Cyber Attack

Dutch DNS server ‘hack’: Thousands of sites serve up malware: Thousands of Dutch websites served up malware this week after what was initially thought to be a DNS server hack at SIDN, the Dutch administrator of the .nl domain extension. ZDNet, August 9, 2013

Cyber Crime

‘Possible’ loss of user information in Crytek security breach: Crytek took down four of its websites due to “suspicious activity” over the weekend. According to a statement from Crytek, the security breach “may have resulted in some users’ login data being compromised.” Joystiq, August 5, 2013

Cyber Crime – Online Bank Fraud

$1.5 million Cyberheist Ruins Escrow Firm: A $1.5 million cyberheist against a California escrow firm earlier this year has forced the company to close and lay off its entire staff. Meanwhile, the firm’s remaining money is in the hands of a court-appointed state receiver who is preparing for a lawsuit against the victim’s bank to recover the stolen funds. KrebsOnSecurity, August 7, 2013

Cyber Privacy

Encryption App Silent Circle Shuts Down E-Mail Service ‘To Prevent Spying’: The business of protecting consumers from prying government eyes has suddenly become a pre-emptive one for Silent Circle. The communications encryption firm said Friday that it was shutting down its e-mail service to prevent spying, a day after competitor Lavabit suspended its core email service. Lavabit’s founder had suggested in a letter to customers that he had been the subject of a U.S. government investigation and gag order. Forbes, August 9, 2013

President Moves to Ease Worries on Surveillance: President Obama on Friday sought to take control of the roiling debate over the National Security Agency’s surveillance practices, releasing a more detailed legal justification for domestic spying and calling for more openness and scrutiny of the N.S.A.’s programs to reassure a skeptical public that its privacy is not being violated. The New York Times, August 9, 2013

N.S.A. Said to Search Content of Messages to and From U.S.:  The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.The New York Times, August 8, 2013

Cyber Warning

Google Play store suffers from malware: (MoneyWatch) Is there a risk of malware on mobile phones? In general, the answer has been “yes, but it’s not a serious concern.” As time goes on, though, the risk appears to be increasing. CBS News, August 9, 2013

Blogs, Other Content Management Sites Targeted by Password Thieves:  Brute force attacks to pry login credentials from content management sites like blogs have been growing as more data robbers use a short-term gain for a bigger pay-off later on. CSO, August 8, 2013

Cyber Security Management

Database security: Protecting the company’s crown jewels: Dr. Stahl Quoted For network crackers, state-sponsored attackers, criminal hackers and politi- cal hacktivists, there are few goals more coveted than to breach a target’s corporate database. Attackers looking for confidential data, personal information, financial records, intellectual property or other marketable data know that the proverbial golden goose lies at the center of myriad network moats, fire- walls, authentication servers, honey pots, false breadcrumbs and sink holes. SC Magazine, August 2013

Organizations ignore social media when it comes to business continuity planning: New study finds while many organizations are incorporating business continuity management into their risk program, they are still failing to use social media channels as part of their plan CSO, August 8, 2013

Securing the Village

FBI’s New iGuardian Portal Aims to Ease Cybercrime Reporting: An online portal launched by the FBI to gather information about cyber threats from companies could be an important step in fighting cyber crime, but information sharing between government and private industry remains a challenge, according to security pros. CIO, August 5, 2013

Critical Infrastructure

White House to offer companies cybersecurity incentives: With incentives, the government aims to entice power utilities, water infrastructure, and transportation networks to sign onto its upcoming Cybersecurity Framework. CNet, August 6, 2013

Cyber Underworld

Anatomy Of A Russian Cybercrime Ecosystem Targeting Android: DEF CON 21 – Las Vegas – Ten Russia-based crime gangs are behind the majority of text-messaging toll fraud campaigns that can net affiliate marketers of the scams up to $12,000 a month, researchers said here yesterday. DarkReading, August 3, 2013

Cyber Misc

Update: Researchers say Tor-targeted malware phoned home to NSA: Malware planted on the servers of Freedom Hosting-the “hidden service” hosting provider on the Tor anonymized network brought down late last week-may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA). ArsTechnica, August 5, 2013

Firefox Zero-Day Used in Child Porn Hunt?: A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser – an online anonymity tool powered by Firefox 17. KrebsOnSecurity, August 4, 2013

MIT Students Release Program To 3D-Print High Security Keys: When lock maker Schlage imprinted the words “do not duplicate” across the top of the keys for their high-security Primus locks, they meant to create another barrier to reproducing a piece of metal that’s already beyond the abilities of the average hardware store keymaker. One group of hackers, of course, took it instead as a direct challenge.Forbes, August 3, 2013

Cyber Sunshine

Latvia to extradite cyber-crime suspect to US: Latvia has agreed to extradite a programmer to the United States to stand trial for his alleged role in a global cyber-theft ring that broke into a million computers. Aljazeera, August 6, 2013

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.