Monday, September 24, 2012

Cyber Security News for the Week of September 24, 2012


From our friends at Citadel Information Group

Cyber Underground

Coders Behind the Flame Malware Left Incriminating Clues on Control Servers: The attackers behind the nation-state espionage tool known as Flame accidentally left behind tantalizing clues that provide information about their identities and that suggest the attack began earlier and was more widespread than previously believed. Wired, September 17, 2012

ID Theft Service Tied to Payday Loan Sites: A Web site that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be obtaining at least some of its records from a network of hacked or complicit payday loan sites. KrebsOnSecurity, September 17, 2012

Cyber Threat

Beware of pre-installed malware on your new PC: Everyone knows that the first thing you should do with a new computer is install anti-malware software - even free tools like AVG and Microsoft Security Essentials are generally deemed just about as good as programs you have to pay for. But what happens if the computer you buy comes with malware pre-installed before you even get a chance to take it out of the box? In that case, things get difficult, since few anti-malware tools are equipped to deal effectively with pre-existing threats. CBSNews, September 17, 2012

New TDL4 Bootkit Malware Variant Hits Fortune 500: Security vendor Damballa Labs has discovered a new variant of the TDSS/TDL4 malware that has apparently hit about 250,000 unique victims and at least 46 Fortune 500 companies, governmental agencies and ISP networks. CRN, September 19, 2012

Authentication Flaw Allows Hackers To Easily Crack Oracle Databases: Hackers have exploited a gaping identity flaw that allows them to easily crack Oracle databases. The flaw allows anyone to do a brute force attack and access the data. Techcrunch, September 20, 2012

Brand-new hardware - now with malware pre-installed: Normally, malware is an Internet phenomenon. But a recent Microsoft study reveals even new PCs and electronic gear may carry infection. Infoworld, September 20, 2012

Bank group warns of heightened risk of cyber attacks: A financial services industry group warned U.S. banks, brokerages and insurers on Wednesday to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites. Reuters, September 20, 2012

Cyber Threat - Internet Explorer

Hackers exploit new IE zero-day vulnerability: Attackers are exploiting a "zero-day" vulnerability in Microsoft's Internet Explorer (IE) and hijacking Windows PCs that cruise to malicious or compromised websites, security experts said Monday. ComputerWorld, September 17, 2012

Microsoft confirms hackers exploiting critical IE bug, promises patch: Microsoft on Monday issued a security advisory that confirmed in-the-wild attacks are exploiting an unpatched bug in Internet Explorer. The software maker is working on a fix. ComputerWorld, September 18, 2012

Germany warns users to ditch Internet Explorer over security hole: The German government's information security agency has issued a warning recommending that users should stop using Microsoft's Internet Explorer until the company releases an fix for a recently-discovered hole in the browser. ZDNet, September 19, 2012

Microsoft Issues Stopgap Fix for IE 0-Day Flaw: Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. KrebsOnSecurity, September 19, 2012

Microsoft Fixes Zero-Day, Four Other Flaws in IE: Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems. KrebsOnSecurity, September 21, 2012

National Cyber Security

White House confirms cybersecurity order in the works: National Security Adviser John Brennan confirmed that the White House is drafting an executive order to encourage companies to better protect vital computer systems. But in the letter released Friday, Brennan said the administration cannot unilaterally achieve all of the goals of cybersecurity legislation and urged Congress to push ahead with its own comprehensive efforts. The Hill, September 17, 2012

Cyber Survey

IBM X-Force 2012 Mid-Year Trend and Risk Report - Rising Attacks Focus on Browsers and Social Media Networks: IBM today released the results of its X-Force 2012 Mid-Year Trend and Risk Report which shows a sharp increase in browser-related exploits, renewed concerns around social media password security, and continued challenges in mobile devices and corporate "bring your own device" PRNewswire, September 20, 2012

Securing the Village-ISSA-LA

ISSA-LA Donates $1,500 to ISSA Educational Foundation to Support Information Security Scholarship Program: Dr. Stan Stahl, president of the Los Angeles chapter of the Information Systems Security Association (ISSA-LA), presented a check for $1,500 to the ISSA Education Foundation (ISSAEF) to support the E. Eugene Schultz, Jr. PhD Memorial Scholarship Fund. Foundation Board Chair Sandra Lambert and Board member Dr. Dan Manson accepted the donation on behalf of the Foundation. PRLog, September 19, 2012

Securing the Village-Events Calendar

Cyber Security Awareness Briefing; Oct 2: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the South Bay Entrepreneurial Center's new facility in Torrance, CA  on Tuesday evening, October 2. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim. More information is available at meetup.com.

Cyber Security Awareness Briefing; Oct 11: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the monthly lunch meeting of the Science and Engineering Council of Santa Barbara. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

NetDiligence Cyber Risk and Privacy Liability Forum, October 11-12,2012: Ritz-Carlton, Marina del Rey. Dr. Stan Stahl, Citadel and ISSA-LA President, will discuss cyber challenges and solutions during a panel discussion at 11:15AM on Friday, October 12. "Why Can't We All Just Stop Breaches?"

2012 ISSA International Conference; Oct 25-26: New opportunities abound in the midst of amazing transformations in technology, business, and culture. Inspired by Disney's innovative vision, the cybersecurity community will gather at the Magic Kingdom on October 25-26 to look at change as a chance to achieve excellence. Dr. Stan Stahl, Citadel and ISSA-LA President, and David Lam, ISSA-LA Vice President, will speak at 11:30AM on Friday. The title of their talk is It takes the village to secure the village. SM

Cyber Security Awareness-Continuing CPA Education; Dec 3: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

SecurityRecruiter.com's Security Recruiter Blog