Guest column by Citadel Information Group

Cyber Security News of the Week

Cyber Attack

Hackers Attack NASA’s Website to Protest NSA: Several sub-domains on the website of the National Aeronautics and Space Administration are offline following an attack by hackers opposed to National Security Agency surveillance programs. US News, September 12, 2013

Cyberspies attack key South Korean institutions, North Korean hackers suspected: IDG News Service – South Korean organizations that conduct research on international affairs, national security and Korean unification are under siege from cyberspies whose attack may have its origins in North Korea. CIO, September 11, 2013

Cyber Privacy

Intelligence Officials Admit That Edward Snowden’s NSA Leaks Call For Reforms: The intelligence community’s reaction to National Security Agency contractor Edward Snowden’s leaks has moved through the typical stages of denial, anger, and depression. Now it seems to be coming to acceptance. Forbes, September 13, 2013

Government Announces Steps to Restore Confidence on Encryption Standards: SAN FRANCISCO – The federal agency charged with recommending cybersecurity standards said Tuesday that it would reopen the public vetting process for an encryption standard, after reports that the National Security Agency had written the standard and could break it. The New York Times, September 10, 2013 

NSA Secretly Admitted Illegally Tracking Thousands Of ‘Alert List’ Phone Numbers For Years: The next time the National Security Agency claims that it works only within the strict oversight of the judicial branch and other watchdogs, its critics will have a new story to tell in response: That in 2009, the agency was found to be routinely misleading those overseers, and that it took another four years for those violations to become public. Forbes, September 10, 2013

Identity Theft

3 simple things consumers can do to curtail medical ID theft: It’s no surprise that medical identity theft is increasing. But the extent to that spike since just last year and the increasing value of medical information to criminals are startling indeed. Government Health IT, September 12, 2013

Cyber Threat

4 Mobile Device Dangers That Are More Of A Threat Than Malware: Worried about malware? Other threats should come to mind first for North American users, from losing the phone to inadvertently connecting to an insecure or rogue access point. DarkReadin, September 11, 2013

Cyber Warning

New Tibet malware variant found for OS X: After over a year of no apparent activity, a new variant of the Tibet malware affecting OS X systems has been found. CNet, September 11, 2013

Smart Devices That Make Life Easier May Also Be Easy To Hack, Says FTC: Wireless devices let us control our household appliances through the Internet with ease, but do they also make it easier for hackers to disrupt our daily lives? Hari Sreenivasan speaks with Kashmir Hill of Forbes on a recent finding by the Federal Trade Commission of inadequate security protections for some products. PBS, September 2013

Cyber Security Management

NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds: New details of the NSA’s capabilities suggest encryption can still be trusted. But more effort is needed to fix problems with how it is used. MIT Technology Review, September 9, 2013

Cyber Security Management – Cyber Update

Buggy Microsoft Update Hamstrings Outlook 2013: An Office 2013 non-security update, part of yesterday’s massive Patch Tuesday, blanks the folder pane in Outlook 2013, the suite’s email client, drawing complaints from customers on Microsoft’s support forum. CIO, September 11, 2013

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft each separately released a raft of updates to fix critical security holes in their software. Adobe pushed patches to plug holes in Adobe Acrobat/Reader and its Flash and Shockwave media players. Microsoft released 14 13 patch bundles to fix at least 47 security vulnerabilities in Windows, Office, Internet Explorer and Sharepoint. KrebsOnSecurity, September 10, 2013

Cyber Security Management – Cyber Defense

3 habits of successful data center security teams: In the Northern Hemisphere, most countries are experiencing a bountiful summer and hopefully along with it, some much needed downtime for overworked data center security teams. As an IT professional, you should use this downtime to reflect on ways to move data center security forward in keeping with new technology and workforce trends. CSO, September 10, 2013

Cyber Underworld

‘Yahoo Boys’ Have 419 Facebook Friends: Earlier this week, I wrote about an online data theft service that got hacked. That compromise exposed a user base of mostly young Nigerian men apparently engaged in an array of cybercrime activities – from online dating scams to 419 schemes. It turned out that many of these guys signed up for the data theft service using the same email address they used to register their Facebook accounts. Today’s post looks at the social networks between and among these individuals. KrebsOnSecurity, September 11, 2013

Spy Service Exposes Nigerian ‘Yahoo Boys’: A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored. KrebsOnSecurity, September 9, 2013

Cyber Law

Critics question FTC’s authority to bring data security complaints: The Federal Trade Commission should back away from its claim of broad authority to seek sanctions against companies for data breaches when it has no clearly defined data security standards, critics of the agency said Thursday. PCWorld, September 12, 2013

Cyber Survey

Internet Census 2012 Data: Millions of Devices Vulnerable by Default: Embedded device manufacturers have been warned for ages about the risks of making networking, telecom and critical infrastructure gear reachable online, worse yet, leaving default credentials in place for authenticating to those devices. ThreatPost, September 13, 2013

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.