Monday, September 26, 2011

Cyber Security News for the Week of September 26, 2011

Cyber Security News of the Week of September 26, 2011
From our friends at Citadel Information Group
Story of the Week

Our lead story of the week reports on a new survey about medical identity theft. It may also say something about our ethics.

Medical Identity Theft a Growing Problem: WASHINGTON - Nearly four out of ten doctors and hospitals surveyed have caught a patient trying to use someone else's identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Medpage Today, September 23, 2011

Information at Risk

Intel officials' emails posted after hack of cybersecurity group: The names and email addresses of hundreds of U.S. intelligence officials - including some senior officials in the Obama Administration - have been posted on an anti-secrecy website after computer hackers allegedly swiped them from the internal membership list of a prestigious national security organization. MSNBC, September 18, 2011

Hundreds of GoDaddy Sites Compromised to Serve Malware: Sucuri Security detected a mass-compromise of shared-hosting GoDaddy sites. In all 445 cases the .htaccess file (a main Apache web server configuration file) was modified to redirect users to a malware site when they were referred by one of a list of search engines. Security Watch, September 15, 2011

Cyber Security Management

Study Identifies 2011 Authentication Trends & Challenges for Community Financial Institutions: PADUCAH, Ky., Sep 19, 2011 (BUSINESS WIRE) - In recent years, there have been significant changes in the threat landscape for community financial institutions. To address these changes, the Federal Financial Institutions Examination Council (FFIEC) took action with a supplement to update authentication guidance. MarketWatch, September 19, 2011

Is an ISP code of conduct the best way to fight botnets?: The Department of Homeland Security and National Institute of Standards and Technology are looking to beat back the kudzu of spam generators, distributed denial of service zombies, and other botnets, and they want your cooperation-on a totally voluntary basis, of course. ars techinca, September 23, 2011

New cybersecurity alliance launches in Massachusetts: A collaboration among information security leaders in government, industry and academia has launched in Massachusetts with the goal of developing new data defense tactics. SC Magazine, September 22, 2011

Internet Badlands - Medical Identity Theft & HIPAA

Theft of Digital Health Data More Often Inside Job, Report Finds: Electronic health data breaches are increasingly carried out by "knowledgeable insiders" bent on identity theft or access to prescription drugs, according to a report from PricewaterhouseCoopers LLP. Bloomberg, September 22, 2011

Medical Identity Theft a Growing Problem: WASHINGTON - Nearly four out of ten doctors and hospitals surveyed have caught a patient trying to use someone else's identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Medpage Today, September 23, 2011

Alerts and Warnings

Zero-day holes found in Blackboard platform: Multiple zero-day security vulnerabilities have been found in the world's most popular educational software - holes that allow students to change grades and download unpublished exams, while allowing criminals to steal personal information. SC Magazine, September 16, 2011

National Cyber Defense

Clarke: Outdated cyber defense leaves US open to attack: The nation's cyber defenses now lag the capabilities of those attacking our online assets, leaving critical infrastructure and data vulnerable to increasingly sophisticated attacks, said former presidential adviser Richard Clarke. GCN, September 19, 2011

From the man who discovered Stuxnet, dire warnings one year later: One year ago a malicious software program called Stuxnet exploded onto the world stage as the first publicly confirmed cyber superweapon - a digital guided missile that could emerge from cyber space to destroy a physical target in the real world. Christian Science Monitor, September 22, 2011

The Future of Cyberspace

The Advent of a Global Intelligence: YALTA, Ukraine - Get ready for the global brain. That was the grand finale of a presentation on the next generation of the Internet I heard last week from Yuri Milner. G-8 leaders had a preview of Mr. Milner's predictions a few months earlier, when he was among the technology savants invited to brief the world's most powerful politicians in Deauville, France. The New York Times, September 22, 2011

Rays of Sunshine

FBI arrests Sony LulzSec hacking suspect: A suspected member of the clandestine hacking group LulzSec has been arrested in Arizona by the FBI on charges of taking part in an extensive breach of the Sony Pictures computer system. The Guardian, September 23, 2011

Firm sends bots into chats to solicit stolen data: A Texas security firm, CSIdentity, has created artificial-intelligence software capable of posing as a hacker and engaging ne'er-do-wells in the underground forums. Its goal is to solicit stolen data - a hacker hoping to fence 1,000 credit card numbers will offer dozens for free to prove they're real - and send them back to flesh-and-blood investigators. SFGate, September 19, 2011

Securing the Future

New (ISC)²® Foundation Brings Cyber Security Education and Awareness To Communities Across The Globe: (ISC)2 ("ISC-squared"), the world's largest not-for-profit information security professional body and administrators of the CISSP®, today announced that it has formed the (ISC)² Foundation, a new charitable organization dedicated to delivering education and awareness programs to communities around the globe to make the cyber world a safer place for everyone. A 501(c)3 organization, the (ISC)² Foundation will offer programs that leverage the unique skill sets of information security professionals everywhere to give back to the community and grow the pipeline of the next generation of qualified information security professionals. SFGate, September 19, 2011

Senate Panel Approves Bill Aimed at Thwarting Computer Attacks: Legislation aimed at protecting the nation's financial networks and power grids from computer hackers and safeguarding consumer data online won approval from a U.S. Senate panel in a party-line vote. Bloomberg, September 22, 2011's Security Recruiter Blog