Monday, September 10, 2012

Cyber Security News for the Week of September 10, 2012


From our Friends at Citadel Information Group

Securing the Village-Events Calendar

Cyber Security Awareness-Continuing CPA Education; Sep 18: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the 26th Annual Orange County / Long Beach Fall Seminar Series. In this 3-hour non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

ISSA-LA: September Dinner Meeting with OWASP, ISC2 and CSA; Sep 19: Insecure software applications are the biggest threat to data breaches and the source of over 90% of all security vulnerabilities according to NIST. Software security tools and training have been available for years. So why do most organizations still produce insecure code? This session discusses a 10-year research study and an Application Security Maturity Model that documents how organizations mature over time and why so many application security initiatives fail.

Cyber Security Awareness Briefing; Oct 2: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the South Bay Entrepreneurial Center's new facility in Torrance, CA  on Tuesday evening, October 2. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim. More information is available at meetup.com.

Cyber Security Awareness Briefing; Oct 11: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the monthly lunch meeting of the Science and Engineering Council of Santa Barbara. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

2012 ISSA International Conference; Oct 25-26: New opportunities abound in the midst of amazing transformations in technology, business, and culture. Inspired by Disney's innovative vision, the cybersecurity community will gather at the Magic Kingdom on October 25-26 to look at change as a chance to achieve excellence. Disruptions like "big data", "cloud computing", massive collaboration, and business transformation make it possible for us to blaze new trails and build effective foundations. We are enabling our work forces to be mobile and productive while protecting sensitive data. We build systems and policies that impede our foes and guard our constituents. This is an exciting time to be in the information security field and we are all vital in making our businesses faster, better, smarter and, most importantly, safer.

Cyber Security Awareness-Continuing CPA Education; Dec 3: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Cyber Threat

Hackers Shift Tactics, Study Warns: Cybercriminals are shifting tactics to bypass corporations' first line of defense, which typically include antivirus software, firewalls, and intrusion prevention systems, a study released last week shows. PC World, September 3, 2012

Cyber Warning

Tool Allows Mac OS X Hackers With Root Access to Easily Extract Keychain Data: A new tool allows Mac OS X attackers with root OS access to easily steal the keychain password data of logged in users and reinforces the dangers of granting administrative privileges to applications without serious consideration. PC World, September 7, 2012

Warning: Don't forget about meeting tomorrow (fake e-mail): Cybercriminals are spamming as many people as they can with a new e-mail that uses the same old trick to prey on ignorant corporate workers. The e-mail message's subject line says it all: "Don't forget about meeting tomorrow." The body of the e-mail pushes the receiver to open the attached file, a supposed report for tomorrow's supposed meeting that is really just malware. ZDNet, July 9, 2012

Cyber Update

Apple Releases Fix for Critical Java Flaw: If you own a Mac, take a moment today to run the Software Update application and check if there is a Java update available. Delaying this action could set your Mac up for a date with malware. In April, the Flashback Trojan infected more than 650,000 Mac systems using an exploit for a critical Java flaw. KrebsOnSecurity, September 5, 2012

Identity Theft

Stolen identity keeps making trouble, 15 years later: The letter from debt collector Resurgent Capital Services arrived at my home the other day. Enclosed was a bill for $2,852.56, originally run up in the 1990s on a Citibank credit card. LA Times, September 4, 2012

Info of 55K Patients Stolen from Indianapolis Cancer Practice: The Cancer Care Group, an oncology practice based in Indianapolis, claims it will improve its storage and data security practices going forward after a laptop containing the sensitive information of about 55,000 of its patients was stolen last month. ThreatPost, August 31, 2012

Cyber Underworld

The Infamous Google Hackers Are Still Out There, Exploiting Our Computers: Nearly three years ago, Google was hacked by a group that was almost certainly sponsored by the Chinese Government. But as Wired tells it, the assignment for that group wasn't a one-off thing. In fact, they've executed no fewer than 8 zero-day attacks on websites over the past three years, and have compromised at least 1,000 computers in various sectors. gizmodo, September 7, 2012

Hacktivists

Hackers backing Syrian regime hit Al-Jazeera: The official website of the Al-Jazeera TV satellite channel was attacked Tuesday by hackers backing the Syrian regime. Boston.com, September 4, 2012

Hacker group alleges it stole 12 million Apple IDs from the FBI: A hacker group known as AntiSec claims it stole the identification numbers for 12 million Apple devices and has posted information on a million of them on a website. LA Times, September 4, 2012

Swedish websites shut down by hacker attacks: STOCKHOLM - Swedish government websites were jammed by hackers for hours Monday, with some supporters of WikiLeaks founder Julian Assange claiming responsibility on Twitter. Huffington Post, September 3, 2012

Securing the Village

National Cyber Security Hall of Fame releases Final Nominees for Inaugural Class: BALTIMORE - The National Cyber Security Hall of Fame (NCSHOF) announced that 24 individuals were nominated and confirmed by the Board of Advisors and peers for consideration for the 2012 enshrinement class. This group is a result of over 250 nominations from leaders in the cyber security industry and a subsequent evaluation by the Board of Advisors. Beginning in 2012 and in each of the next ten years, a number of individuals will be enshrined in the National Cyber Security Hall of Fame at a black tie event recognizing and celebrating their contributions to the evolution of the cyber security industry.HeraldOnline, September 6, 2012

Hackers' Exploits of Java Renews Debate About Pace of Security Fixes: Oracle issued an emergency fix today for vulnerabilities in its Java software about four months after Security Explorations, a security firm, warned the company about the bugs. Bloomberg, August 30, 2012



SecurityRecruiter.com's Security Recruiter Blog