Monday, August 29, 2011

Cyber Security News, Week of August 29, 2011

This Week's Cyber Security News
Week of August 29, 2011

This Week's Cyber Security News, Week of August 29, 2001
From our friends at Citadel Information Group, Inc.

Alerts and Warnings

DHS warns that Irene could prompt phishing scams: As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity. Computer World, August 26, 2011

Information at Risk

Child Identity Theft Takes Advantage Of Kids' Unused Social Security Numbers: Every few weeks, Stephanie McManis receives a phone call from a collection agency asking for someone she never met. She recently opened a letter from a bank threatening to sue her for defaulting on a loan she never took out. She checks her credit report monthly, disputing late payments on emergency room visits she never made. The Huffington Post, August 22, 2011

Google hacking exposes large caches of personal data: Google hacking, which has been on the rise this summer, is a bit of a misnomer. Also known as Google dorking, Google hacking refers to cybercriminals' enterprising use of Google's advanced search functions to find caches of valuable data ripe for the taking. USA Today, August 23, 2011

Maine voter registration system breached: The Maine Secretary of State's Office said Wednesday it is investigating a potential security breach in the computer system that contains records on Maine's registered voters. Bangor Daily News, August 26. 2011

Researcher battles insulin pump maker over security flaw: A security researcher who has proven he can remotely disable the insulin pump he relies on to keep his diabetes in check says the device maker is refusing to acknowledge the problem and misleading the public. Cnet, August 26, 2011

Information at Risk - Intellectual Property

Fake goods, stolen secrets cost U.S. firms billions: An industrial spy tries to steal $20 million in trade secrets from Minnesota-based Valspar paints. The kingpin of a Houston-based drug counterfeiting ring makes millions plugging his fake pharmaceuticals into the pipeline of Britain's socialized medical system. In Washington, the Defense Department unwittingly buys and installs knockoff Cisco computer software to track troop movements. The Republic, August 24, 2011  

Cyber Security Management

New Data Spill Highlights Risk of Online Health Records: Until recently, medical files belonging to nearly 300,000 Californians sat unsecured on the Internet for the entire world to see. Fox News, August 22, 2011

Consumers Fear Online Fraud and Seek Retailers' Resolutions: Is consumers' growing concern for online shopping safety a good thing for brick and mortar retailers? Could some of those customers be willing to pack in their PayPal accounts and abandon their online shopping carts, and find their way back to Main Street USA? A recent Harris Interactive survey commissioned by McAfee makes it seem likely, reporting, "84 percent of consumers say they are at least somewhat concerned about providing their personal information when shopping online. And less than 33 percent of shoppers believe most websites are safe for shopping, an 11 percent dip from 2009." That leaves only six percent of consumers that aren't worrying about Internet security. And while you hope that means more customers will hit the storefronts, there are no guarantees. Plus, as multi-channel browsing has become a growing trend, more and more brick and mortars are investing in a B2C site, and it would be a waste of money if consumers online security concerns were not addressed and the B2C sites abandoned. Independent Retailer, August 25, 2011  

Internet Badlands

Source Code For SpyEye Trojan Published; More Exploits On The Horizon, Researcher Says: The source code for SpyEye, an infamous data-stealing Trojan, has been published on the Web and could easily be adapted and used by any savvy cybercriminal with virtually no cost or chance of getting caught, a researcher said Monday. Dark Reading, August 15, 2011

Hybrid Hydras and Green Stealing Machines: Hybrids seem to be all the rage in the automobile industry, so it's unsurprising that hybrid threats are the new thing in another industry that reliably ships updated product lines: The computer crime world. The public release of the source code for the infamous ZeuS Trojan earlier this year is spawning novel attack tools. And just as hybrid cars hold the promise of greater fuel efficiency, these nascent threats show the potential of the ZeuS source code leak for morphing ordinary, run-of-the-mill malware into far more efficient data-stealing machines. KrebsOnSecurity, August 24, 2011

Researchers See Improvements in Breakaway Zeus Malware: A dangerous piece of malicious code responsible for stealing money from online bank accounts is being updated with new functions after its source code was leaked earlier this year, according to security researchers. PC World, August 25, 2011  

Mobile Security

Researchers find first Android malware targeting Gingerbread: Researchers have spotted the first malware that exploits a critical vulnerability in Android 2.3, aka Gingerbread, finding samples tucked into legitimate apps on Chinese download sites. Computer World, August 23, 2011  

Legal Actions

Exclusive: Privacy lawsuit targets comScore: Online data tracking service comScore Inc siphons confidential information including passwords, credit card numbers and Social Security numbers from unsuspecting users, according to a lawsuit filed on Tuesday. Reuters, August 23, 2011  

Privacy Matters

Facebook reworks its maligned privacy settings: Facebook on Tuesday said it was overhauling its privacy settings to give members easier, more precise control over who sees posts, photos and other content over the vast social network. SF Gate, August 24, 2011

New Control Over Privacy on Facebook: Privacy worries have bedeviled Facebook since its early days, from the introduction of the endless scroll of data known as the news feed to, most recently, the use of facial recognition technology to identify people in photographs. The New York Times, August 23, 2011  

Securing the Future

Moving Toward Trusted Identities: In an effort to alleviate one of the biggest issues in online security-the problem of secure online authentication-the Obama administration recently issued its final National Strategy for Trusted Identities in Cyberspace (NSTIC). The goal is to partner with private sector entities to implement the strategy; that initiative is being led by the Commerce Department and the National Institute of Standards and Technology (NIST). If it works, it could help reduce online fraud and identity theft and spur commerce, according to government officials. It would be particularly useful for online banking and in protecting sensitive electronic medical records. Security Management, August 2011's Security Recruiter Blog