Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, July 13, 2014
by Fred F. Farkel, Monday, July 14th, 2014


Guest column by Citadel Information Group

Cyber Crime

BitBeat: Phishing Scam Tries to Lure In Bitcoin Bidders: – A scam artist tried to swindle a group of potential bidders in the June auction of 30,000 bitcoins by the U.S. Marshals Service, and appears to have scored a small win with at least one of them. The Wall Street Journal, July 3, 2014

Cyber Privacy

Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee: The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA). The bill is intended to help companies and the government thwart hackers and other cyber-intrusions. The bill passed by a 12-3 vote, moving it one step closer to a floor debate. Forbes, July 9, 2014

Financial Cyber Security

Why Information Sharing Isn’t Working: Tim Pawlenty, CEO of the Financial Services Roundtable, says the only way to ensure adequate cyberthreat information sharing is through federal legislation that would furnish liability protection and other incentives. BankInfoSecurity, June 25, 2014

FFIEC Launches Cybersecurity Web Page, Promotes Awareness of Cybersecurity Activities: WASHINGTON –The Federal Financial Institutions Examination Council (FFIEC) today launched a Web page on cybersecurity ( Web page is a central repository for current and future FFIEC-related materials on cybersecurity. FFIEC, June 24, 2014

Cyber Warning

Crooks Seek Revival of ‘Gameover Zeus’ Botnet: Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it. KrebsOnSecurity, July 10, 2014

HARD-CODED PASSWORD VULNERABILITY PLAGUES SOME NETGEAR SWITCHES: A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware, including the ability to log into the device and execute arbitrary code. ThreatPost, July 7, 2014

The Rise of Thin, Mini and Insert Skimmers: Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Here’s a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year. KrebsOnSecurity, July 7, 2014

Funeral Announcement: Origins: In January 2014, Internet users began receiving e-mails from various funeral homes with attention-getting subject lines such as “Passing of your friend,” messages that informed recipients a “dear friend” had passed away and invited them to attend that person’s upcoming funeral or memorial service. The messages provided a hyperlink (on the word “here”) for readers to click in order to obtain detailed information about the date and location of the service. Snopes, January 24, 2014

Cyber Security Management

Strategic Security: Begin With The End In Mind: The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world. DarkReading, July 11, 2014

The CISO-centric Information Security Triad: What is the information security triad? Just about everyone knows the answer to this question is CIA – Confidentiality, Integrity, and Availability. Security professionals, service providers, and technology vendors are responsible for these three infosec pillars in one way or another. NetworkWorld, July 10, 2014

Managing Cyber Risk: Job #1 for Directors and General Counsel: Each year, FTI Consulting and NYSE Governance Services survey public company directors and general counsel about the legal and governance issues that concern them the most. FTI Journal, July 2014

Rogers: Cybersecurity is the ‘ultimate team sport’: Thank you very much for taking the time from your very busy days to focus on a topic that I think is of critical importance to us as a nation: this idea of how do we maintain security in a cyber arena in a world where cyber continues to grow in importance and, at the same time, the level of vulnerability that is present within our cyber systems has probably never been greater. So that’s quite a challenge for anybody. Federal Times, July 8, 2014

Ponemon: Data Breach Costs Rising: On the day Target’s CEO resigned in the aftermath of a massive data breach, the Ponemon Institute issued its 2014 Cost of Data Breach Study, which Chairman Larry Ponemon says helps explain why CEOs should be more involved in breach preparedness and response. BankInfoSecurity, May 5, 2014

Cyber Security Management – Cyber Defense

Black Hat USA 2014: Third-Party Vulns Spread Like Diseases: Understanding the impact of vulnerabilities in libraries and other components. DarkReading, July 7, 2014

Cyber Security Management – Cyber Update

APPLE UPDATES OSX BLACKLIST FOLLOWING FLASH VULNERABILITY: Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week. ThreatPost, July 11, 2014

Microsoft, Adobe Push Critical Fixes: If you use Microsoft products or Adobe Flash Player, please take a moment to read this post and update your software. Adobe today issued a critical update that plugs at least three security holes in the program. Separately, Microsoft released six security updates that address 29 vulnerabilities in Windows and Internet Explorer. KrebsOnSecuriy, July 8, 2014

Cyber Underworld

The Hazards Of Probing The Internet’s Dark Side: Late last year, hackers breached Target’s data security and stole information from millions of credit cards. Brian Krebs, who writes about cybercrime and computer security for his blog, Krebs on Security, broke the story. A few days later, he broke the story of a credit card breach at Neiman Marcus. NPR, July 8, 2014

Cyber Espionage

Chinese Hackers Pursue Key Data on U.S. Workers: WASHINGTON — Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials. They appeared to be targeting the files on tens of thousands of employees who have applied for top-secret security clearances. The New York Times, July 9, 2014

Chinese Attackers Targeting U.S. Think Tanks, Researchers Say: Government-backed group “Deep Panda” compromised “several” nonprofit national security policy research organizations, CrowdStrike says. DarkReading, July 7, 2014

Critical Infrastructure

Study: Most Critical Infrastructure Firms Have Been Breached: A new Ponemon Institute study finds 70% of critical infrastructure companies have been hit by security breaches in the last year, but cyber security programs are still a low priority. DarkReading, July 10, 2014

Cyber Misc

Scammers, hackers and spies hit campaign trail: Political campaigns are hotbeds of criminal activity and mischief — just not in the way you think. Politico, July 7, 2014

Cyber Sunshine

Global Law Enforcement, Security Firms Team Up, Take Down Shylock: A la GOZeuS, an international, public-private collaboration seizes a banking Trojan’s command and control servers. DarkReading, July 10, 2014

Feds Charge Carding Kingpin in Retail Hacks: The U.S. Justice Department on Monday announced the arrest of a Russian hacker accused of running a network of online crime shops that sold credit and debit card data stolen in breaches at restaurants and retailers throughout the United States. KrebsOnSecurity, July 8, 2014

Cyber Calender

ISSA-LA July Lunch Meeting: Attack Trends, the Need for Intelligence. Integration and a Prevent-Based Security Posture: This presentation will review recent trends associated with malware, advanced threats and risky applications. It will also highlight security administrator views toward their ability to identify, analyze and prevent security breaches. The data points associated with these findings identify a clear need for information security intelligence that is rich in content and also actionable. Security administrators must be able to integrate intelligence into their security controls in near real-time to prevent evolving attacks. The session will also raise the need for security practitioners to consider switching their security postures from detect to prevent. ISSA-LA, Event Date: July 16, 2014

Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, July 13, 2014 appeared first on Citadel Information Group.

Comments Off on Cyber Security News of the Week, July 13, 2014

Comments are closed.