Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, February 9, 2014
by Fred F. Farkel, Monday, February 10th, 2014


Guest column by Citadel Information Group

Cyber Crime

Penn. vendor confirms link to Target data probe: A western Pennsylvania heating and refrigeration contractor said it was the victim of a “sophisticated cyber attack operation” that is being investigated by the Secret Service and possibly linked to the data breach that enabled hackers to access millions of credit card numbers belonging to Target store customers. MPR News, February 7, 2014

Target Hackers Broke in Via HVAC Company: Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. KrebsOnSecurity, February 5, 2014

Heat System Called Door to Target for Hackers: SAN FRANCISCO — Investigators say they believe they have identified the entry point through which hackers got into Target’s systems, zeroing in on the remote access granted through the retailer’s computerized heating and cooling software, according to two people briefed on the inquiry. The New York Times, February 5, 2014

These Guys Battled BlackPOS at a Retailer: Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Target’s cash registers. KrebsOnSecurity, February 4, 2014

Hackers access 800,000 Orange customers’ data: Orange customers in France could see a spike in phishing attempts after hackers nabbed hundreds of thousands of customers’ unencrypted personal data in an attack on the operator’s website. ZDNet, February 3, 2014

Hotel Franchise Firm White Lodging Investigates Breach: White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013, KrebsOnSecurity has learned. KrebsOnSecurity, January 31, 2014

Cyber Attack

Thousands of visitors the the NHS Choices site bombarded with malware after a coding error let a Czech hacker in by the back door: Thousands of patients trying to access health advice on the NHS Choices website were bombarded with adverts and malware – potentially stealing personal information from their computers – due to a coding error yesterday. The Independent, February 3, 2014

Cyber Privacy

N.S.A. Program Gathers Data on a Third of Nation’s Calls, Officials Say: WASHINGTON — The National Security Agency’s once-secret program that is collecting bulk records of Americans’ domestic phone calls is taking in a relatively small portion of the total volume of such calls each day, officials familiar with the program said on Friday. The New York Times, February 7, 2014

Identity Theft

The Rise Of Medical Identity Theft In Healthcare: If modern technology has ushered in a plague of identity theft, one particular strain of the disease has emerged as most virulent: medical identity theft. Kaiser Health News, February 7, 2014

Target Vows to Speed Anti-Fraud Technology: WASHINGTON — A top executive of Target told a Senate committee on Tuesday that the company was accelerating plans to adopt a technology widely used in Europe but rare in the United States that reduces potential for credit card fraud, and lawmakers from both parties called on other businesses to do the same. The New York Times, February 4, 2014

File Your Taxes Before the Fraudsters Do: Jan. 31 marked the start of the 2014 tax filing season, and if you haven’t yet started working on your returns, here’s another reason to get motivated: Tax fraudsters and identity thieves may very well beat you to it. KrebsOnSecurity, February 3, 2014

Cyber Warning

Susan Tompor: Did your cell phone ring just once? Do not call back: If you see a missed cell phone call from an unknown number and call them back, hold on to your wallet before you get taken by yet another scam. Detroit Free Press, February 6, 2014

Hackers use a trick to deliver Zeus banking malware: Hackers found a new way to slip past security software and deliver Zeus, a long-known malicious software program that steals online banking details. PC World, February 3, 2014

Malicious Java app infects Mac, Linux systems with DDoS bot: Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered. PC World, February 1, 2014

Cyber Security Management

How to use Syrian Electronic Army attacks to improve security awareness: Recently, the authors have been called in to help companies handle attacks from the Syrian Electronic Army (SEA). Our first priority is to help contain the damage, figure out which accounts have been compromised that have not been used yet to cause damage, and clean things up. CSO, February 3, 2014

Cyber Security Management – Cyber Defense

Microsoft Takes to the Front Lines in the War on Cybercrime: The global cost of cybercrime in 2013 was estimated by McAfee to be upwards of $300 billion. One in five small businesses have now been on the receiving end of an attack and every day one million more individuals become victims of cyber-criminal activity. The internet is under attack, and we are the targets. Entrepreneur, February 6, 2014

Cyber Security Management – Cyber Update

Adobe Pushes Fix for Flash Zero-Day Attack: Adobe Systems Inc. is urging users of its Flash Player software to upgrade to a newer version released today. The company warns that an exploit targeting a previously unknown and critical Flash security vulnerability exists in the wild, and that this flaw allows attackers to take complete control over affected systems. KrebsOnSecurity, February 4, 2014

National Cyber Security

Snowden Used Low-Cost Tool to Best N.S.A.:WASHINGTON — Intelligence officials investigating how Edward J. Snowden gained access to roughly a huge trove of the country’s most highly classified documents say they have determined that he used inexpensive and widely available software to “scrape” the National Security Agency’s networks, and kept at it even after he was briefly challenged by agency officials. The New York Times, February 8, 2014

Senate cybersecurity report finds agencies often fail to take basic preventive measures: The message broadcast in several states last winter was equal parts alarming and absurd: “Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. . . . Do not attempt to approach or apprehend these bodies, as they are considered extremely dangerous.” The Washington Post, February 3, 2014

Cyber Misc

CYBER EXPERT: The Story Of A Reporter Getting Hacked In Sochi Is Completely False: On Wednesday, NBC News’ reporter Richard Engel gave a jarring report of just how bad the problem of hackers is in Sochi, reporting that his phone was hijacked “before we even finished our coffee.” Business Insider, February 6, 2014

Cyber Calendar

“Lunch Meeting – It Takes the Village to Secure the Village”: Dr. Stan Stahl, President of the Los Angeles Chapter of the Information Systems Security Association and President of Citadel Information Group presents. SOCALAFP, Event Date: February 14, 2014

ISSA-LA February Lunch Meeting: In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. Spamhaus gave us permission to talk about the details of the attack. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet’s infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here’s what the network needs to do in order to protect itself. ISSA-LA, Event Date: February 19, 2014

Cybersecurity Essentials for Business Professionals: Please join us in this free presentation where we will discuss essential issues that every entrepreneur and business professional must know about cybersecurity laws, guidelines, and protocols. This event will be moderated and conducted by Salar Atrizadeh, Esq., principal and founder of the Law Offices of Salar Atrizadeh. Also, Stan Stahl, Ph.D., President of Citadel Information Group and ISSA-LA, Brad Maryman, and Howard Miller will serve as panelists Law Offices of Salar Atrizadeh, Event Date: February 21, 2014

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, February 9, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, February 9, 2014

Comments are closed.