Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Attack

Washington Post Site Hacked After Successful Phishing Campaign: The Washington Post acknowledged today that a sophisticated phishing attack against its newsroom reporters led to the hacking of its Web site, which was seeded with code that redirected readers to the Web site of the Syrian Electronic Army hacker group. According to information obtained by KrebsOnSecurity, the hack began with a phishing campaign launched over the weekend that ultimately hooked one of the paper’s lead sports writers. KrebsOnSecurity, August 15, 2013

Syrian Electronic Army hacks Washington Post Web site: The Washington Post’s Web site was disrupted Thursday morning by a hacker group sympathetic to Syrian President Bashar al-Assad that apparently launched a coordinated wave of attacks on American news outlets. The Washington Post, August 15, 2013

Source: New York Times Website Hit by Cyber Attack: The corporate and media sites of The New York Times (NYT) experienced a lengthy outage on Wednesday that a source close to the matter said appeared to be caused by a cyber attack, although the newspaper cited a scheduled maintenance update. Fox News, August 14, 2013

Cyber Privacy

N.S.A. Often Broke Rules on Privacy, Audit Shows: WASHINGTON – The National Security Agency violated privacy rules protecting the communications of Americans and others on domestic soil 2,776 times over a one-year period, according to an internal audit leaked by the former N.S.A. contractor Edward J. Snowden and made public on Thursday night. The New York Times, August 16, 2013

Baby Monitor Hack Highlights Manufacturers’ Security Shortfalls: CSO – The frightening experience of a Texas couple who discovered their toddler’s baby monitor had been hacked by an apparently demented man showcases the serious security lapses in consumer electronics, experts say. CSO, August 15, 2013

Identity Theft

Hackers Hit Energy Department – Again: The U.S. Department of Energy notified employees via an email Wednesday that hackers gained personal information, such as names and Social Security numbers, of 14,000 current and former agency employees as the result of a hack that occurred in late July. This is the second attack this year that involved a breach of employee data. The Wall Street Journal, August 15, 2013

Online Bank Fraud

71 Percent of U.S. Adults Would Change Banks If Hit by Fraud: According to the results of a recent Entersekt survey, 71 percent of U.S. adults would be at least somewhat likely to change banks if they became a victim of online banking fraud at their current bank (h/t Softpedia). eSecurity Planet, July 22, 2013

Cyber Warning

Android Malware Being Delivered Via Ad Networks: Attackers are using mobile ad network software installed on smartphones to push malicious JavaScript and take control of devices. InformationWeek, August 13, 2013

XP’s retirement will be hacker heaven: Hackers will bank bugs until after Microsoft retires Windows XP in April 2014; expect attacks, say security experts. ComputerWorld, August 12, 2013

Android Trojan Banking App Targets Master Key Vulnerability: Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly? InformationWeek, August 6, 2013

Cyber Security Management

PCI DSS 3.0 Change Highlights: WAKEFIELD, Mass., 15 August 2013 – Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards published PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) 3.0 Change Highlights as a preview of the new version of the standards coming in November 2013. The changes will help companies make PCI DSS part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility. DarkReading, August 15, 2013

Cyber Security Management – Cyber Update

Microsoft Patches Plug 23 Security Holes: Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in its Windows operating systems and other software. Three of the patch bundles released today address flaws rated “critical,” meaning that malware or miscreants can use them to break into Windows PCs without any help from users. KrebsOnSecurity, August 13, 2013

Cyber Security Management – Cyber Insurance

On Alert Against Cybercrime: Cybersecurity was something Ciena Corp.’s chief financial officer could usually delegate when he joined the network provider six years ago. Now, he spends as much as 10% of his time making sure Ciena and its technologies are protected from hackers, cutthroat competitors and other potential cybercriminals. The Wall Street Journal, August 13, 2013

Critical Infrastructure

Chinese Hacking Team Caught Taking Over Decoy Water Plant: A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday. MIT Technology Review, August 2, 2013

Cyber Underworld

An Interview With A Digital Drug Lord: The Silk Road’s Dread Pirate Roberts (Q&A): Most black market drug lords don’t give interviews. But the Dread Pirate Roberts isn’t most drug lords. His website, the Silk Road, is designed to allow anyone to buy and sell drugs with the crypto-currency Bitcoin, using the anonymity software Tor to protect their identity. And those same anonymity protections have made Roberts confident enough in his security that he’s even been willing to write about his illicit business under his pseudonym on Silk Road’s user forums and even give short comments to reporters in the past. Forbes, August 14, 2013

Buying Battles in the War on Twitter Spam: The success of social networking community Twitter has given rise to an entire shadow economy that peddles dummy Twitter accounts by the thousands, primarily to spammers, scammers and malware purveyors. But new research on identifying bogus accounts has helped Twitter to drastically deplete the stockpile of existing accounts for sale, and holds the promise of driving up costs for both vendors of these shady services and their customers. KrebsOnSecurity, August 14, 2013

Cyber Research

CRACKING CRYPTO JUST GOT A LITTLE EASIER: Starting with the Black Hat conference, researchers, engineers and hackers have been unveiling new weaknesses and attacks in different cryptographic implementations that threaten the security of communication and commerce on the Web. ThreatPost, August 15, 2013

Remotely Assembled Malware Blows Past Apple’s Screening Process: Mystery has long shrouded how Apple vets iPhone, iPad, and iPod apps for safety. Now, researchers who managed to get a malicious app up for sale in the App Store have determined that the company’s review process runs at least some programs for only a few seconds before giving the green light. MIT Technology Review, August 15, 2013

Cyber Misc

Disruptions: As New Targets for Hackers, Your Car and Your House: Imagine driving on the freeway at 60 miles per hour and your car suddenly screeches to a halt, causing a pileup that injures dozens of people. Now imagine you had absolutely nothing to do with the accident because your car was taken over by hackers. The New York Times, August 11, 2013

A Travel-Hack Mystery: How Can You Redeem Stolen Airline Miles?: Hackers love credit card numbers, sure, but frequent flier miles? US Airways (LCC) is notifying some members of its Dividend Miles loyalty program that miles have been stolen from some 7,700 compromised accounts. The breach was discovered on July 12, the airline said in a regulatory filing mandated under a North Carolina identity-protection law. US Airways’s largest hub is in Charlotte. Bloomberg, August 9, 2013

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.