Monday, March 05, 2012

Cyber Security News for the week of March 5, 2012

From our friends at Citadel Information Group

Cyber Commentary - It Takes the Village to Secure the Village SM
FBI Director Robert Mueller, speaking at the 2012 RSA Conference, said cooperation is the key to fighting cyber crime. As President of the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) I'm (Stan Stahl PhD) proud of the steps our Chapter is taking to make the Director's words reality in Los Angeles.

On May 16, ISSA-LA will hold its Fourth Annual Information Security Summit. We designed the Summit to encourage participation and interaction among all three vital information security constituencies:

1.       Business Leaders: CEOs, COOs, CFOs, Managing Partners and other non-technical decision makers with top-level management responsibility for information security and compliance with information privacy laws and regulations, together with their Trusted Advisors

2.       Technology Leaders: CIOs, Technical Managers and other IT professionals with responsibility for maintaining the IT network and the data it contains

3.       Information Systems Security Leaders: CISOs and other information security specialists having day-to-day responsibility for ensuring the security of sensitive information, together with those responsible for auditing systems security.

Alan Paller, Director of Research at the prestigious SANS Institute and a columnist for Forbes Magazine, will Keynote this year's Summit. Alan's that rare individual who both understands the depth of the cyber crime challenges we face and is able to explain it to non-technical business leaders.

I encourage you to join us at this year's Summit. For more  information and to register, please visit the Chapter's newly designed website.

Take a look at the electronic voting story below. The DC school board invited computer security experts to try to break into its e-voting system. Taking up the challenge were University of Michigan professor Alexander Halderman, along with two graduate students. A few hours later after the team broke into the system, they began blocking attacks from China and the Persian Gulf. For the team's pièce de résistance, the researchers programmed the site to play the University Of Michigan's Fight Song "Hail To The Victors!." Go Blue!!

Cyber Security Management - Securing the Enterprise
Cyber Security - Don't leave home without it: Don't neglect cyber security when you're traveling. Traveling exposes you to higher than normal cyber risk. This is true whether you're planning to surf the web, do email, or Skype with family and friends. It's particularly true if you plan to conduct sensitive corporate business online, especially in certain Asian and Eastern European countries with a reputation for cybercrime. Any device used to store or process information is at risk: laptops, netbooks, tablets, iPads, iPhones, smartphones, USB-drives. Citadel Security Guide, February 29, 2012

Malware, Hacking Most Common Attacks in 2011 Data Breaches: Verizon DBIR: Malware and hacking were the most commonly used attack vectors in data breaches that occurred in 2011, according to a sneak peek of the 2012 Data Breach Investigations Report from Verizon. eWeek, February 29, 2012

Study Reveals That Encryption is Critical to Increase Security Posture, Report Thales and Ponemon Institute: SAN FRANCISCO, Feb 28, 2012 (BUSINESS WIRE) - Thales, leader in information systems and communications security, today announces the publication of the 2011 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that encryption is now seen as a strategic issue and that organizations are increasing their investment in encryption across the enterprise in response to compliance regulations and cyber-attacks.

Corporate Clients Should Ask Specific Questions About Law Firm Computer Security, Experts Say: We live in a world in which computer attacks via the Internet are routine, and many law firms are both particularly inviting targets and especially vulnerable. ABA Journal, February 21, 2012

Cyber Security Management - Securing the Village
FBI Director:Information Sharing Is Key to Battling Cyber-Crime: The FBI cannot fight cyber-crime on its own. The private sector has to work hand-in-hand with law enforcement, said FBI Director Robert Mueller at the 2012 RSA Conference. eWeek, March 3, 2012

Leading Cybersecurity Certification Groups Form Industry Collaborative: SAN FRANCISCO, Feb. 29, 2012 /PRNewswire-USNewswire/ - Global leaders in vendor-neutral, standards-based cybersecurity credentials today announced the creation of the Cybersecurity Credentials Collaborative (C3), a new effort to promote the benefits of certifications in the skills development of information security professionals around the world. PR News Wire, February 29, 2012

Cyber Crime
In Attack on Vatican Web Site, a Glimpse of Hackers' Tactics: The elusive hacker movement known as Anonymous has carried out Internet attacks on well-known organizations like Sony and PBS. In August, the group went after its most prominent target yet: the Vatican. The New York Times. February 27, 2012

Hackers had 'full functional control' of Nasa computers: Hackers gained "full functional control" of key Nasa computers in 2011, the agency's inspector general has told US lawmakers. BBC, March 2, 2012

WikiLeaks publishes millions of emails stolen from US think tank: Notorious whistleblowing website WikiLeaks has published five million emails from a geopolitical analysis company that Reuters likened to a "shadow CIA." Fox News, February 27, 2012

Cyber Threats and Vulnerabilities
Malware authors expand use of domain generation algorithms: Malware authors are increasingly adopting flexible domain generation algorithms (DGAs) in order to evade detection and prevent their botnets from being shut down by security researchers or law enforcement agencies. ComputerWorld, February 27, 2012

Banking Trojan hijacks live chat to run real-time fraud: A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorising fraudulent transactions. The Register, February 28, 2012

Remote access malware growing problem for smartphones: Malware tools that allow attackers to gain complete remote control of smartphones have become a serious threat to users around the world, security researchers say. Tech World, March 1, 2012

Cyber Law
ACH Fraud and the Courts: It's been nearly three years since hackers rerouted more than $540,000 from a small business account owned by Maine-based PATCO Construction Inc.. Still, legal wrangles between PATCO and Peoples United Bank [formerly known as Ocean Bank] linger. BankInfoSecurity, March 1, 2012

US regulators propose rules to protect against identity theft: WASHINGTON, Feb 28 (Reuters) - New rules proposed by federal market regulators on Tuesday would require mutual funds and securities and commodities brokerages to develop programs to protect investors against identity theft. Reuters, February 28, 2012

Ray of Sunshine
Interpol swoop nets 25 suspected 'Anonymous' hackers: LYON, France - Interpol has arrested 25 suspected members of the 'Anonymous' hackers group in a swoop covering more than a dozen cities in Europe and Latin America, the global police body said Tuesday. AFP, February 29, 2012

Google offers hackers $1 million to expose Chrome bugs: Internet search giant Google has announced that it would pay up to one million dollars in prizes to hackers who can expose bugs and vulnerabilities in their Chrome browser. DNA, February 29, 2012

Hackers Elect Futurama's Bender to the Washington DC School Board: Electronic voting has earned a pretty bad reputation for being insecure and completely unreliable. Well, get ready to add another entry to e-voting's list of woes. PC World, March 2, 2012

Anonymous hackers say it was infiltration not tech prowess that led to arrests: LIMA, Peru - People identifying themselves as activists in the Anonymous hacker movement said Wednesday it wasn't technical prowess but police infiltration that yielded 25 arrests in a sweep in Europe and South America. Washington Post, March 1, 2012's Security Recruiter Blog