Monday, October 15, 2012

Cyber Security News for the Week of October 15, 2012


From our friends at Citadel Information Group

Cyber Warning - Online Bank Fraud

RSA Warning, DDoS Attacks Linked?: The next-generation Gozi Trojan threat that security vendor RSA warned about last week is real and requires response, experts say.BankInfoSecurity, October 9, 2012

'Project Blitzkrieg' Promises More Aggressive Cyberheists Against U.S. Banks: Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA's advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I'm weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets. KrebsOnSecurity, October 8, 2012

Cybercriminals plot massive banking Trojan attack: Computerworld - An international gang of cyber crooks is plotting a major campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks, security firm RSA warned. ComputerWorld, October 5, 2012

Cyber Security Management

Can You Trust Android Anti-malware Rankings?: With hundreds of Android security apps available in the market, Android owners and tech journalists tend to rely on the rankings of independent testing labs to tell us which products are most effective at malware detection. You'll usually find the same products in the top tier of tests: avast!, F-Secure, Kaspersky, Lookout, McAfee. Coincidence? Maybe not... PC Mag, October 12, 2012

How to Defend Against Malnets: The number of malnets has jumped 300 percent in the past six months, according to security firm Blue Coat Systems. While they are nearly impossible to kill, there are steps you can take to protect your organization. CIO, October 5, 2012

Cyber Update

Mozilla re-releases Firefox 16 after patching critical bugs: Computerworld - Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines. ComputerWorld, October 11, 2012

Microsoft Patches Windows, Office Flaws: Microsoft today pushed out seven updates to fix a variety of security issues in Windows, Microsoft Office and other software. If you're using Windows, take a moment to check with Windows Update or Automatic Update to see if new security patches are available. KrebsOnSecurity, October 9, 2012

Critical Adobe Flash Player Update Nixes 25 Flaws: Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software. KrebsOnSecurity, October 9, 2012

Cyber Privacy

Consumer Privacy on the Web Be Damned, Say Big Advertisers: A simple privacy setting in a browser that lets users ask that they not be tracked on the Web doesn't seem all that controversial. But it is. A lobbying group of major advertisers, including several tech companies that should know better, are going to war with Microsoft and consumers over the setting. CIO, October 5, 2012

Hacktivists

Capital One Latest Victim in Ongoing Cyber Attack: Capital One (COF) experienced a denial of service attack on its website Tuesday afternoon, a day after a hacker group claiming to be associated with a terrorist group issued a threat in retaliation for an anti-Islam film released last month. Fox News, October 9, 2012

National Cyber Security

U.S. Suspects Iran Was Behind a Wave of Cyberattacks: WASHINGTON - American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a "cyber-Pearl Harbor." The New York Times, October 13, 2012


US Warns Two Chinese Companies Pose Security Risk: CAPITOL HILL - U.S. companies considering doing business with Chinese telecommunications companies Huawei and ZTE are being warned to find another vendor. A U.S. House of Representatives report said the companies pose a long-term corporate and national security threat. Voice of America, October 8, 2012

Cyber Defenders

FBI in DC creates squad dedicated solely to investigating intellectual property theft:WASHINGTON - The FBI's Washington field office has created a squad dedicated to investigating intellectual property thefts, part of a more aggressive law enforcement approach to cybercrime, an official said Friday. The Washington Post, October 12, 2012

Cyber Survey

Study: Cybercrime Attacks and Costs on the Rise: New research conducted by The Ponemon Institute finds that the cost and frequency of cyber-crime has continued to rise consecutively over the last three years, with no signs of slowing down.ComplianceWeek, October 12, 2012

Cybercrime Attacks, Costs Escalating: The frequency of online attacks against U.S. businesses continues to increase, along with the cost of defending against those attacks and mitigating any resulting data breaches. Cybercrime now costs a U.S. business $8.9 million per year, an increase of 6% from 2011 and 38% from 2010.InformationWeek, October 8, 2012

Securing the Village-Events Calendar

ISSA-LA Monthly Lunch Meeting; Oct 17, 2012, 11:45 - 1:45, Les Freres Taix: Topic:Using SIEM as a Platform for Real-Time Threat Detection. Speaker: Joe Magee. SIEM has long been known as a strong platform for monitoring security controls and alerting on policy violations, but for a variety of reasons, its not gotten golden reviews for real-time threat detection. Yes, SIEM has some limitations that need to be overcome for real-time threat detection, but it also has some very strong advantages. This presentation will talk about SIEM's limitations, and will present a model for how to push the envelope. What internal data sources are needed? What external threat intelligence should be used? How can we marry the two through specialized use case development? In addition to providing a conceptual model, the presentation will walk through some real-world examples of how SIEM has successfully been used to expedite detection and analysis of cyberthreats, and to streamline response processes. Meeting Sponsor: Corero Network Security  

2012 ISSA International Conference; Oct 25-26: New opportunities abound in the midst of amazing transformations in technology, business, and culture. Inspired by Disney's innovative vision, the cybersecurity community will gather at the Magic Kingdom on October 25-26 to look at change as a chance to achieve excellence. Dr. Stan Stahl, Citadel and ISSA-LA President, and David Lam, ISSA-LA Vice President, will speak at 11:30AM on Friday. The title of their talk is It takes the village to secure the village. SM

Cyber Security Awareness-Continuing CPA Education; Dec 3: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

Jeff Snyder's SecurityRecruiter.com Security Recruiter Blog

SecurityRecruiter.com's Security Recruiter Blog