Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, March 3, 2013
by Fred F. Farkel, Monday, March 4th, 2013


Guest column by Citadel Information Group

Cyber Crime

Microsoft joins Apple, Facebook as target of hackers: Feb. 23 (Bloomberg) – Microsoft Corp., the largest software maker, said a small number of its computers were infected by malicious software in a cyberattack similar to those experienced by Facebook Inc. and Apple Inc. The Washington Post, February 23, 2013

Hack On Zendesk Affects Twitter, Pinterest, Tumblr Users: The hack of a common provider of customer service software may put the personal information of Twitter, Pinterest, and Tumblr customers at risk, the companies said today. DarkReading, February 22, 2013

Cyber Espionage

From Shanghai With Love: Espionage, like so many things these days, ain’t what it used to be now that the computer has supplanted the cloak and dagger. While James Bond used to ply his trade in exotic locales, surrounded by beautiful women and driving fancy sports cars equipped with all sorts of great gadgets, spies now are hackers holed up in nondescript office buildings in Shanghai. Barron’s, February 23, 2013

Cyber Privacy

Audit finds problems with census information security: Weaknesses in Census Bureau information security could compromise the confidentiality and integrity of the agency’s survey data, according to a report released Wednesday by Congress’s auditing department. The Washington Post, February 22, 2013

Identity Theft

Identity Theft Remains Top Consumer Complaint Fielded by FTC: The FTC’s annual look at its Consumer Sentinel Network database of complaints found that 2012 was the first year the agency got more than 2 million complaints overall, and 369,132, or 18%, were related to identity theft. Of those, more than 43% related to tax- or wage-related fraud, the agency stated. CIO, February 26, 2013

Incidence of Identity Theft Hits 3-Year High: Identity theft in the United States rose to a three-year high in 2012, with more than 5 percent of the adult population, or 12.6 million people, falling victim to such crimes, says a new survey. Yahoo, February 25, 2013

Cyber Misc

Here’s What Law Enforcement Can Recover From A Seized iPhone: You may think of your iPhone as a friendly personal assistant. But once it’s alone in a room full of law enforcement officials, you might be surprised at the revealing things it will say about you. Forbes, February 26, 2013 

BBC blocked in China just days after reporting on Chinese hackers: The British Broadcasting Corporation may have discovered a new “red line” for the Chinese government: don’t bring reporters near the Shanghai complex where China’s suspected military hacking team is thought to be located. The Washington Post, February 25, 2013

Cyber Warning

Evernote Resets Everyone’s Passwords After Intrusion: Evernote’s security team has detected a coordinated attempt to gain access to secured areas of their systems. So as to be safe, rather than sorry, they have forced all users to reset their passwords before proceeding to use the service. InformationWeek March 2, 2013

Dropbox Users Reporting More Spam Following Last Summer’s Breach: It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again last weekend. ThreatPost, March 1, 2013

New Java 0-Day Attack Echoes Bit9 Breach: Once again, attackers are leveraging a previously unknown critical security hole in Java to break into targeted computers. Interestingly, the malware and networks used in this latest attack match those found in the recently disclosed breach at security firm Bit9. KrebsOnSecurity, March 1, 2013

Japanese agency warns of information-stealing Android porn app: IDG News Service (Tokyo Bureau) – A Japanese Internet security agency has issued a public warning about Android apps that offer free images of scantily clad models to trick users into giving up their personal details. CIO, March 1, 2013

NBC hack infects visitors in ‘drive by’ cyberattack: Chances are, you know not to open that e-mail attachment from the “Nigerian prince” who wants to give you a hundred grand. But a hack of some sites on Thursday proves you can accidentally download malware even when visiting a reputable website. CNN, February 23, 2013

Move Over, APTs – The RAM-Based Advanced Volatile Threat Is Spinning Up Fast: For security pros, the advanced persistent threat (APT) has become a term as everyday as virus or Trojan horse. But as defenders become increasingly wise to the APT, experts say, attackers are now trying a new approach: the advanced volatile threat (AVT). Dark Reading, February 22, 2013

Cyber Defense

Amid Hacking Headaches, Twitter Begins Using Email Authentication: Amid a string of hackings this week, Twitter said it has begun using a new security protocol that will help reduce email-based abuse and ensure that emails coming from a address are authentic. Fox News, February 22, 2013

Cyber Security Management

More Companies Reporting Cyber Security Incidents: At least 19 financial institutions have disclosed to investors in recent weeks that their computers were targets of malicious cyber­assaults last year, a sign of growing openness among corporations about the breadth of cybersecurity incidents plaguing the private sector. The Washington Pose, March 1, 2013

A Vulnerability Disclosure Game Changer: Two new ISO standards will push third-party developers, online service providers and even hardware vendors to stop ignoring vulnerability disclosures. DarkReading, March 1, 2013

Tale Of Two Compromises Provides Lessons For SMBs: The stories behind the hacking of a startup’s CEO and a journalist, as told at the RSA Conference, provides small and medium businesses with good tactics to secure their businesses. DarkReading, March 1, 2013

IT Security Managers Too Focused on Compliance, Experts Say: Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week. CIO, March 1, 2013

Cloud Security Falls Short … But Could Be Great: SAN FRANCISCO – RSA CONFERENCE 2013 – Public cloud services could have better security than the vast majority of corporate on-premise networks, but today’s tools fail to provide needed protections, and providers and security firms fall short of the cooperation necessary to build security into the cloud. DarkReading, February 26, 2013

Securing the Village

Cyber Attacks and Cyber Crime AbroadVeteran CLBR guest Stan Stahl returns to explain what is going on and what is or should be done about it. They discuss the major Cyber Attacks against the U.S. and U.S. businesses from Iran and China and of an emerging marketplace for Cyber Crime in Russia. WebmasterRadio, February 28, 2013

NIST seeks cybersecurity guidance: The National Institute of Standards and Technology issued a request for information in the Feb. 26 Federal Register asking for comments to help develop a cybersecurity framework and guidance. FCW, February 26, 2013

An Eerie Silence on Cybersecurity: Apart from a few companies like Google, which revealed that Chinese hackers had tried to read its users’ e-mail messages, American companies have been disturbingly silent about cyberattacks on their computer systems – apparently in fear that this disclosure will unnerve customers and shareholders and invite lawsuits and unwanted scrutiny from the government. The New York Times, February 27, 2013


Executive Forum: 5th Annual Information Security Summit The Growing Cyber Threat: Protect Your Business: Tuesday, May 21, 2013 8:30 – 11:00 Information risk is business risk. Managing information risk is now the responsibility of executive and senior management. From Main Street to Wall Street, cybercriminals are stealing our money, our trade secrets, our credit cards, our personal health information, our identities and our ability to conduct commerce. Laws, regulations and contractual agreements are raising the cost of insecurity. Business, not-for-profits and government agencies have become the first line-of-defense. ISSA-LA

National Cyber Security

New Evidence Shows Stuxnet Used Since At Least 2007: IDG News Service – Researchers from security firm Symantec have found and analyzed a version of the Stuxnet cybersabotage malware that predates previously discovered versions by at least two years and used a different method of disrupting uranium enrichment processes at Iran’s nuclear facility at Natanz. CIO, February 26, 2013

U.K., India Sign Cybersecurity Pact: U.K. Prime Minister David Cameron last week signed a cybersecurity deal with India’s Prime Minister Manmohan Singh to reassure Brits about protection of data held by outsourcers or cloud companies in India.Information Week, February 25, 2013

Obama’s Five-Point Plan To Fight Cyber-Crime: Continued cyber-attacks on the United States may soon be met with trade or diplomatic punishment against the nations of origin. The Obama administration last week listed more than a dozen instances of international assaults against U.S. businesses, resulting in stolen trade secrets, blunted competitive edge and lost American jobs. Forbes, February 23, 2013

White House will soon revive cybersecurity legislation push: (Reuters) – A senior adviser to President Barack Obama said the White House will soon renew efforts to push cybersecurity legislation through Congress, though he foresaw an uphill battle given the failure of the last attempt. Reuters, February 25, 2013

Chinese army hackers are the tip of the cyberwarfare iceberg: China is awash with nondescript new office buildings so the 12-storey tower on the outskirts of Shanghai’s Pudong area hardly looked likely to cause global headlines. Not even propaganda posters on walls surrounding it or People’s Liberation Army guards standing at the gates made the building stand out. The Guardian, February 23, 2013

Cyber Sunshine

Latest Kelihos Botnet Shut Down Live at RSA Conference 2013: The third version of the prolific peer-to-peer botnet responsible for volumes of pharmaceutical spam, Bitcoin wallet theft and credential harvesting was shut down before a live audience today at RSA Conference 2013. February 26, 2013


Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, March 3, 2013

Comments are closed.