Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, April 6, 2014
by Fred F. Farkel, Monday, April 7th, 2014


Guest column by Citadel Information Group

Cyber Crime

U.S. States Investigating Breach at Experian: An exclusive KrebsOnSecurity investigation detailing how a unit of credit bureau Experian ended up selling consumer records to an identity theft service in the cybercrime underground has prompted a multi-state investigation by several attorneys general, according to wire reports. KrebsOnSecurity, April 3, 2014

Cyber Privacy

Yahoo Protects Users with Lots More Encryption: We were thrilled to hear today that Yahoo is carrying through a concerted effort to protect users across its sites and services by rolling out routine encryption in several parts of its infrastructure. The company’s statement announced that, among other things, it now encrypts traffic between its data centers, makes secure HTTPS connections the default for some web sites, and has turned on encryption for mail delivery between Yahoo Mail and other email services that support it (like Gmail). Electronic Frontier Foundation, April 2, 2014

Sweeping Away a Search History: YOUR search history contains some of the most personal information you will ever reveal online: your health, mental state, interests, travel locations, fears and shopping habits. The New York Times, April 2, 2014

How the NSA Used a ‘Loophole’ to Spy on Americans: The Obama administration’s top intelligence official has confirmed that the National Security Agency intentionally spied on the communications of Americans under a law intended to apply only to foreigners. NationalJournal, April 1, 2014

SECOND NSA CRYPTO TOOL FOUND IN RSA BSAFE: A team of academics released a study on the maligned Dual EC DRBG algorithm used in RSA Security’s BSafe and other cryptographic libraries that includes new evidence that the National Security Agency used a second cryptographic tool alongside Dual EC DRBG in Bsafe to facilitate spying. ThreatPost, March 31, 2014

Financial Fraud

Android Botnet Targets Middle East Banks: I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages. KrebsOnSecurity, April 2, 2014

Account Takeover: Bank Faces Two Suits: Two lawsuits filed against a California bank in the aftermath of account takeover incidents dating back to 2012 and 2013 raise questions about how banking institutions should respond when suspicious account activity occurs. BankInfoSecurity, April 2, 2014

Identity Theft

Is identity-theft insurance a waste of money?: Consumers these days are more worried about fending off hackers than pickpockets. Companies are capitalizing on these fears by pitching the digital-age equivalent of a can of Mace: ID theft insurance. MarketWatch, March 31, 2014

Cyber Threat

Advanced Attacks Are The New Norm, Study Says: According to the Websense 2014 Threat Report, most malicious exploits now are advanced and targeted. DarkReading, April 4, 2014

RESEARCHER IDENTIFIES POTENTIAL SECURITY ISSUES WITH TESLA S: The current move by auto makers to stuff their vehicles full of networked devices, Bluetooth radios and WiFi connectivity has not gone unnoticed by security researchers. Charlie Miller and Chris Valasek spent months taking apart–literally and figuratively–a Toyota Prius to see what vulnerabilities might lie inside; and they found plenty. Now, another researcher has identified a number of issues with the security of the Tesla S, including its dependence upon a weak one-factor authentication system linked to a mobile app that can unlock the car remotely. ThreatPost, March 31, 2014

‘Thingularity’ Triggers Security Warnings: The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure? DarkReading, March 28, 2014

Cyber Warning

End of Windows XP Support Means Added Opportunity for Hackers: Microsoft is counting down to the end of an era. On April 8, the company officially washes its hands of Windows XP, an operating system introduced in 2001 that comprises 45 million lines of code. You can watch the clock tick down in slightly eerie fashion, green boxes on a purple background, on Microsoft’s website, which also gives some pithy advice on what this means: “It means you should take action.” BusinessWeek, April 4, 2014

Most sophisticated Android malware yet has already infected millions: Android is still the most targeted mobile platform out there in terms of mobile malware, considering the reports that keep detailing ways that hackers can take advantage of it for malicious purposes. But in most cases it’s Android users from certain regions of the world who are affected, because Google’s standard Android services aren’t available. A new report from The Hacker News details some new Android malware that may be the biggest threat to the operating system to date, and it may have already infected millions of devices. BGR, April 4, 2014

Tech Start-Ups Are Targets of Ransom Cyberattacks: Scott Heiferman and Gary Burns had less than four minutes to decide whether to pay up or go down. The New York Times, April 2, 2014

Who’s Behind the ‘BLS Weblearn’ Credit Card Scam?: A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called “BLS Weblearn” is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years. KrebsOnSecurity, March 31, 2014

WIFI BUG PLAGUES PHILIPS INTERNET-ENABLED TVS: UPDATE — Some versions of Philips’ internet-enabled SmartTVs are vulnerable to cookie theft and a mélange of other tricks that abuse a lax WiFi setting. ThreatPost, March 28, 2014

Fraudsters use BBC real news as bait to steal users’ identity: PandaLabs, the antimalware laboratory of Panda Security, The Cloud Security Company, today released a warning of a new malicious spam campaign making use of a story on the reputable BBC News website to add credence to the phishing attempt. DarkReading, March 26, 2014

Cyber Security Management

Incident Response Now Shaping Security Operations: How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data — and the corporate image. DarkReading, March 28, 2014

Cyber Security Management — HIPAA

Electronic Health Record Tracking System Fails to Gain Federal Support: Health information technologies such as smartphone-based ultrasound and electronic health records should be regulated according to the risk they present to patients, per a proposed strategy rolled out Thursday by three federal agencies. The report, which is still subject to public comment, did not call for an extension of regulatory power for the agencies. Instead it emphasized the need for voluntary collaboration and planning by public-private partners. “Nongovernmental, independent programs to perform conformity assessments should be developed to fill current gaps,” it recommended. “The Agencies view this strategy rather than a formal regulatory approach as the appropriate method for advancing conformity assessments.” Scientific American, April 4, 2014

Cyber Security Management — Critical Infrastructure

New Federal Rule Requires Banks to Fight DDoS Attacks: Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week. CIO, April 4, 2014


ISSA-LA Donates $25,000 for Nonprofits to Attend the Sixth Annual Information Security Summit on Cybercrime Solutions: The Los Angeles Chapter of the Information Systems Security Association has created a donation fund of up to $25,000 for 100 free registrations to IT personnel of nonprofits to attend the Sixth Annual Information Security Summit. PRWeb, March 19, 2014

Securing The Village

TEDx Birmingham: Call the police on cybercrime: Cybercrime is a crime, but the police are rarely called because of the difficulty in prosecution. A TEDx Birmingham presentation focused on this topic. TechRepublic, April 1, 2014

Cyber Misc

5-Year-Old Finds Xbox One Password Bug: Watch Dogs, eat your heart out. An industrious little hacker – well, a 5-year-old kid – named Kristoffer Von Hassel found a fairly ingenious way to bypass security restrictions on the Xbox One. PCMag, April 4, 2014

Middle school team of cybersecurity whiz kids from Torrance wins national competition: A team of South Bay middle school students won first place over the weekend in the national championship round of CyberPatriot VI — a race-against-the-clock game of identifying and disabling cyberthreats. DailyBreeze, March 31, 2014

Students hack Waze, send in army of traffic bots: Two Israeli students have successfully hacked popular social GPS map and traffic app Waze, causing it to report a nonexistent traffic jam. Wired, March 25, 2014

Nakamoto’s Neighbor: My Hunt For Bitcoin’s Creator Led To A Paralyzed Crypto Genius: Hal Finney’s light brown eyes are pointed down. I’ve just asked him if he was involved in the creation of Bitcoin. The 57-year-old man’s almost imperceptible eye movement is his only way of telling me that he was not, and that I’ve spent the last week caught in the same futile windmill-tilting that has ensnared so many other reporters trying to solve the puzzle of Bitcoin’s mysterious creator known only as Satoshi Nakamoto. Forbes, March 25, 2014

Cyber Sunshine

Two U.S. hackers admit to international cyber crime in N.J. court: (Reuters) – Two American men said to belong to an international cyber crime ring admitted hacking into accounts at banks, brokerage firms and government agencies in an attempt to steal some $15 million, New Jersey authorities said on Tuesday. Reuters, April 1, 2014

Cyber Calendar

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman, Founder & iCEO, WhiteHat SecurityMarcus RanumCSO, Tenable; Marc MaiffretCTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira WinklerISSA International PresidentAndrea HoyISSA International Vice-President. For more information and to register, visit ISSA-LA.

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, April 6, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, April 6, 2014

Comments are closed.