Landmark Leadership Conferences for IT Executives
Cyber Security News of the Week, May 5, 2013
by Fred F. Farkel, Monday, May 6th, 2013


Guest column by Citadel Information Group

Cyber Security News of the Week


Healthcare HITECH Privacy and Security Summit Provides Critical Compliance Content:Healthcare providers must comply with a new HIPAA/HITECH rule by September 23. This critical set of rules provides for additional safety and security for healthcare data, and experts will be on hand in Los Angeles on May 21 to provide important guidance.PRWeb, May 3, 2013

Cyber Crime

Systems Manager Arrested for Hacking Former Employer’s Network: IDG News Service – A 41-year-old man was arrested for allegedly disrupting his former employer’s network after he was passed over for promotions, leading him to quit his job and take revenge, the U.S. Federal Bureau of Investigation said. CIO, May 3, 2013 notifies customers of network attack: A company known for burying bad information to improve its customers’ online images let everyone know this week its network was hacked. sent e-mails to thousands of customers in more than 100 countries to let them know of the attack. ThreatPost, May 2, 2013

Wash. Hospital Hit By $1.03 Million Cyberheist: Organized hackers in Ukraine and Russia stole more than $1 million from a public hospital in Washington state earlier this month. The costly cyberheist was carried out with the help of nearly 100 different accomplices in the United States who were hired through work-at-home job scams run by a crime gang that has been fleecing businesses for the past five years.KrebsOnSecurity, April 30, 2013

Cyber Espionage

Chinese Cyberespionage: Brazen, Prolific, And Persistent: China, China, China: New data and intelligence is shedding more light on just how bold and pervasive Chinese cyberespionage activity is today. DarkReading, April 30, 2013

Cyber Warning

DHS: ‘OpUSA’ May Be More Bark Than Bite: The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as “OpUSA” against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance. KrebsOnSecurity, May 2, 2013

MORE MALWARE SHOWING UP ON FAKE SOURCEFORGE WEB SITES: Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. ThreatPost, April 30, 2013

Online Bank Fraud

Banks targeted by ‘mind-boggling’ online scam: Britain’s major banks have been targeted in a “mind-boggling” online scam potentially affecting record numbers of customers. E&T, May 1, 2013

Cyber Privacy

Spy Court OK’d all U.S. Wiretap Requests it Received in 2012: A special court established to review government requests for warrants to conduct electronic surveillance of suspected foreign spies received close to 1,900 warrant requests last year – all of which it approved. CIO, May 3, 2013

Cyber Defense

Samsung Smartphones, Tablets Running Knox Get U.S. Defense Department Approval:Samsung said Friday that its smartphones and tablets running its Knox security and management software have been cleared for use on the U.S. Department of Defense network. CIO, May 3, 2013

Got Malware? Three Signs Revealed In DNS Traffic: Companies focus much of their energy on hardening computer systems against threats and stopping attempts to breach their systems’ security, and rightfully so. However, companies should always assume that the attackers have already successfully compromised systems and look for the telltale signs of such a breach. DarkReading, May 3, 2013

Cyber Security Management

La Vie En ROSI: With very few exceptions, there is really nothing in security that gives you a return on investment. Unless you’re selling them, security technologies almost never make you any money – what they’re there for is loss avoidance. Now, you may be able to achieve that loss avoidance by spending a lot of money, or by spending a little money; and if you manage the latter, then yes, you have parlayed a cost savings into another cost savings. But that’s not the same as investing some money and watching it grow in value. DarkReading, May 3, 2013

The Art of Cyber War: Boardroom threat level rising: A closer look at how vulnerability in cyber space is redefining national security, enterprise risk, intellectual property, and oversight. NACD, May 3, 2013

The 7 elements of a successful security awareness program: CSO – When we were asked to keynote a recent CSO event, it was a pleasant surprise that the top concern of the CSOs was “security culture.” From performing many security assessments and penetration tests, it is sadly obvious that even the best technical security efforts will fail if their company has a weak security culture. It is heartwarming that CSOs are now moving past straight technological solutions and moving towards instilling a strong security culture as well. [NB: Author Ira Winkler Delivers Luncheon Keynote at ISSA-LA 5th Annual Summit. May 21. Universal City.] NetworkWorld, May 1, 2013

LivingSocial Breach Scope Widens on Finding of 60% Sharing Logins: If having to reset 50 million passwords was not enough to worry about, Dashlane has found that about 60 percent of LivingSocial members reuse their passwords at other sites. CIO, May 1, 2013

National Cyber Security

US and UK to increase cybersecurity cooperation: As the militaries of the United States and Britain purchase more and more of the same networked hardware, most notably the F-35 Joint Strike Fighter (above), the two nations are increasing collaboration in cyber warfare, according to a Pentagon official. Foreign Policy, May 3, 2013

US military secrets leaked to Chinese hackers for three years: A US military contractor was allegedly hacked by those associated with the Chinese military. The company reportedly ignored signs of security breaches, allowing hackers to access military technology and classified documents for three years., May 3, 2013

China’s Cyberspies Outwit Model for Bond’s Q: Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East. Bloomberg, May 1, 2013

Critical Infrastructure

ICS-CERT REVISES RECOMMENDATIONS TO AVOID SHAMOON INFECTIONS: Most publicly known malware attacks are disruptive in nature, for example causing the interruption of online banking services or taking websites temporarily offline. Few attacks cause actual physical damage to computers where hard drives are damaged and data lost or destroyed. ThreatPost, May 3, 2013

Dam! Sensitive Army database of U.S. dams compromised; Chinese hackers suspected:U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database to the Chinese government or military cyber warriors, according to U.S. officials. The Washington Times, May 1, 2013

Cyber Survey

PandaLabs Q1 Report: Trojans Account For 80% Of Malware Infections, Set New Record: In addition, China is the world’s most infected country with more than 50 percent of all computers riddled with malware DarkReading, May 3, 2013

Cyber Misc

We rooted Wii U encryption and file system, says hacker group: The hacking group responsible for one of the first major modchips for the original Wii claims to have successfully reverse-engineered the pieces necessary to run copies of Wii U games from external USB hard drives. are technica, May 1, 2013

Developer Warns Of Google Glass Security Risks Following His Jailbreak Exploit: If the notion of an intruder hacking into your smartphone or PC seems disturbing, just imagine an even more personal sort of privacy breach-a hacker who gains full access to your sight. Forbes, April 30, 2013

Cyber Sunshine

Alleged SpyEye Seller Bx1 Extradited to U.S.: A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions. KrebsOnSecurity, May 3, 2013

Securing the Village – Events Calendar

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join 800 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Comments Off on Cyber Security News of the Week, May 5, 2013

Comments are closed.