Monday, November 07, 2011
Cyber Security News of the Week, November 7, 2011
Cyber Security Story of the Week
From our friends at Citadel Information Group
Our lead story of the week is the breach disclosure from UCLA Health System: U.C.L.A. Health System Warns About Stolen Records. 16,288 medical records were on a computer stolen from a Doctor's home as part of a robbery. The good news was that the hard drive was encrypted. The bad news was that the password was on a piece of paper near the computer and it too went missing.
Rule 1 is never write down passwords. Rule 2 is - if you're going to break rule 1 - do it securely. If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver's license. And just write the password: write "15Blah-blah-blah" not "my laptop password is 15Blah-blah-blah."
Alerts and Warnings
Microsoft Issues Stopgap Fix for 'Duqu' Flaw: Microsoft has released an advisory and a stopgap fix for the zero-day vulnerability exploited by the "Duqu" Trojan, a highly targeted malware strain that some security experts say could be the most important cyber espionage threat since Stuxnet. KrebsOnSecurity, November 4, 2011
Information at Risk
Massive hack hit 760 companies: NEW YORK (CNNMoney) - A massive cyberattack that led to a vulnerability in RSA's SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week. CNN Money, October 28, 2011
U.C.L.A. Health System Warns About Stolen Records: LOS ANGELES (AP) - UCLA's system of hospitals and clinics warned more than 16,000 patients that their personal information was on a computer hard drive stolen in the burglary of a doctor's home, officials said Friday. The New York Times, November 4, 2011
Hackers Hit 29 Chemical Makers in 'Nitro' Attack, Symantec Says: Computer hackers struck 29 chemical companies in attacks this summer aimed at gathering data on formulas and manufacturing processes, according to security provider Symantec Corp. SF Gate, November 2, 2011
Are You on the Pwnedlist?: 2011 has been called the year of the data breach, with hacker groups publishing huge troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised. KrebsOnSecurity, November 2, 2011
Cyber Security Management Should you share breach information?: When companies suffer a security breach today they face that core dilemma: Tell the world and hope the honesty helps others, or keep it under wraps to avoid tarnishing the brand and duck possible lawsuits? One thing is clear from the arguments below: It is time for the government to take the guesswork out of the equation. Network World, November 2, 2011
Cyber Security Management - Cloud Security
Ponemon Institute Survey on Cloud Data Security Exposes Gulf between IT Security and Compliance Officers: SAN JOSE, Calif., Nov 01, 2011 (BUSINESS WIRE) - Vormetric, Inc., the leader in enterprise systems encryption and key management, today announced the results from an independent research report conducted by the Ponemon Institute on how organizations manage data security risks in cloud computing environments. The survey of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures. Meanwhile, the two groups sharply disagreed on whether the cloud is as secure as on-premise datacenters, who is responsible for cloud data security, and what security measures should be used. Market Watch, November 1, 2011
Most Execs Don't Feel They Can Secure Cloud Infrastructures: Enterprises are using cloud infrastructures, but they aren't very confident in their ability to secure them, according to a study to be published Wednesday. Dark Reading, November 2, 2011
Poll: 67% Security Fear Factor With Cloud Computing: Computing via the Internet cloud - like renting servers in a far-off data center from Amazon or Rackspace - can save companies money and keep them flexible. But it can be a security challenge. Investors.com, November 4, 2011
Lazy Hackers Port Ancient Linux Trojan to Mac OSX: Hackers are testing new Mac malware that they've ported from a nine-year-old Trojan horse originally written for Linux, according to security experts. Computer World, October 31, 2011
Community Bank Focus on Consumer Security Contradicts Regs: Community bankers are strengthening security on consumer accounts, but they are not always extending those protections to business accounts, which regulators say are at a higher risk. American Banker, August 16, 2011
Security Expert Warns of Cyber World War: LONDON - A leading Internet security expert warned Tuesday that a cyber terrorist attack with "catastrophic consequences" looked increasingly likely in a world already in a state of near cyber war. Fox News, November 1, 2011
Cyber War - Stuxnet
Stuxnet Raises 'Blowback' Risk In Cyberwar: The Stuxnet computer worm, arguably the first and only cybersuperweapon ever deployed, continues to rattle security experts around the world, one year after its existence was made public. NPR, November 2, 2011
National Cyber Defense
U.S. report blasts China, Russia for cyberattacks: WASHINGTON (AP) - U.S. intelligence officials accused China and Russia on Thursday of systematically stealing American high-tech data for their own national economic gain. USA Today, November 3, 2011
EU and US cybersecurity experts stress-test defences: EU and US cybersecurity officials have tested how they would co-ordinate their response to a hacking attack. BBC, November 3, 2011
International Cyber Security
Hague lists cyber 'rules of the road': Governments should follow seven cyber 'rules of the road' in deciding how to act and regulate behaviour online, UK foreign secretary William Hague has told a UK government cybersecurity conference. ZDNet, November 1, 2011
SecurityRecruiter.com's Security Recruiter Blog
President of SecurityRecruiter.com and JeffSnyderCoaching.com. SecurityRecruiter.com is an executive search firm specialized in information security recruiting, cyber security recruiting, corporate security recruiting, physical security recruiting, converged security recruiting, IT risk management recruiting, enterprise risk management, global compliance recruiting, global privacy recruiting and business intelligence recruiting.
Through JeffSnyderCoaching.com, I provide Resume Writing, LinkedIn Profile Optimization, Personal Branding, Personal Marketing, Strengths Coaching, Emotional Intelligence Coaching, Career Coaching, Leadership Coaching, Executive Coaching, Coaching for Entrepreneurs and aspiring Entrepreneurs, Career Transition Coaching and more.
My clients include Fortune 500 clients crossing many different different industry boundaries including but not limited to Banking, Financial Services, Hospitality, Gaming, Insurance, eCommerce, Oil & Gas, Retail, Entertainment, Media, Software, Consumer Products, Hospitality, Mining, Security Consulting, Telecommunications and more.
My Security Recruiter Blog is home to information that security, risk, compliance, governance and privacy professionals need to grow their security careers and is updated weekly.
My recent public speaking activities include:
- CISO Forum and ISSA of Los Angeles
- CSO Roundtable for ASIS
- North Texas ISACA in Dallas, TX
- Information Security Leadership Forum, Dallas, TX
- ISSA in Denver, CO
- National CISO Forum of ISSA in Las Vegas
- ISSA in Colorado Springs
- EVANTA in Phoenix
- A private training session to train computer sales people in Denver to leverage LinkedIn to drive their sales business opportunities.
- I speak on leadership, career and overcoming adversity topics.
Testimonials of my recruiting work are found on the Security Recruiting Testimonials page of SecurityRecruiter.com. Testimonials for my coaching work are found on the Coaching Testimonials page of JeffSnyderCoaching.com.
I have a rather large and growing LinkedIn network with nearly 30,000 direct connections.