Cyber Security News of the Week, March 17, 2013by Fred F. Farkel, Monday, March 18th, 2013
Guest column by Citadel Information Group
US government cyber-security database taken offline due to hacker attack: A federal government database that stores malicious viruses and cyber-attacks has been taken offline following the detection of a hacker attack on its servers. The database is meant to provide an early warning of Internet infiltration by new viruses. RT, March 15, 2013
Israeli Government Websites Targeted in Watering Hole Attack: A new watering hole attack has been reported, this one targeting two government-related websites based in Israel that have been injected with malware exploiting a six-month-old vulnerability in Internet Explorer. ThreatPost, March 13, 2013
Top Credit Agencies Say Hackers Stole Celebrity Reports: Experian Plc (EXPN), Equifax Inc. (EFX) and TransUnion Corp. (TRUN), the three biggest U.S. credit-reporting companies, said they uncovered cases where hackers gained illegal, unauthorized access to users’ information. Bloomberg, March 12, 2013
The World Has No Room For Cowards: It’s not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home. KrebsOnSecurity, March 15, 2013
Credit Reports Sold for Cheap in the Underweb: Following the online publication of Social Security numbers and other sensitive data on high-profile Americans, the three major credit reporting bureaus say they’ve uncovered cases where hackers gained access to users’ information, Bloomberg reports. The disclosure, while probably discomforting for many, offers but a glimpse of the sensitive data available to denizens of the cybercrime underworld, which hosts several storefronts that sell cheap, illegal access to consumer credit reports. KrebsOnSecurity, March 13, 2013
Privacy backlash against CISPA cybersecurity bill gains traction: A petition to the White House asking the president to “stop” a controversial cybersecurity bill passes the 100,000 mark. The only problem: President Obama has already threatened to veto it.CNet, March 13, 2013
New Google Site Aimed At Helping Webmasters of Hacked Sites: IDG News Service (Miami Bureau) – Google has launched a site for webmasters whose sites have been hacked, something that the company says happens thousands of times every day. CIO, March 13, 2013
Help Keep Threats at Bay With ‘Click-to-Play’: Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately for many users, there is a relatively simple and effective alternative: Click-to-Play. KrebsOnSecurity, March 13, 2013
Microsoft to Roll Out Windows Store App Patches Quickly: IDG News Service – Microsoft will release security updates for applications in its Windows Store as those patches are available in order to speed up the updating process. CIO, March 13, 2013
Apple Fixes OS X Flaw That Allowed Java Apps to Run With Plugin Disabled: Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. OS X 10.8.3 fixes 21 total vulnerabilities, and also includes a new version of the malware removal tool for Apple machines. ThreatPost, March 15, 2013
Critical Updates for Windows, Adobe Flash, Air: Microsoft and Adobe each released patches today to plug critical security holes in their products. Microsoft issued seven update bundles to address at least 19 20 vulnerabilities in Windows and related software. Adobe released the fourth security update in nearly as many weeks for its Flash Player software, as well as a fix for Adobe AIR. KrebsOnSecurity, March 12, 2013
National Cyber Security
Obama: Cybersecurity ‘key’ in talks with China: In talks with Chinese President Xi Jinping, President Obama stated that cybersecurity is a “key” topic in discussions between both nations. ZDNet, March 15, 2013
Intelligence Officials See Cyberattacks As a Top US Threat: IDG News Service (Washington, D.C., Bureau) – Cyberattacks are near the top of the list of most serious threats facing the U.S., with the rivaling concerns about terrorism and North Korea, intelligence officials with President Barack Obama’s administration said. CIO, March 12, 2013
Apparel Company Files Landmark Lawsuit Against Visa in PCI Dispute: A Tennessee-based footwear and apparel company has filed a $13 million lawsuit against Visa for what it considers random, subjective penalties for being out of compliance with the Payment Card Industry (PCI) standard the credit card company regulates. ThreatPost, March 12, 2013
DDoS, Malware Attacks Cost Victims Thousands Of Dollars A Day: New eye-popping data shows the cost of cyberattacks to victim organizations: They spend as much as $6,500 per hour to recover from DDoS attacks, and $3,000 a day for up to 30 days recovering from malware infections. DarkReading, March 12, 2013
Cryptographers Demonstrate New Crack For Common Web Encryption: It’s long been known that one of the oldest and most widely used standards for encrypting web sites has some serious weaknesses. But one group of researchers has found a method that downgrades that security scheme from vaguely flawed to demonstrably breakable.Forbes, March 13, 2013
Securing the Village-Events Calendar
ISSA-LA March Dinner Meeting; March 20, 2013. Garret Grajek, CTO / COO, SecureAuth Corporation will speak on Securing Mobile Apps for the Enterprise. Luminaria’s 3500 West Ramona Boulevard. Monterey Park. 6:30 – 8:45. For more information and to register, visit ISSA-LA.
NAWBO Ventura County March Dinner Meeting, March 28, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at the monthly meeting of the Ventura County Chapter of the National Association of Women Business Owners. In her talk The Growing Cyber Threat: Why the Bad Guys are Winning!, Kimberly will identify threats to information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure.
SecureIT-2013, March 28, 2013: David Lam, our newest Citadel partner and ISSA Los Angeles VP, will be speaking at SecureIT on 28 March regarding the appropriate use of ISO 27001/2 as an information security framework. David will be showing how the framework is extensible to all different sizes of organizations, and how it helps you achieve both security and compliance. For more information and to register, visitwww.secureitconf.com.
ISSA-LA April Lunch Meeting; April 17, 2013. For more information and to register, visitISSA-LA.
Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk – It Takes the Village to Secure the Village SM – Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user’s computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.
ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.
Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community
The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.