Monday, December 12, 2011

Cyber Security News of the Week, December 12, 2011

From our friends at Citadel Information Group
Cyber Security Story of the Week - Online Bank Fraud
Our story below - Western Iowa YMCA loses $54,000 to cyber crime- demonstrates again the reality of online bank fraud.

There is an epidemic increase in online bank theft, affecting financial institutions and the organizations who bank online. All too frequently, the increasing sophistication of cyber criminal attacks has not been met by a corresponding increase in defenses. The reality is that financial institutions and their account holders both have opportunities to do more to ensure online financial transactions are secure.

Visit the Online Bank Security page on our website for more information on what financial institutions and their customers can do to protect themselves.

Information at Risk - Alerts and Warnings

Attackers Hit New Adobe Reader, Acrobat Flaw: Malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned today. KrebsOnSecurity, December 6, 2011

Symantec confirms Reader exploits targeted defense companies: Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses. Computerworld, December 7, 2011

New zero-day vulnerabilities found in Adobe Flash Player: Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well. Cnet, December 9, 2011

Information at Risk - Online Bank Fraud

Western Iowa YMCA loses $54,000 to cyber crime: ATLANTIC, Iowa- A western Iowa YMCA has been forced to dip into its reserves after computer hackers stole $54,000 from the organization. Chicago Tribune, December 9, 2011

Information at Risk - Skimmers at ATM Machines & Supermarkets

Pro Grade (3D Printer-Made?) ATM Skimmer: In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM he was using and reported it to police. Authorities who responded to the incident discovered a sophisticated, professional-grade ATM skimmer that they believe was made with the help of a 3D printer. KrebsOnSecurity, December 7, 2011

Hackers hit supermarket self-checkout lanes, steal money from shoppers: Criminals have tampered with the credit and debit card readers at self-checkout lanes in more than 20 supermarkets operated by a California chain, allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada and urging customers who used self-checkout lanes to close their bank and credit card accounts. Ars Technica, December 7, 2011

Securing America's Critical Infrastructure

Cyber Attacks Bombard Energy Sector, Threatening World Oil Supply: Hackers are bombarding the world's computer controlled energy sector, conducting industrial espionage and threatening potential global havoc through oil supply disruption. Huffington Post, December 8, 2011

Cyber Litigation - Hewlett Packard

HP sued over security flaw in printers: A lawsuit against Hewlett-Packard alleges that the company sold LaserJet printers that it knew had a security flaw in them that could allow hackers to steal data, take control of networks and even cause physical damage to printers through overheating. Cnet, December 8, 2011

National Cyber Security

House Democrats Skeptical of Data Sharing in Cybersecurity Bill: U.S. House legislation calling for companies and the government to share data on hacker threats needs to be better defined to protect consumer privacy, Democratic lawmakers and cybersecurity specialists said. Bloomberg, December 6, 2011

Federal Cybersecurity R&D Strategic Plan Released: Today, OSTP is releasing Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program-a road map to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness. The White House, December 6, 2011

Cyber-intruder sparks massive federal response - and debate over dealing with threats: The first sign of trouble was a mysterious signal emanating from deep within the U.S. military's classified computer network. Like a human spy, a piece of covert software in the supposedly secure system was "beaconing" - trying to send coded messages back to its creator. The Washington Post, December 8, 2011

Hacking Social Media - Russia

Twitter Bots Drown Out Anti-Kremlin Tweets: Thousands of Twitter accounts apparently created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed parliamentary elections in Russia, security experts said. KrebsOnSecurity, December 8, 2011

Invasive Software - CNET Bundling Toolbars, Trojans?: It wasn't long ago that I felt comfortable recommending CNET's as a reputable and trustworthy place to download software. I'd like to take back that advice: CNET increasingly is bundling invasive and annoying browser toolbars with software on its site, even some open-source titles whose distribution licenses prohibit such activity. KrebsOnSecurity, December 6, 2011

Information at Risk - Oops!

Flaw exposes Facebook CEO's photos: A Facebook security flaw, revealed this week, allowed users to gain access to the billionaire businessman's private pictures. Facebook blamed a software error in a feature that lets users report inappropriate content. The company said the error was quickly fixed, but some people were able to view a limited number of other people's photos, even if they were marked as private and meant for a small circle of friends. USA Today, December 7, 2011's Security Recruiter Blog