Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, January 12, 2014
by Fred F. Farkel, Monday, January 13th, 2014


Guest column by Citadel Information Group

Cyber Crime

Hackers Steal Card Data from Neiman Marcus: Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards. KrebsOnSecurity, January 10, 2014

Yahoo’s malware-pushing ads linked to larger malware scheme: A deeper look by Cisco Systems into the cyberattack that infected Yahoo users with malware appears to show a link between the attack and a suspicious affiliate traffic-pushing scheme with roots in Ukraine. PC World, January 10, 2014

Malware attack hits thousands of Yahoo users per hour: (CNN) — A malware attack hit Yahoo’s advertising server over the last few days, affecting thousands of users in various countries, an Internet security company said. CNN, January 6, 2014

Deconstructing the $9.84 Credit Card Hustle: Over the holidays, I heard from a number of readers who were seeing strange, unauthorized charges showing up on their credit and debit cards for $9.84. Many wondered whether this was the result of the Target breach; I suppose I asked for this, having repeatedly advised readers to keep a close eye on their bank statements for bogus transactions. It’s still not clear how consumers’ card numbers are being stolen here, but the fraud appears to stem from an elaborate network of affiliate schemes that stretch from Cyprus to India and the United Kingdom. KrebsOnSecurity, December 6, 2013

Cyber Privacy

Mikko Hypponen: How the NSA betrayed the world’s trust — time to act: Recent events have highlighted, underlined and bolded the fact that the United States is performing blanket surveillance on any foreigner whose data passes through an American entity — whether they are suspected of wrongdoing or not. This means that, essentially, every international user of the internet is being watched, says Mikko Hypponen. An important rant, wrapped with a plea: to find alternative solutions to using American companies for the world’s information needs. TED, October 2013

A Guardian guide to your metadata: Metadata is information generated as you use technology, and its use has been the subject of controversy since NSA’s secret surveillance program was revealed. Examples include the date and time you called somebody or the location from which you last accessed your email. The data collected generally does not contain personal or content-specific details, but rather transactional information about the user, the device and activities taking place. In some cases you can limit the information that is collected – by turning off location services on your cell phone for instance – but many times you cannot. Below, explore some of the data collected through activities you do every day. The Guardian, June 12, 2013

Financial Fraud

Firm Bankrupted by Cyberheist Sues Bank: A California escrow firm that was forced out of business last year after a $1.5 million cyberheist is now suing its former bank to recoup the lost funds. KrebsOnSecurity, January 8, 2014

Cyber Warning

Yahoo Malware Turned European Computers Into Bitcoin Slaves: As many as two million European users of Yahoo may have received PC malware from virus-laden ads served by its homepage over a four-day period last week. Business Insider, January 8, 2014

Cyber Security Managment

USING PSYCHOLOGY TO CREATE A BETTER MALWARE WARNING: It turns out the best way to get people to pay attention to those malware warnings that pop up in browsers may be to stop tweaking them, scrap them entirely and rebuild from scratch. According to a study on the subject published last week, efficient malware warnings shouldn’t scare users away, they should give a clear and concise idea of what is happening and how much risk users are exposing themselves to. ThreatPost, January 7, 2014

Asking these big questions will help you predict future compromise: Nick Selby has a set of questions he always asks when helping an organization root out the cause of a compromise. Here’s why they also help him predict future problems with a security program. CSO, January 7, 2014

Cybersecurity is for the C-suite, ‘not just the IT crowd’: FORTUNE — “Ninety-seven percent of Fortune 500 companies have been hacked,” says Peter W. Singer, “and likely the other 3% have too, they just don’t know it.” Such is the less-than-rosy picture painted by Singer — director of the Center for 21st Century Security and Intelligence at D.C. think tank Brookings Institution and bestselling author of 2009′s Wired for War — and co-author Allan Friedman in the opening pages of their new book Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press). CNN, January 6, 2014

Cyber Lawsuit

LinkedIn Sues Unknown Hackers in an Attempt to Find Out Who They Are: LinkedIn (LNKD) is facing a common plague of social networking companies: thousands of fake accounts used for spam and other nefariousness. So the company is using an increasingly familiar tactic: It’s suing those responsible for setting up the fake accounts, even though it doesn’t know who they are. Bloomberg, January 8, 2014

Judge dismisses challenge to border laptop searches: The searches are rare and don’t require reasonable suspicion, a federal judge said. ComputerWorld, December 31, 2013

Cyber Misc

2013 was the year of cybersecurity: Cybersecurity came up so many times in 2013 that it was easy to miss how quickly and completely it became a central feature of how we think about U.S. foreign policy and national security. Partly, this was an inevitable result of technology becoming more pervasive. And partly it was just an extension of things that had begun in earlier years, such as the U.S. use of cyberattacks on the Iranian nuclear program, which started in 2010. The Washington Post, January 7, 2014

HYPING ARTIFICIAL INTELLIGENCE, YET AGAIN: According to the Times, true artificial intelligence is just around the corner. A year ago, the paper ran a front-page story about the wonders of new technologies, including deep learning, a neurally-inspired A.I. technique for statistical analysis. Then, among others, came an article about how I.B.M.’s Watson had been repurposed into a chef, followed by an upbeat post about quantum computation. On Sunday, the paper ran a front-page story about “biologically inspired processors,” “brainlike computers” that learn from experience. The New Yorker, January 1, 2014

Cyber Calander

ISSA-LA January Lunch Meeting: Topic: The Hidden Risks of Mobile Applications to Your Organization. Mobile applications are becoming a major security threat to organizations and they don’t even know it yet. While many people talk about the potential risks of mobile devices, often the true impact of these risks is not understood. In his presentation, attendees will see real-world examples of how mobile applications can be written to be malicious and explore the damage a skilled criminal can cause. While many of these risks do not have simple fixes, Stickley will provide advice for organizations to reduce their exposure and analyze emerging risks, such as BYOD as part of an ongoing risk management program including what to look for in application settings when downloading new applications to a mobile device, the type of intrusions in the current mobile technology landscape, how to best educate their organization’s internal employees, and best practices and policies for organizations to reduce their risk exposure. ISSA-LA, Event Date: January 15, 2014

Join OWASP Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area as we join forces to host AppSec California!: AppSec California is the first of hopefully many annual conferences hosted by all of the California chapters. Join us on the beaches of Santa Monica which is closest to our Los Angeles Chapter. Space is limited to around 200 attendees so be sure to get your ticket before we sell out! AppleSec California, Event Date: January 27 – 28, 2014

The post Cyber Security News of the Week, January 12, 2014 appeared first on Citadel Information Group.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, January 12, 2014

Comments are closed.