Monday, July 23, 2012

Cyber Security News for the Week of July 23, 2012

From our friends at Citadel Information Group

Cyber Crime

Hacker claims breach of 50,000 accounts from Wall Street IT recruiting firm: A hacker today claimed to have broken into, a website for IT professionals who are seeking Wall Street jobs or working with Wall Street firms, and exposed highly detailed data belonging to tens of thousands of job applicants. ComputerWorld, July 18, 2012

Cyber Threat

Cyberheist Smokescreen: Email, Phone, SMS Floods: It was early October 2011, and I was on the treadmill checking email from my phone when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn't know it at the time, but my account was being used to beta test a private service now offered openly in the criminal underground that can be hired to create highly disruptive floods of junk email, text messages and phone calls. KrebsOnSecurity, July 18, 2012

Spammers Target Dropbox Users: "Always have your stuff when you need it with Dropbox." That's the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses. KrebsOnSecurity, July 17, 2012

Android malware numbers explode to 25,000 in June 2012: In June 2012, the number of Android malware threats increased to a whopping 25,000 samples. More specifically, 5,000 new malicious Android apps were found in Q1 2012 while 15,000 were found so far in Q2 2012. Put another way, in all of Q1 2012, the number jumped by 5,000, while just one month in Q2 2012 was responsible for another 10,000. ZDNet, July 17, 2012

Cyber Espionage

Middle East's Latest Malware Malady Does It Old-School: Security researchers have discovered yet another piece of malware that appears to be targeting computer systems in the Middle East. TechNewsWorld, July 19, 2012

Mahdi Cyberespionage Malware Infects Computers in Iran, Israel, Other Middle Eastern Countries: A piece of malware called Mahdi or Madi has been used to spy on hundreds of targets from Iran, Israel and a few other Middle Eastern countries during the past eight months, according to researchers from security vendors Seculert and Kaspersky Lab. PCWorld, July 17, 2012

Cyber Security Management

The Most Common Passwords From the Yahoo Mail Leak: On Wednesday, we learned that about 400,000 Yahoo Mail passwords were apparently leaked. Another annoying bit of news for those who struggle to come up with new secret codes (even though Slate's Farhad Manjoo has offered up a foolproof system). But it has given us another look into the psychology of password creation. Slate, July 14, 2012

Yahoo Password Breach: 7 Lessons Learned: Stop the password breach madness: If it seems as if every week brings a new password breach to light, that's because hackers have been hard at work, releasing passwords with aplomb. InformationWeek, July 13, 2012

Cyber Security Management - ISSA-LA

Open source offense could be our best defense against cyberattacks: A core dilemma for IT today is how to properly protect the organizations' information systems and assets given security tools often seem like a black hole sucking down both time and money. But a strong defense doesn't have to be expensive, and a good place to start is assessing what information is publicly available and figuring out how to safeguard it from attack. NetworkWorld, July 16, 2012

Cyber Security Management - Olympics 2012

Cyber security at large sporting events: The London 2012 Olympics will bring together 10,500 athletes, diplomats, politicians, business leaders and millions of spectators from all over the world. Behind the scenes there is an immense effort being made to ensure the security and well-being of everyone participating, in any capacity, in this grand event. This article gives an inside-look into the thinking, business processes and security controls put in place to manage the risks in large sporting events. Many, but not all, of these principles and techniques can also be effectively applied by any business or organisation. Malta Independent, July 15, 2012

Cyber Security Management - Cyber Insurance

Data: The Breach Is Only the Beginning: For small-to-midsize businesses, the ongoing costs of responding to a data breach can dwarf the expense of the data loss itself. Now new insurance instruments are being created to help limit the damage. CFO, July 13, 2012

Securing the Village

Legal, regulatory risks keep firms from sharing cyber threat data: A new report suggests that companies should be protected from threat of lawsuit or regulation enforcement if they are sharing cyber security threat information with the government. Cnet, July 19, 2012

National Cyber Security

Taking the Cyberattack Threat Seriously: Barack Obama: Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill. The Wall Street Journal, July 19, 2012

Cyber Security Legislation

Privacy advocates satisfied with Lieberman's cybersecurity rewrite: Revisions that Sen. Joe Lieberman (I-Conn.) made to his Cybersecurity Act seem to have appeased privacy advocates who lobbied against an earlier version of the bill. The Hill, July 21, 2012

Chamber not sold on revised cybersecurity bill: The U.S. Chamber of Commerce said on Friday that it isn't sold yet on the revised version of the cybersecurity bill by Sen. Joe Lieberman (I-Conn.), arguing that it would take an "overly prescriptive" approach towards protecting the nation's critical infrastructure from cyberattacks. The Hill, July 20, 2012

Cybersecurity bill shows signs of life in Senate: Key lawmakers are racing to broker a compromise on a Senate cybersecurity bill, insisting that floor action is still possible as early as next week. Politico, July 17, 2012

Cybersecurity compromise still uncertain: With the August recess nearly three weeks away, it will be difficult for the Senate to move forward on cybersecurity legislation-but don't count it out just yet. The Hill, July 15, 2012

Cyber Sunshine

Top Spam Botnet, "Grum," Unplugged: Nearly four years after it burst onto the malware scene, the notorious Grum spam botnet has been disconnected from the Internet. Grum has consistently been among the top three biggest spewers of junk email, a crime machine capable of blasting 18 billion messages per day and responsible for sending about one-third of all spam.KrebsOnSecurity, July 19, 2012

Researchers Say They Took Down World's Third-Largest Botnet: On Wednesday, computer security experts took down Grum, the world's third-largest botnet, a cluster of infected computers used by cybercriminals to send spam to millions of people. Grum, computer security experts say, was responsible for roughly 18 percent of global spam, or 18 billion spam messages a day. The New York Times, July 18, 2012

Jeff Snyder's Security Recruiter Blog's Security Recruiter Blog