Cyber Security News of the Week, February 3, 2013by Fred F. Farkel, Monday, February 4th, 2013
Guest column by Citadel Information Group
Twitter, Washington Post targeted by hackers: SAN FRANCISCO – Social media giant Twitter is among the latest U.S. companies to report that it is among a growing list of victims of Internet security attacks, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users. And now, The Washington Post is joining the chorus, revealing the discovery of a sophisticated cyberattack in 2011. NewsDay, February 1, 2013
New York Times hacking revelations shed new light on China cybercrime: Revelations that China apparently targeted the New York Times in a campaign of cyber-espionage have cast a rare spotlight on attempts by Beijing to crack down on any criticism of its ruling elite. The Guardian, January 31, 2013
Wall Street Journal Infiltrated by Chinese Hackers: The Wall Street Journal says its computer systems have been infiltrated by Chinese hackers who were trying to monitor the newspaper’s coverage of China. ABC News, February 1, 2013
Hackers in China Attacked The Times for Last 4 Months: SAN FRANCISCO – For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. The New York Times, January 31, 2013
Facts and figures behind the current threat landscape: Mobile malware up, spam down, the age of privacy is over and porn is less dangerous than advertisements – just some of the findings in a new annual security report. InfoSecurity, January 31, 2013
The New Child Pornography Malware. Blackmailing malware has been around for some time of course. A trojan or virus gets into the computer then locks it until a ransom has been paid: as I say, this has been around for some time now. However, there’s a variation of it that is much, much, more dangerous: it actually displays a piece of child pornography while claiming that this is what you’ve been watching and thus you must pay the fine. Forbes, February 1, 2013
Hacking The Laptop Docking Station: Black Hat Europe researcher builds prototype device that could be used to steal corporate data, listen in on voice calls, videoconferences. DarkReading, January 31, 2013
Yahoo Mail Breach Linked to Old WordPress Vulnerability: Researchers at Australia-based BitDefender say they’ve found how some Yahoo Mail accounts are being hijacked, and it leads back to “buggy” blog software Yahoo’s developers used.ThreatPost, January 31, 2013
Symantec Gets A Black Eye In Chinese Hack Of The New York Times: Having your email hacked and malicious software spread on your servers for months may be embarrassing. But being outed as the antivirus vendor that failed to catch the vast majority of that malware is likely more humiliating still. Forbes, January 31, 2013
5 Years After Major DNS Flaw is Discovered, Few U.S. Companies have Deployed Long-Term Fix: Network World – Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat. CIO, January 29, 2013
Disable This Buggy Feature On Your Router Now To Avoid A Serious Set Of Security Vulnerabilities: You’ve probably never checked whether your Internet router is set by default to use a harmless-sounding protocol called Universal Plug and Play. If it does, now’s a good time to turn it off. Forbes, January 29, 2013
Java Security Feature FAIL: Researcher Bypasses Java Sandbox, Security Settings: Zero-day bugs in Java have been coming fast and furious lately. In the latest twist, a researcher says he was able to cheat built-in security features in Java applications.DarkReading, January 28, 2013
Hackers squeeze through DVR hole, break into CCTV cameras: The digital video recorders of several CCTV video cameras are vulnerable to attacks that create a means for hackers to watch, copy or delete video streams, according to security researchers. The Register, January 28, 2013
Cyber Security Management
Lesson Learned in Cyberattack on The New York Times: CSO – The New York Times’ description of a cyberespionage campaign waged against the news media company by Chinese hackers demonstrates the importance of assuming criminals will eventually break into a computer system, and the best defense is to detect the intrusion as soon as possible. CIO, February 1, 2013
Cyber Security Management – Online Bank Fraud
Big Bank Mules Target Small Bank Businesses: A $170,000 cyberheist last month against an Illinois nursing home provider starkly illustrates how large financial institutions are being leveraged to target security weaknesses at small to regional banks and credit unions. KrebsOnSecurity, January 28, 2013
Cyber Security Management – Cyber Update
Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities: Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year. ThreatPost, January 29, 2013
Apple’s anti-malware blacklists Java 7 plug-in again: Apple has once again effectively blacklisted Java 7 web plug-ins on Macs by enforcing a minimum version for the software – a version that has yet to be released by Oracle. ZDNet, February 1, 2013
RSA, IBM Bet On Big Data Analytics To Boost Security: RSA and IBM’s turning to big data analytics to improve security monitoring mark what some analysts say could be the wave of the future. DarkReading, January 31, 2013
Mozilla takes drastic step to automatically block virtually all plug-ins in Firefox:Computerworld – Mozilla yesterday announced it would automatically disable all plug-ins in Firefox except the latest version of Adobe’s Flash Player, citing security and stability reasons for the move. ComputerWorld, January 30 2013
Google Offers $3.14159 Million In Total Rewards For Chrome OS Hacking Contest:Google has never been stingy when it comes to paying for information about security vulnerabilities in its products. Now it’s offering an especially large-and especially nerdy-sum of money. Forbes, January 28, 2013
National Cyber Security
Former Obama Cybersecurity Czar Warns Against Use of Cyberweapons: Talks of cyberwar and a cyber Pearl Harbor seem to be a regular fixture of news reports in the last few months, with prominent U.S. administration officials like Janet Napolitano or Leon Panetta regularly touting the threat of a cyber attack on the United States. But not everybody is buying it. For one, Howard Schmidt, the former chief cybersecurity advisor to President Barack Obama, is skeptical. Mashable, January 31, 2013
Rockefeller: Fortune 500 companies back voluntary cybersecurity standards: Leading U.S. companies will support a voluntary program enabling the government and industry to develop a set of cybersecurity best practices, according to a memo from Senate Commerce Committee Chairman Jay Rockefeller (D-W. Va.). The Hill, January 30, 2013
Pentagon Cyber Force Turns To Hackers To Meet Growing Demand: Faced with growing fears of potentially crippling cyber attacks and not enough skilled technicians to combat the threat, the Defense Department has launched a massive recruitment drive that’s tapping an unlikely group: computer hackers. HuffingtonPost, January 28, 2013
Unseen, all-out cyber war on the U.S. has begun: Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet InfoWorld, January 28, 2013
Securing the Village – ISSA-LA
Obama Admin Cybersecurity Expert Howard Schmidt Speaks at ISSA-LA Annual Info Security Summit: Former cybersecurity coordinator of the Obama Administration, Howard A. Schmidt, will be a keynote speaker at the Los Angeles Chapter of the Information Systems Security Association Fifth Annual Information Security Summit on May 21, 2013. PRLog, January 29, 2013
Living in today’s “Any-to-any” world: Cybercriminals are taking advantage of the rapidly expanding attack surface found in today’s “any-to-any” world, where individuals are using any device to access business applications in a network environment that utilizes decentralized cloud services. The 2013 Cisco® Annual Security Report highlights global threat trends based on real-world data, and provides insight and analysis that helps businesses and governments improve their security posturing for the future.Cisco 2013 Annual Security Report
Ticketmaster abandons Captcha verification system: Ticketmaster will use a new verification system after deciding that Captcha has become too complex for human users to understand easily. The Telegraph, January 30, 2013
Securing the Village-Events Calendar
ISC2-LA February Dinner Meeting; February 5, 2013: Email Bill Zajac at email@example.com for more information.
Cloud Security Alliance – Los Angeles Chapter; February 13, 2013: “Can encryption help alleviate concerns about moving to the cloud?” For more information and to register, go to meetup.com/LASC-CSA/.
ISSA-LA February Lunch Meeting; February 20, 2013. For more information and to register, visit ISSA-LA.
ISSA-LA March Dinner Meeting; March 20, 2013.
NAWBO Ventura County March Dinner Meeting, March 22, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at the monthly meeting of the Ventura County Chapter of the National Association of Women Business Owners. In her talk The Growing Cyber Threat: Why the Bad Guys are Winning!, Kimberly will identify threats to information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure.
Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk – It Takes the Village to Secure the Village SM – Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user’s computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.
ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA. Special Early-Bird pricing until March 1.
Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.