Monday, July 09, 2012

Cyber Security News for the Week of July 9, 2012

From our friends at Citadel Information Group

Cyber Crime - Online Bank Fraud
Cybercriminals Sniff Out Vulnerable Firms: With cybercriminals a greater threat to small businesses than ever before, more entrepreneurs like Lloyd Keilson are left asking themselves who is to blame for hacking attacks that drain their business accounts. ... In May, Lifestyle Forms & Displays Inc., a mannequin maker and importer led by the 65-year-old Mr. Keilson, had $1.2 million wiped out of its bank accounts in just hours through online transactions. The theft from the Brooklyn, N.Y., company, which has about 100 employees, wasn't an isolated incident. Wall Street Journal, July 5, 2012

Cyber Privacy
Islamic hackers post hundreds of Israeli email addresses and passwords: Islamic hackers on Sunday revealed hundreds of Israeli email addresses and their passwords on the website of Anonymous Arab. According to Avnet Security Systems, most of the addresses and passwords listed are active accounts.Haaretz, July 2, 2012

Cyber Threat
Malware defiled Apple's App Store: Kaspersky is taking credit for finding an infected application that appeared in the app stores of both Apple and Google. Russia-based security vendor, Kaspersky Lab, claims to have found the first malware to appear on Apple's App Store. ... The "Find and Call" app, which was also available in Google's Android app store, was uploading the contact lists of users to a remote server, and sending out SMS spam to the harvested numbers. The SMS messages would contain a link to download the infected application. ZDNet, July 6, 2012

 New Java Exploit to Debut in BlackHole Exploit Kits: Malicious computer code that leverages a newly-patched security flaw in Oracle's Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.KrebsOnSecurity, July 5, 2012

Cyber Security Management
Want cheaper insurance? Brush up on your IT security: Businesses that take steps to protect their IT systems from cyberattack could in the future be rewarded with discounted insurance premiums. ZDNet, July 4, 2012

Power Outage Highlights Infrastructure Vulnerability: As close to 3 million inhabitants of the Washington, D.C., area hunker down for an un-air-conditioned day of triple digital temperatures after a fast-moving line of storms took out power on both sides of the Potomac, we can ponder for a moment the digital consequences of this difficult situation. Forbes, July 2, 2012

Cyber Security Management - DNS Changer
Check this site to see if your computer has been infected with DNS changer malware. You're looking for information on how to clean up or fix malicious software ("malware") associated with DNS Changer. It's possible that either your computer or your home router has been modified to use resources once controlled by criminals to redirect your traffic. DCWG

Cyber Security Management - Securing the Village
Firms told to own up to cybercrime attacks: WASHINGTON, July 2 (UPI) - Corporations and other businesses in the United States and elsewhere are coming under increasing pressure to own up to cybercrime attacks they are often suspected of hiding to protect brand identity and shareholder interests. UPI, July 2, 2012

National Cyber Security
An Unhappy Birthday For Uncle Sam On Cyber Security: Here's the good news on America's birthday: the last year has seen the U.S. emerge as an undisputed global leader in the use of offensive cyber operations. Averting another "Sputnik" moment, the nation's longest running and most successful democracy blazed new trails in non-kinetic warfare and effectively ending speculation that the military and political establishment in the world's lone superpower was asleep at the wheel of state as nations like China and Russia dashed ahead. Now for the bad news: we're screwed. ThreatPost, July 4, 2012

Price tag on govt secrecy: up 12 percent to $11.4B: WASHINGTON - The price tag for safeguarding government secrets rose by 12 percent in 2011 to a record $11.4 billion. CBS News, July 3, 2012

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically: U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011, according to a new report from the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT). DarkReading, June 29, 2012

Chinese hackers penetrate Indian Navy computer system: New Delhi: In a yet another Chinese attempt to dig into the Indian security system on Sunday, a group of hackers penetrated the sensitive computer networks in and around Vishakhaptnam, the headquarters of the Eastern Naval Command of the Indian Navy, as per a newspaper report. ZeeNewsIndia, July 2, 2012

Cyber Law - Online Bank Fraud
Court Ruling Could Be Boon to Cyberheist Victims: A decision handed down by a federal appeals court this week may make it easier for small businesses owners victimized by cyberheists to successfully recover stolen funds by suing their bank. ... The U.S. Federal Court of Appeals for the First Circuit has reversed a decision from Aug. 2011, which held that Ocean Bank (now People's United) was not at fault for a $588,000 cyberheist in 2009 against one of its customers - Sanford, Me. based Patco Construction Co. KrebsOnSecurity, July 6, 2012

PATCO ACH Fraud Ruling Reversed: Appeals Court Calls Bank's Security 'Commercially Unreasonable.' A federal appeals court has reversed a lower court's ruling in the ACH/wire fraud dispute between PATCO Construction Inc. and the former Ocean Bank, now People's United. BankInfoSecurity, July 4, 2012

Cyber Security Legislation
Senate Working on Cybersecurity Bills: Upon its return from Fourth of July break, some members of the U.S. Senate are preparing to introduce legislation that is touted to protect the Internet, though disagreements over provisions to be included in the bill have dampened efforts to reach a consensus on the legislation. In response to the efforts, major organizations have teamed up to ask Congress to keep the Internet free of government intrusion. The New America, July 3, 2012

Cyber Research
RSA Encryption 'Crack' Rattles Infosec Industry: A team of researchers say they've found a method for subverting RSA encryption. "This could be a big deal because there may be applications out there vulnerable to this attack," said John Hopkins' Matthew Green. RSA, however, contends the danger attributed to the research is being exaggerated. TechNewsWorld, July 2, 2012

Cyber Career
How to Break Into Security, Schneier Edition: Last month, I published the first in a series of advice columns for people who are interested in learning more about security as a craft or profession. In this second installment, I asked noted cryptographer, author and security rock star Bruce Schneier for his thoughts. KrebsOnSecurity, July 2, 2012's Security Recruiter Blog