an update to several versions of Windows, including Windows 8.1 and Server 2012, to fix a highly critical vulnerability caused by the bundling of Adobe Flash Player within Internet Explorer. Updates are available through Windows Updates in the Control Panel.

Mozilla Firefox: Mozilla has released version 27.0 to fix at least 11 highly critical vulnerabilities in unpatched prior versions. Updates are available through the browser. Updates are also available for Thunderbird and SeaMonkey.

Opera: Opera has released version 19.0.1326.59. Updates are available from within the browser or from Opera’s website.

VLC Media Player: VLC has released version 2.1.3 (32-bit) of its Media Player. Download from the VLC website.

Current Software Versions

Adobe Flash 12.0.0.44 [Windows 7: IE]

Adobe Flash 12.0.0.44 [Windows 7: Firefox, Mozilla]

Adobe Flash 12.0.0.44 [Windows 8: IE]

Adobe Flash 12.0.0.44 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.8 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 27.0

Google Chrome 32.0.1700.107

Internet Explorer 11.0.9600.16476 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.13.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

None

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, February 9, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Cyber Security News of the Week, February 9, 2014

by Fred F. Farkel, Monday, February 10th, 2014

Guest column by Citadel Information Group

Cyber Crime

Penn. vendor confirms link to Target data probe: A western Pennsylvania heating and refrigeration contractor said it was the victim of a “sophisticated cyber attack operation” that is being investigated by the Secret Service and possibly linked to the data breach that enabled hackers to access millions of credit card numbers belonging to Target store customers. MPR News, February 7, 2014

Target Hackers Broke in Via HVAC Company: Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. KrebsOnSecurity, February 5, 2014

Heat System Called Door to Target for Hackers: SAN FRANCISCO — Investigators say they believe they have identified the entry point through which hackers got into Target’s systems, zeroing in on the remote access granted through the retailer’s computerized heating and cooling software, according to two people briefed on the inquiry. The New York Times, February 5, 2014

These Guys Battled BlackPOS at a Retailer: Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Target’s cash registers. KrebsOnSecurity, February 4, 2014

Hackers access 800,000 Orange customers’ data: Orange customers in France could see a spike in phishing attempts after hackers nabbed hundreds of thousands of customers’ unencrypted personal data in an attack on the operator’s website. ZDNet, February 3, 2014

Hotel Franchise Firm White Lodging Investigates Breach: White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013, KrebsOnSecurity has learned. KrebsOnSecurity, January 31, 2014

Cyber Attack

Thousands of visitors the the NHS Choices site bombarded with malware after a coding error let a Czech hacker in by the back door: Thousands of patients trying to access health advice on the NHS Choices website were bombarded with adverts and malware – potentially stealing personal information from their computers – due to a coding error yesterday. The Independent, February 3, 2014

Cyber Privacy

N.S.A. Program Gathers Data on a Third of Nation’s Calls, Officials Say: WASHINGTON — The National Security Agency’s once-secret program that is collecting bulk records of Americans’ domestic phone calls is taking in a relatively small portion of the total volume of such calls each day, officials familiar with the program said on Friday. The New York Times, February 7, 2014

Identity Theft

The Rise Of Medical Identity Theft In Healthcare: If modern technology has ushered in a plague of identity theft, one particular strain of the disease has emerged as most virulent: medical identity theft. Kaiser Health News, February 7, 2014

Target Vows to Speed Anti-Fraud Technology: WASHINGTON — A top executive of Target told a Senate committee on Tuesday that the company was accelerating plans to adopt a technology widely used in Europe but rare in the United States that reduces potential for credit card fraud, and lawmakers from both parties called on other businesses to do the same. The New York Times, February 4, 2014

File Your Taxes Before the Fraudsters Do: Jan. 31 marked the start of the 2014 tax filing season, and if you haven’t yet started working on your returns, here’s another reason to get motivated: Tax fraudsters and identity thieves may very well beat you to it. KrebsOnSecurity, February 3, 2014

Cyber Warning

Susan Tompor: Did your cell phone ring just once? Do not call back: If you see a missed cell phone call from an unknown number and call them back, hold on to your wallet before you get taken by yet another scam. Detroit Free Press, February 6, 2014

Hackers use a trick to deliver Zeus banking malware: Hackers found a new way to slip past security software and deliver Zeus, a long-known malicious software program that steals online banking details. PC World, February 3, 2014

Malicious Java app infects Mac, Linux systems with DDoS bot: Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered. PC World, February 1, 2014

Cyber Security Management

How to use Syrian Electronic Army attacks to improve security awareness: Recently, the authors have been called in to help companies handle attacks from the Syrian Electronic Army (SEA). Our first priority is to help contain the damage, figure out which accounts have been compromised that have not been used yet to cause damage, and clean things up. CSO, February 3, 2014

Cyber Security Management – Cyber Defense

Microsoft Takes to the Front Lines in the War on Cybercrime: The global cost of cybercrime in 2013 was estimated by McAfee to be upwards of $300 billion. One in five small businesses have now been on the receiving end of an attack and every day one million more individuals become victims of cyber-criminal activity. The internet is under attack, and we are the targets. Entrepreneur, February 6, 2014

Cyber Security Management – Cyber Update

Adobe Pushes Fix for Flash Zero-Day Attack: Adobe Systems Inc. is urging users of its Flash Player software to upgrade to a newer version released today. The company warns that an exploit targeting a previously unknown and critical Flash security vulnerability exists in the wild, and that this flaw allows attackers to take complete control over affected systems. KrebsOnSecurity, February 4, 2014

National Cyber Security

Snowden Used Low-Cost Tool to Best N.S.A.:WASHINGTON — Intelligence officials investigating how Edward J. Snowden gained access to roughly a huge trove of the country’s most highly classified documents say they have determined that he used inexpensive and widely available software to “scrape” the National Security Agency’s networks, and kept at it even after he was briefly challenged by agency officials. The New York Times, February 8, 2014

Senate cybersecurity report finds agencies often fail to take basic preventive measures: The message broadcast in several states last winter was equal parts alarming and absurd: “Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. . . . Do not attempt to approach or apprehend these bodies, as they are considered extremely dangerous.” The Washington Post, February 3, 2014

Cyber Misc

CYBER EXPERT: The Story Of A Reporter Getting Hacked In Sochi Is Completely False: On Wednesday, NBC News’ reporter Richard Engel gave a jarring report of just how bad the problem of hackers is in Sochi, reporting that his phone was hijacked “before we even finished our coffee.” Business Insider, February 6, 2014

Cyber Calendar

“Lunch Meeting – It Takes the Village to Secure the Village”: Dr. Stan Stahl, President of the Los Angeles Chapter of the Information Systems Security Association and President of Citadel Information Group presents. SOCALAFP, Event Date: February 14, 2014

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 9, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Weekend Vulnerability and Patch Report, February 2, 2014

by Fred F. Farkel, Monday, February 3rd, 2014

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

Important Security Updates

Google Chrome: Google has released version 32.0.1700.102 of Chrome for Windows, Mac, Linux and Chrome Frame to fix multiple highly critical vulnerabilities in previous versions. Updates are available through the program.

Opera: Opera has released version 19.00 to fix unpatched moderately critical vulnerabilities reported in a previously bundled version of Chromium. Updates are available from within the browser or from Opera’s website.

VLC Media Player: VLC has released version 2.1.2 (32-bit) of its Media Player to fix a highly critical vulnerability. Download from the VLC website.

Current Software Versions

Adobe Flash 12.0.0.38 [Windows 7: IE]

Adobe Flash 12.0.0.43 [Windows 7: Firefox, Mozilla]

Adobe Flash 12.0.0.38 [Windows 8: IE]

Adobe Flash 12.0.0.38 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.2 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 26

Google Chrome 32.0.1700.102

Internet Explorer 11.0.9600.16476 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.13.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco TelePresence Systems (CTS), Secure Access Control System (ACS), NX-OS, Video Surveillance 5000 Series, Identity Services Engine (ISE), WebEx Meeting and others.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, February 2, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

Cyber Security News of the Week, February 2, 2014

by Fred F. Farkel, Monday, February 3rd, 2014

Guest column by Citadel Information Group

Cyber Crime

Point-Of-Sale System Attack Campaign Hits More Than 40 Retailers: Another day, another point-of-sale (POS) breach revelation: Dozens of retailers have been infected with a family of malware that stole payment card and personal information from some 50,000 customers. DarkReading, January 30, 2014

Target traces security breach to stolen vendor credentials: Target’s investigation of the massive security breach which allowed hackers to take millions of credit and debit card numbers has revealed a stolen vendor’s credentials as a source of access. ZDNet, January 30, 2014

New Clues in the Target Breach: An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internalb network. KrebsOnSecurity, January 29, 2014

Microsoft Says Law Enforcement Documents Likely Stolen By Hackers:Social media and email accounts of some Microsoft employees were hit by phishing attacks, the company said. CIO, January 26, 2014

Sources: Card Breach at Michaels Stores: Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States. KrebsOnSecurity, January 25, 2014

Cyber Attack

Hackers attack Yahoo Mail accounts: Yahoo Mail was recently the target of a cyber-attack, the company revealed in a blog post Thursday. CNN, January 30, 2014

Hackers break into Israeli defence computers, says security company: Palestinians are suspected of being behind email attack on civil administration machines that monitor Israeli-occupied territory. The Guardian, January 27, 2014

EFF ACTIVISTS, JOURNALISTS HIT BY TARGETED MALWARE ATTACK: Phishing and malware attacks are among the more democratic and populist threats on the Internet. You don’t have to stand in the crowd in order to be targeted; the attackers will get to you sooner or later. But while most malware campaigns are aimed at the masses, attackers often save their best stuff for high-value targets, as a recent campaign targeting American journalists and activists from the EFF shows. ThreatPost, January 20, 2014

Cyber Privacy

Businesses gather more information than they need from consumers: Moira Hahn, like many consumers, always took it for granted that businesses wanted as much of her personal information as they could get. LA Times, January 30, 2014

Flipping the Switches on Facebook’s Privacy Controls: FACEBOOK is all about sharing. But if you value your privacy, using the service means deciding not only what you want to share, but also who gets to see it. The New York Times, January 29, 2014

U.S. Relaxes Some Data Disclosure Rules: WASHINGTON — The Obama administration says it will allow Internet companies to give customers a better idea of how often the government demands their information, but will not allow companies to disclose what is being collected or how much. The New York Times, January 27, 2014

Spy Agencies Tap Data Streaming From Phone Apps: When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spies could be lurking in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents. The New York Times, January 27, 2014

Cyber Warning

DAILYMOTION STILL INFECTED, SERVING FAKE AV MALWARE: More than three weeks after notifying video-sharing site DailyMotion that it was compromised, security company Invincea reports the popular website is still infected. Threatpost, January 31, 2014

Careful! Malicious FileZilla FTP Client Circulating Steals FTP Login Credentials: Looking for a solid and feature rich FTP client? FileZilla is one of the better ones out there, but surfer beware, malware writers have taken notice of the popular program and have decided to prey on individuals who aren’t super diligent with their downloading habits. In other words, be real careful when downloading the FileZilla FTP client because there are fake copies making the rounds that are coded to steal your FTP login credentials. Hot HardWare, January 28, 2014

Sync’n’steal: Hackers brew Android-targeting Windows malware: Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets. The Register, January 27, 2014

Cyber Security Management

Lack of stronger cyber security may cost world economy $3 trillion: Failure to boost cyber security could cost the world economy a staggering $3 trillion as new regulations and approaches to deal with destructive attacks would stifle innovation, says a report. Economic Times, January 20, 2014

Cyber Security Management – Cyber Defense

Chip-and-PIN Security Push To Pit Retailers Against Banks: While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system. DarkReading, January 30, 2014

Apple.com does more to protect your password, study of top 100 sites finds: Apple, Microsoft, Chegg, Newegg, and Target do the best job of safeguarding customer passwords, according to a comprehensive study of the top 100 e-commerce websites that also ranked Major League Baseball, Karmaloop, Dick’s Sporting Goods, Toys R Us, and Aeropostale as performing the worst. ars technica, January 24, 2014

The 25 worst passwords of 2013: “password” gets dethroned:“123456″ is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of “password.” CSO, January 20, 2014

National Cyber Security

N.S.A. Choice Is Navy Expert on Cyberwar: WASHINGTON — In nominating Vice Adm. Michael S. Rogers as the new director of the National Security Agency on Thursday, President Obama chose a recognized expert in the new art of designing cyberweapons, but someone with no public track record in addressing the kinds of privacy concerns that have put the agency under a harsh spotlight. The New York Times, January 30, 2014

Pentagon, GSA map out acquisition cybersecurity; tester finds issues remain: (Reuters) – The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year. Reuters, January 29, 2014

Cyber Career

Information security salaries set to rise in 2014: Salaries for information security professionals are set to rise across the board in the coming year as demand for people with skills in this sector increases. ComputerWeekly, January 30, 2014

Cyber Survey

Microsoft Maps Out Malware Haves And Have-Nots: Some countries suffer disproportionately from malware infections and cybercrime, and Windows XP could exacerbate the problem. Dark Reading, January 22, 2014

Cyber Sunshine

Feds to Charge Alleged SpyEye Trojan Author: Federal authorities in Atlanta today are expected to announce the arrest and charging of a 24-year-old Russian man who allegedly created and maintained the SpyEye Trojan, a sophisticated botnet creation kit that has been implicated in a number of costly online banking thefts against businesses and consumers. KrebsOnSecurity, January 28, 2014

Suspected email hackers for hire charged in four countries: Eleven people were charged in the U.S., India, China and Romania for their suspected involvement with websites offering email hacking services. PC World, January 27, 2014

Revenge-porn king Hunter Moore indicted on 7 counts of aggravated identity theft: Hunter Moore, king of revenge porn, aka “the most hated man on the internet”, he who claims to have slept well in spite of posting nude or sexually explicit photos without victims’ permission, was indicted on Thursday by a federal grand jury. NakedSecurity, January 27, 2014

Cyber Calender

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 2, 2014 appeared first on Citadel Information Group.

Read More | Comments Off

	Like us on Facebook	Follow us on Twitter	+1 us on Google+	Connect with us on Linkedin
The IT Summit \| 3300 NW 185th, Suite 77, Portland, OR 97229 \| Contact Us \| Phone: 503/828-0294 Copyright © 2004-2016 “The IT Summit” / TheITSummit.com – All Rights Reserved.