This Week's Cyber Security News
Week of August 29, 2011
This Week's Cyber Security News, Week of August 29, 2001
From our friends at Citadel Information Group, Inc.
Alerts and Warnings
DHS warns that Irene could prompt phishing scams: As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity. Computer World, August 26, 2011
Information at Risk
Child Identity Theft Takes Advantage Of Kids' Unused Social Security Numbers: Every few weeks, Stephanie McManis receives a phone call from a collection agency asking for someone she never met. She recently opened a letter from a bank threatening to sue her for defaulting on a loan she never took out. She checks her credit report monthly, disputing late payments on emergency room visits she never made. The Huffington Post, August 22, 2011
Google hacking exposes large caches of personal data: Google hacking, which has been on the rise this summer, is a bit of a misnomer. Also known as Google dorking, Google hacking refers to cybercriminals' enterprising use of Google's advanced search functions to find caches of valuable data ripe for the taking. USA Today, August 23, 2011
Maine voter registration system breached: The Maine Secretary of State's Office said Wednesday it is investigating a potential security breach in the computer system that contains records on Maine's registered voters. Bangor Daily News, August 26. 2011
Researcher battles insulin pump maker over security flaw: A security researcher who has proven he can remotely disable the insulin pump he relies on to keep his diabetes in check says the device maker is refusing to acknowledge the problem and misleading the public. Cnet, August 26, 2011
Information at Risk - Intellectual Property
Fake goods, stolen secrets cost U.S. firms billions: An industrial spy tries to steal $20 million in trade secrets from Minnesota-based Valspar paints. The kingpin of a Houston-based drug counterfeiting ring makes millions plugging his fake pharmaceuticals into the pipeline of Britain's socialized medical system. In Washington, the Defense Department unwittingly buys and installs knockoff Cisco computer software to track troop movements. The Republic, August 24, 2011
New Data Spill Highlights Risk of Online Health Records: Until recently, medical files belonging to nearly 300,000 Californians sat unsecured on the Internet for the entire world to see. Fox News, August 22, 2011
Consumers Fear Online Fraud and Seek Retailers' Resolutions: Is consumers' growing concern for online shopping safety a good thing for brick and mortar retailers? Could some of those customers be willing to pack in their PayPal accounts and abandon their online shopping carts, and find their way back to Main Street USA? A recent Harris Interactive survey commissioned by McAfee makes it seem likely, reporting, "84 percent of consumers say they are at least somewhat concerned about providing their personal information when shopping online. And less than 33 percent of shoppers believe most websites are safe for shopping, an 11 percent dip from 2009." That leaves only six percent of consumers that aren't worrying about Internet security. And while you hope that means more customers will hit the storefronts, there are no guarantees. Plus, as multi-channel browsing has become a growing trend, more and more brick and mortars are investing in a B2C site, and it would be a waste of money if consumers online security concerns were not addressed and the B2C sites abandoned. Independent Retailer, August 25, 2011
Source Code For SpyEye Trojan Published; More Exploits On The Horizon, Researcher Says: The source code for SpyEye, an infamous data-stealing Trojan, has been published on the Web and could easily be adapted and used by any savvy cybercriminal with virtually no cost or chance of getting caught, a researcher said Monday. Dark Reading, August 15, 2011
Hybrid Hydras and Green Stealing Machines: Hybrids seem to be all the rage in the automobile industry, so it's unsurprising that hybrid threats are the new thing in another industry that reliably ships updated product lines: The computer crime world. The public release of the source code for the infamous ZeuS Trojan earlier this year is spawning novel attack tools. And just as hybrid cars hold the promise of greater fuel efficiency, these nascent threats show the potential of the ZeuS source code leak for morphing ordinary, run-of-the-mill malware into far more efficient data-stealing machines. KrebsOnSecurity, August 24, 2011
Researchers See Improvements in Breakaway Zeus Malware: A dangerous piece of malicious code responsible for stealing money from online bank accounts is being updated with new functions after its source code was leaked earlier this year, according to security researchers. PC World, August 25, 2011
Researchers find first Android malware targeting Gingerbread: Researchers have spotted the first malware that exploits a critical vulnerability in Android 2.3, aka Gingerbread, finding samples tucked into legitimate apps on Chinese download sites. Computer World, August 23, 2011
Exclusive: Privacy lawsuit targets comScore: Online data tracking service comScore Inc siphons confidential information including passwords, credit card numbers and Social Security numbers from unsuspecting users, according to a lawsuit filed on Tuesday. Reuters, August 23, 2011
Facebook reworks its maligned privacy settings: Facebook on Tuesday said it was overhauling its privacy settings to give members easier, more precise control over who sees posts, photos and other content over the vast social network. SF Gate, August 24, 2011
New Control Over Privacy on Facebook: Privacy worries have bedeviled Facebook since its early days, from the introduction of the endless scroll of data known as the news feed to, most recently, the use of facial recognition technology to identify people in photographs. The New York Times, August 23, 2011
Securing the Future
Moving Toward Trusted Identities: In an effort to alleviate one of the biggest issues in online security-the problem of secure online authentication-the Obama administration recently issued its final National Strategy for Trusted Identities in Cyberspace (NSTIC). The goal is to partner with private sector entities to implement the strategy; that initiative is being led by the Commerce Department and the National Institute of Standards and Technology (NIST). If it works, it could help reduce online fraud and identity theft and spur commerce, according to government officials. It would be particularly useful for online banking and in protecting sensitive electronic medical records. Security Management, August 2011
Monday, August 29, 2011
Cyber Security News, Week of August 29, 2011
President of SecurityRecruiter.com and JeffSnyderCoaching.com. SecurityRecruiter.com is an executive search firm specialized in information security recruiting, cyber security recruiting, corporate security recruiting, physical security recruiting, converged security recruiting, IT risk management recruiting, enterprise risk management, global compliance recruiting, global privacy recruiting and business intelligence recruiting.
Through JeffSnyderCoaching.com, I provide Resume Writing, LinkedIn Profile Optimization, Personal Branding, Personal Marketing, Strengths Coaching, Emotional Intelligence Coaching, Career Coaching, Leadership Coaching, Executive Coaching, Coaching for Entrepreneurs and aspiring Entrepreneurs, Career Transition Coaching and more.
My clients include Fortune 500 clients crossing many different different industry boundaries including but not limited to Banking, Financial Services, Hospitality, Gaming, Insurance, eCommerce, Oil & Gas, Retail, Entertainment, Media, Software, Consumer Products, Hospitality, Mining, Security Consulting, Telecommunications and more.
My Security Recruiter Blog is home to information that security, risk, compliance, governance and privacy professionals need to grow their security careers and is updated weekly.
My recent public speaking activities include:
- CISO Forum and ISSA of Los Angeles
- CSO Roundtable for ASIS
- North Texas ISACA in Dallas, TX
- Information Security Leadership Forum, Dallas, TX
- ISSA in Denver, CO
- National CISO Forum of ISSA in Las Vegas
- ISSA in Colorado Springs
- EVANTA in Phoenix
- A private training session to train computer sales people in Denver to leverage LinkedIn to drive their sales business opportunities.
- I speak on leadership, career and overcoming adversity topics.
Testimonials of my recruiting work are found on the Security Recruiting Testimonials page of SecurityRecruiter.com. Testimonials for my coaching work are found on the Coaching Testimonials page of JeffSnyderCoaching.com.
I have a rather large and growing LinkedIn network with nearly 30,000 direct connections.