Monday, October 10, 2011

Cyber Security News of the Week for the Week of October 10

Cyber Security News of the Week for the Week of October 10

From our friends at Citadel Information Group
Cyber Security Story of the Week - Cyber Security Management

An excellent example of getting the information security and privacy people involved when personal or sensitive information is being collected.

Heading Off Privacy Problems-Before They Arise: When General Electric Co. was getting ready to launch a home energy-monitoring appliance last year, it called in an unusual expert: the company's chief privacy leader, Nuala O'Connor Kelly.Ms. Kelly quizzed the product developers on how they planned to use the data collected by the device and advised them on what to write in the appliance's "energy data privacy policy" for consumers. Welcome to the new world of corporate privacy. The Wall Street Journal, September 26, 2011

Alerts and Warnings
Security hole in HTC phones gives up e-mail addresses, location: A security hole found in some HTC Android phones could give apps with Internet permissions access to information like a user's location and their text messages, Android Police reported today. The vulnerability is part of HTC's Sense UI and affects a subset of the brand's most popular phones, including the HTC Thunderbolt and the EVO 4G. ars technica, October 3, 2011

HTC Preps Emergency Patch For Android Phones: HTC confirmed Tuesday third-party reports that a data-leakage vulnerability exists in some smartphone models that it manufactures, and said it's working on a fix. InformationWeek, October 4, 2011

Computer hackers call victims posing as tech support: We've heard about cyber criminals finding high-tech ways to hack into massive computer systems. But now there is a warning about a much simpler trick hackers are using to get into your personal computer. ABC News, October 5, 2011

Homeland Cyber Security
Homeland Security Revamps Cyber Arm: The National Protection and Programs Directorate, the Department of Homeland Security agency that handles many of the government's cybersecurity responsibilities is about to get a makeover in the wake of the departure of former deputy undersecretary Phil Reitinger. The directorate, among other things, is in works to secure federal civilian agency networks and coordinate cybersecurity with the private sector. InformationWeek, September 26, 2011

U.S. lawmakers point to China as cause of cyberattacks: U.S. government officials need to put more pressure on their Chinese counterparts to stop a "pervasive" cyber-espionage campaign targeting U.S. companies, a U.S. lawmaker said Tuesday. Computerworld, October 4, 2011

Internet Badlands
Hackers Crack Internet Encryption: Should You Be Worried?: Data encryption is the cornerstone of Internet security. Every time you log into your email account or sign into an online retailer like Amazon, chances are that your browser is establishing a secure connection to the server using an encryption technology called TLS (Transport Layer Security). PC World, October 4, 2011

Anonymous Group Pledges Digital Raid on NYSE Next Week: One or more Internet users claiming to be the digital activist group known as Anonymous Hackers said overnight that it intends to take down the New York Stock Exchange's public web site next week. onWallstreet, October 5, 2011

How Much is That Phished PayPal Account?: Compromised PayPal accounts are a valuable commodity in the criminal underground, and crooks frequently trade them in shadowy online forums. But it wasn't until recently that I finally encountered a proper Web site dedicated to selling hacked PayPal accounts. KrebsOnSecurity, October 5, 2011

Federal Cybersecurity Incidents Rocket 650% In 5 Years: As the White House declares National Cybersecurity Awareness Month to shed a light on the issue, a federal watchdog report shows that cybersecurity incidents among federal agencies have dramatically risen in recent years. Information Week, October 4, 2011

Online Bank Fraud
Monster Spam Campaigns Lead to Cyberheists: Phishers and cyber thieves have been casting an unusually wide net lately, blasting out huge volumes of fraudulent email designed to spread password-stealing banking Trojans. Judging from the number of victims who reported costly cyber heists in the past two weeks, many small to medium sized organizations took the bait. KrebsOnSecurity, October 3, 2011

'Well organized, sophisticated, fast' cybercriminals scare US banks: BITS, the U.S. financial industry's IT policy arm, has a new leader: Paul Smocer, an expert in email security and authentication. Smocer is taking the lead of BITS at a time when financial services firms are responding to the emergence of new technologies - including social networking, mobile computing and cloud computing - while remaining under attack from ever-savvier cybercriminals. BITS is coordinating efforts by the U.S. banking industry to create new top-level domains - such as .bank, .insure and .invest - that would be restricted to financial services firms and could offer consumers extra protection from phishing, malware and other attacks. Computer World, October 4, 2011

Cyber Security Awareness Month
President Proclaims Cybersecurity Month: Americans, along with people around the world, depend on the Internet and digital tools for all aspects of our lives - from mobile devices to online commerce and social networking. This fundamental reliance is why our digital infrastructure is a strategic national asset, and why its security is our shared responsibility. This month, we recognize the role we all play in ensuring our information and communications infrastructure is interoperable, secure, reliable, and open to all. Gov Info Security, October 3, 2011

Securing the Future
Cyber-security legislation: A view from Silicon Valley: new bill aimed at protecting citizens' online personal information by holding companies accountable for protecting that information is making its way through the Senate. The Personal Data Protection and Breach Accountability Act, sponsored by Senator Richard Blumenthal, would enable the Justice Department to fine businesses with more than 10,000 customers $5,000 per violation per day, with a maximum of $20 million per violation. With all of the recent high-profile cyber-attacks, such a proposal is not only timely, but arguably overdue. Unfortunately, this fine-based, punitive approach will not succeed. To make a difference, legislation should also be prescriptive. The Daily Caller, October 3, 2011

Ray of Sunshine
NYC ID Theft Ring Bust Leads to 111 Arrests: (NEW YORK) - Bank tellers, restaurant workers and other service employees in New York lifted credit card data from residents and foreign tourists as part of an identity theft ring that stretched to China, Europe and the Middle East and victimized thousands, authorities said Friday. Time, October 8, 2011's Security Recruiter Blog