Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Crime

Nordstrom Finds Cash Register Skimmers: Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida. KrebsOnSecurity, October 10, 2013

Online Bank Fraud

Wire and Online Banking Fraud Continues to Spike for Businesses: A $1.5 million bank/wire fraud case made big news this summer, but experts say that malware and other online threats to banks’ business clients have been spiking for at least a year. American Banker, October 7, 2013

Cyber Warning

SPECIAL ALERT: Aggressive Malware Requires User Diligence: We are tracking a new very-aggressive malware. This malware is distributed as a zip file attachment to emails. When the zip-file is run, it encrypts files on the user’s hard drive, rendering them unusable until a ransom is paid. Citadel Information Group, October 7, 2013

Cyber Security Management

Study: Cybercrime Costs Grow 26%: A big challenge when attempting to drum up support for investments in information security is demonstrating the cost of data breaches and other cybercrimes. But because very few cyber-attack victims have revealed the costs involved, sizing up the potential financial impact is tough. And that can make it difficult to justify a hefty security investment. BankInfoSecurity, October 8, 2013

Why mere compliance increases risk: In some cases, poor training is as bad as-if not worse than-no training it all, say John Schroeter and Tom Pendergas. CSO, October 2, 2013

Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches: External data breaches (think: Anonymous) and internal data leaks (think: Edward Snowden) have enterprises questioning and rethinking their security programs. Are they doing enough to protect their data? Are their security controls effective? Would they be able to respond appropriately to a data breach and contain it quickly? DarkReading, September 27, 2013

Cyber Security Management – Cyber Defense

The practicality of the Cyber Kill Chain approach to security: Lysa Myers of the InfoSec Institute explains the Cyber Kill Chain approach and whether or not it’s a good fit for certain organizations. CSO, October 4, 2013

Cyber Security Management – Cyber Update

BlackBerry Fixes Remote Code Vulnerability in BES10: Microsoft and Adobe weren’t the only companies releasing security updates yesterday. BlackBerry piled on the patch parade with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability. ThreatPost, October 9, 2013

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft today each issued software updates to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software – including not just one but two zero-day bugs in Internet Explorer. Adobe’s patches fix a single critical vulnerability present in both Adobe Acrobat and Reader. KrebsOnSecurity, October 8, 2013

Securing the Village

Cybersecurity Is Everyone’s Business: I wish it were possible to simply delegate cybersecurity to the “big guys.” Why not just let the government and big companies handle it? Forbes, October 1, 2013

The 28th Annual 2013 ISSA SoCal Security Symposium: The SoCal Security Symposium features over 30 vendor exhibits and several industry experts discussing current security issues such as eDiscovery, cloud security, threat vectors, mobile security, and much more. There will be lots of give a ways and prizes! This conference will provide tremendous networking opportunities. You’ll come away with advice and knowledge you can start applying to your environment immediately. Your registration will include your breakfast, lunch, ice cream social, CPE credits (8) and entrance into the conference sessions and exhibit area. ISSA of Orange County, Event Date: October 30, 2013

Securing the Village – ISSA-LA

ISSA-LA October Lunch Meeting: Topic: How threat actors are using your databases against you – Hacking databases to maintain access to your network. ISSA-LA, Event Date: October 16, 2013

National Cyber Security

Cybersecurity reform going nowhere fast: For all the bellowing in Washington over Chinese and Iranian cyberspies that are striking at lightning speed, Congress is still stuck slogging at a snail’s pace to offer any solution. Politico, October 9, 2013

Cyber Sunshine

Suspect in ‘Blackhole’ cybercrime case arrested in Russia: source: (Reuters) – Russian authorities have arrested a man believed to be responsible for distributing a notorious software kit known as “Blackhole” that is widely used by cyber criminals to infect PCs, according to a person familiar with the situation. Reuters, October 9, 2013

‘Bulletproof’ Hoster Santrex Calls It Quits: Santrex, a Web hosting provider that has courted cybercrime forums and created a haven for a nest of malicious Web sites, announced last week that it is shutting its doors for good, citing “internal network issues and recent downtime.” KrebsOnSecurity, October 9, 2013

Feds Arrest Alleged Top Silk Road Drug Seller: Federal authorities last week arrested a Washington state man accused of being one of the most active and sought-after drug dealers on the online black market known as the “Silk Road.” Meanwhile, new details about the recent coordinated takedown of the Silk Road became public, as other former buyers and sellers on the fraud bazaar pondered who might be next and whether competing online drug markets will move in to fill the void. KrebsOnSecurity, October 7, 2013

13 alleged hackers indicted in attacks on sites unkind to file sharing, WikiLeaks: Federal prosecutors have charged 13 alleged members of the hacking group Anonymous in connection with cyberattacks that the collective launched in 2010 against ­anti-piracy groups and financial institutions unwilling to process donations to WikiLeaks. The Washington Post, October 3, 2013

Cyber Misc

Landmark Leadership Conferences for IT Executives: The IT Summit is the executive technology conference series returning to Los Angeles for our seventh annual event on October 23, 2013. The purpose of the summit is to provide educational and networking resources for the IT leaders in Southern California. The conference is driven by an Executive Board of regional IT professionals that directs the content of the conference. The IT Summit is designed to address the real-world opportunities and challenges faced by today’s executives. The IT Summit, Event Date: October 23, 2013

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.