Guest column by Citadel Information Group

Cyber Crime

Sandwich Chain Jimmy John’s Investigating Breach Claims: Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation. KrebsOnSecurity, July 31, 2014

Hackers stealing more sexual photos for extortion: The e-mail terrified the young mother. “What if I told you I had pics of you?” the writer asked. “Like a lot. Would you send me more?” SFGate, July 27, 2014

‘The Expendables 3’ Pirated by Hackers Three Weeks Before its Release: The action movie The Expendables 3, which officially premieres on August 15, has been pirated by hackers three weeks before its release. The film somehow leaked online and it has been downloaded over 189,000 times in just 24 hours through piracy websites. The lead cast members of the film include Wesley Snipes, Mel Gibson, Sylvester Stallone, Kelsey Grammer, Ronda Rousey, Jet Li, Jason Statham, Arnold Schwarzenegger, Antonio Banderas, Dolph Lundgren and Harrison Ford. Liberty Voice, July 26, 2014

Cyber Privacy

How to Invent a Person Online: On April 8, 2013, I received an envelope in the mail from a nonexistent return address in Toledo, Ohio. Inside was a blank thank-you note and an Ohio state driver’s license. The ID belonged to a 28-year-old man called Aaron Brown—6 feet tall and 160 pounds with a round face, scruffy brown hair, a thin beard, and green eyes. His most defining feature, however, was that he didn’t exist. TheAtlantic, July 23, 2014

3 Projects Prove Privacy Is Not Dead: Web and mobile phone users willingly share personal data in exchange for free stuff, but not everyone is ready to throw in the towel on privacy. Scientific American, July 22, 2014

Financial Cyber Security

Source code for tiny ‘Tinba’ banking malware leaked: The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark. PC World, July 10, 2014

Cyber Warning

Every USB Device Under Threat. New Hack Is Undetectable And Unfixable: It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality. Forbes, August 1, 2014

Checking In From Home Leaves Entry for Hackers: SAN FRANCISCO — The same tools that help millions of Americans work from home are being exploited by cybercriminals to break into the computer networks of retailers like Target and Neiman Marcus. The New York Times, July 31, 2014

Zero-day flaws found in Symantec’s Endpoint Protection: Symantec’s Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company. PCWorld, July 29, 2014

Critical Android vulnerability lets malware compromise most devices and apps: The majority of Android devices currently in use contain a vulnerability that allows malware to completely hijack installed apps and their data or even the entire device. PCWorld, July 29, 2014

The Internet of Things Is the Hackers’ New Playground: Excited about the promise of the shiny new Internet of Things? Good. Because hackers are too. Or at least they should be, according to a study by computing giant Hewlett-Packard. Recode, July 29, 2014

Cyber Security Management

Board interest in information security principles growing: Corporate boards have increased their awareness of security issues, but experts say they still lack information security principles. SearchSecurity, July 29, 2014

Five Tips for Preventing Cyber-Security Breaches: Before looking at vendor solutions to protecting data, CFOs need to put some thought into which information to safeguard. CFO, July 28, 2014

Cyber-Risk Oversight Handbook: Leading companies view cyber risks in the same way they do other critical risks—in terms of a risk-reward trade off. This is especially challenging in the cyber arena for two reasons. First, the complexity of cyber threats has grown dramatically. Corporations now face increasingly sophisticated events that outstrip traditional defenses. As the complexity of these attacks increases, so does the risk they pose to corporations. As noted above, the potential effects of a data breach are expanding well beyond information loss to include significant damage in other areas. Second, competitive pressures to deploy increasingly cost-effective business technologies often affect resource investment calculations. These two competing pressures on corporate staff and business leaders mean that conscientious and comprehensive oversight at the board level is essential. NACD, June 10, 2014

The Many Lives of PII: How many definitions could there be for one short phrase? I am not talking about Pi, the mathematical term and lead character in Yann Martel’s imaginative novel (which Ang Lee made into a movie), but “PII,” an acronym for the legal concept of “personally identifiable information.” DataNeutrality.org, 2014

Cyber Security Management – Cyber Defense

‘Backoff’ Malware: Time To Step Up Remote Access Security: DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches. DarkReading, August 1, 2014

Cyber Espionage

Canada: Chinese Hackers Infiltrated Government Org: Chinese hackers infiltrated the computer systems of Canada’s top research and development organization, the Canadian government said Tuesday. ABC News, July 29, 2014

Cyber Law

Massachusetts Continues Aggressive Information Security Enforcement Agenda: On July 23, 2014, the Massachusetts Attorney General announced a consent judgment with Women & Infant’s Hospital of Rhode Island (“WIH”) to resolve allegations that it violated federal and state information security laws when it lost backup tapes. The backup tapes, allegedly containing sensitive personal information and protected health information of 12,127 Massachusetts residents, were not encrypted. As a result of the consent judgment, WIH will pay a civil penalty of $110,000, attorney fees of $25,000, and contribute $15,000 to funds organized by the Attorney General to support data security enforcement actions and education on the protection of sensitive personal information. Information Lawgroup, July 25, 2014

SECURITY BREACH NOTIFICATION CHART: Perkins Coie’s Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each state’s sometimes unique security breach notification requirements. Lawyers, compliance professionals, and business owners have told us that the chart has been helpful when preparing for and responding to data breaches. PerkinsCole, June 2014

Cyber Misc

Service Drains Competitors’ Online Ad Budget: The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today’s post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors. KrebsOnSecurity, July 25, 2014

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, August 3, 2014 appeared first on Citadel Information Group.