Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, April 14, 2013
by Fred F. Farkel, Monday, April 15th, 2013


Guest column by Citadel Information Group

ISSA-LA – Securing the Village

HP Cyber Security Strategist Rafal Los to Speak at ISSA-LA Annual Information Security Summit: Information security expert Rafal Los to discuss unattainable total security versus defensibility strategies at the LA Chapter of the Information Systems Security Association Fifth Annual Information Security Summit on Wednesday, May 21, 2013. PR Log, April 8, 2013

Cyber Security Management

Three Rules for Password Sanity: Let’s start with the obvious. We all hate passwords.Citadel Information Group, April 11, 2013

Closing the Door on Hackers: For most of my teenage years, I made a hobby of hacking into some of the world’s largest government and corporate computer systems. I was “lucky” enough to be raided by the F.B.I. when I was 17 years old. After that wake-up call, I eventually started a software security company and now find myself helping to plug security holes, not exploit them. The New York Times, April 4, 2013

Cyber Security Management – Cyber Defense

Non-Microsoft vulnerabilities account for 86% of vulnerabilities in the most popular programs: Copenhagen, Denmark, March 14th, 2013: 86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or “third-party”) programs. The result was published today in the Secunia Vulnerability Review 2013. Secunia is a leading provider of IT security solutions that enable management and control of vulnerability threats. The Secunia Vulnerability Review 2013 analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective. Secunia, March 14, 2013

Cyber Security Management – Cyber Warning

Brute Force Attacks Build WordPress Botnet: Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers. KrebsOnSecurity, April 12, 2013

Angry Birds impersonated to distribute malware: As part of Netcraft’s ongoing work in providing anti-fraud and anti-phishing services, we have recently discovered a significant number of Russian language attacks targeting users of popular pieces of software, including well known brands such as Angry Birds. This type of attack can be particularly successful as it exploits a user’s trust in a brand. Malicious downloads for Android phones are becoming an increasingly common attack vector. Netcraft, April 12, 2013

Hackers Turn a Canon EOS Camera Into a Remote Surveillance Tool: IDG News Service – The high-end Canon EOS-1D X camera can be hacked for use as a remote surveillance tool, with images remotely downloaded, erased and uploaded, a researcher said during the Hack in the Box security conference in Amsterdam on Wednesday. CIO, April 10, 2013

Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates: UPDATE – In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago. ThreatPost, April 9, 2013

Serious Vulnerabilities Found in Popular Home Wireless Routers: Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere. ThreatPost, April 8, 2013

Cyber Security Management – Cyber Update

Microsoft: Hold Off Installing MS13-036: Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system. The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying the update. KrebsOnSecurity, April 12, 2013

Critical Fixes for Windows, Flash & Shockwave: The second Tuesday of the month is upon us, and that means it’s once again time to get your patches on, people (at least for readers running Windows or Adobe products). Microsoft today pushed out nine patch bundles to plug security holes in Windows and its other products. Separately, Adobe issued updates for its Flash and Shockwave media players that address four distinct security holes in each program. KrebsOnSecurity, April 9, 2013

Cyber Crime

Video Service Vudu Resets Users’ Passwords After Burglars Steal Its Hard Drives: In an age of daily hacker breaches, Vudu just revealed it’s been the victim of an often-forgotten sort of data theft: The physical kind. Forbes, April 9, 2013

Cyber Attack

Israel Says It Repelled Most Attacks on Its Web Sites by Pro-Palestinian Hackers:JERUSALEM – A loose international coalition of pro-Palestinian computer hackers threatened to carry out what it called “a massive cyberassault” against Israel on Sunday, but the campaign created mostly minor disruptions, and the Israeli government said that as of midday its Web sites were still accessible to the public. The New York Times, April 7, 2013

Online Bank Fraud

Fraud Awareness: A Banking Case Study: New and proposed FFIEC guidance for fraud prevention and social media spurred Bank of the West in March to launch a viral campaign aimed at fraud awareness. What are the campaign’s key elements?BankInfoSecurity, April 1, 2013

Identity Theft

SEC adopts identity theft rule in first act by new chairman: WASHINGTON – Stock brokerages, mutual funds and investment advisers will be required to establish programs to help detect identity theft under new rules adopted by U.S. securities regulators on Wednesday. Fox Business, April 10, 2013

IRS takes steps to combat identity theft: WASHINGTON (AP) – The 2014 budget proposal to be released by the White House on Wednesday will include new steps to combat what the Internal Revenue Service says is an exponential growth in tax refund-related identity theft. US News, April 9, 2013

Cyber Underworld

Phoenix Exploit Kit Author Arrested In Russia?: The creator of a popular crimeware package known as the Phoenix Exploit Kit was arrested in his native Russia for distributing malicious software and for illegally possessing multiple firearms, according to underground forum posts from the malware author himself. KrebsOnSecurity, April 8, 2013


Your Facebook Friends May be Evil Bots: How safe is your online social network? Not very, as it turns out. Your friends may not even be human, but rather bots siphoning off your data and influencing your decisions with convincing yet programmed points of view. CIO, April 8, 2013

The 5 Biggest Online Privacy Threats of 2013: Your online life may not seem worth tracking as you browse websites, store content in the cloud, and post updates to social networking sites. But the data you generate is a rich trove of information that says more about you than you realize-and it’s a tempting treasure for marketers and law enforcement officials alike. April 8, 2013

National Cyber Security

Obama Budget Outlines Federal CyberSecurity Spending: The Obama Administration’s budget calls for more military hackers patrolling cyberspace and repelling attacks from nation-states such as Iran and China, or rogue actors around the world. PCMag, April 12, 2013

McConnell: Cybersecurity framework will reduce risk, but not ‘fix the problem’: The cybersecurity executive order signed by President Obama in February calls for a cybersecurity framework and public-sector partnership with critical infrastructure, but Bruce McConnell, senior counsel for cyber at the National Protection and Programs Directorate of the Homeland Security Department says neither will “fix the problem.”FierceGovernmentIT, April 8, 2013

Arming for Virtual Battle: The Dangerous New Rules of Cyberwar: Now that wars are also being fought on digital battlefields, experts in international law have established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond to a cyber attack with military means in the future? Spiegel International, April 4, 2013

Cyber Career

Security Job Market ‘Rocking,’ But Pressures Rise: Security continues to be information technology’s hottest necessary evil, but the pressures of doing more with less are starting to wear on professionals. DarkReading, April 9, 2013

Cyber Miscellaneous

Researcher Says He’s Found Hackable Flaws In Airplanes’ Navigation Systems (Update: The FAA Disagrees): Here’s an uncomfortable image to keep in mind during your next flight: A rogue hacker who can redirect planes at will with the touch of an Android phone’s screen. Forbes, April 10, 2013

Cybersecurity lobbying doubled in 2012: Cybersecurity was in the headlines practically every day last year, grabbing the attention of lawmakers – and lobbyists. CNN, Aprul 8, 2013

WikiLeaks’ ‘PLUS D’ Aims To Digitize America’s Secret Diplomatic History: Not so long ago, WikiLeaks represented the world’s most radical group of investigative journalists. Lately, Julian Assange’s organization has been acting more like radical librarians.Forbes, April 7, 2013

Cyber Sunshine

LulzSec Hackers Plead Guilty to Hacks on Nintendo, Sony, More: Three members of LulzSec today pleaded guilty to a computer hacking campaign that targeted many high-profile firms. PCMag, April 9, 2013

Securing the Village – Events Calendar

ISSA-LA April Lunch Meeting; April 17, 2013. For more information and to register, visitISSA-LA.

Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk – It Takes the Village to Secure the Village SM – Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user’s computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, April 14, 2013

Comments are closed.