Monday, October 22, 2012

Cyber Security News for the Week of October 22, 2012

Cyber Crime - Online Bank Fraud

Hackers Suspected in $400,000 Bank of America Electronic Heist: A small Washington town lost $400,000 in an electronic heist that transferred the city's money from its Bank of America account to several other accounts, police said. TechNewsDaily, October 15, 2012

Cyber Security Management
Doing the Two-Step, Beyond the A.T.M.: BANK A.T.M.'s embody decades-old technology. A four-digit PIN? What a seemingly crude security system. Where are the uppercase and lowercase letters and the random punctuation that we are continually told are crucial to hacker-resistant passwords? The New York Times, October 13, 2012

Cyber Threat - HIPAA
Medical Malware Rampant in US Hospitals: Medical devices are at risk from computer attacks and malware, government experts say. The problem, in part, stems from fears that updating or modifying existing software could break U.S. Food and Drug Administration rules. Yahoo News, October 18, 2012

Cyber Warning
FBI warns users of mobile malware: In a warning issued by a government task force, mobile users are told to beware of malware that is especially lured to Android's operating system and ways to avoid it. CNet, October 15, 2012

Cyber Update
Critical Java Patch Plugs 30 Security Holes: Oracle on Tuesday pushed out a bevy of security patches for its products, including an update to Java that remedies at least 30 vulnerabilities in the widely-used program. KrebsOnSecurity, October 17, 2012

Cyber Privacy
Do Not Track? Advertisers Say 'Don't Tread on Us': Do Not Track mechanisms are features on browsers - like Mozilla's Firefox - that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising. The New York Times, October 13, 2012

Cyber Underworld
Rogue Pharma, Fake AV Vendors Feel Credit Card Crunch: New research suggests that companies behind some of America's best known consumer brands may be far more effective at fighting cybercrime than any efforts to enact more stringent computer security and anti-piracy laws. KrebsOnSecurity, October 18, 2012

Kaspersky Uncovers 'High Precision' miniFlame Malware: Researchers have uncovered a new virus with ties to the Flame and Gauss malware. According to Kaspersky Lab, its latest discovery has "many similarities to Flame," prompting researchers to dub it miniFlame. PC Magazine, October 15, 2012

The Scrap Value of a Hacked PC, Revisited: A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can't begin to fathom why miscreants would want to hack into his PC. "I don't bank online, I don't store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?," are all common refrains from this type of user. KrebsOnSecurity, October 15, 2012

DOS hackers take HSBC websites down: Some HSBC customers are still unable to access some of HSBC's online portals and services following a denial-of-service attack, resulting in customers being unable to log on for several hours. ZDNet, October 18, 2012

Islamist hackers target BB&T's website: The BB&T; website this week became the latest target of Islamist hackers who recently interrupted the websites of Capital One, SunTrust, Regions Financial and other banking companies, the North Carolina-based bank acknowledged. AJC, October 18, 2012

Securing the Village
DHS feels growing pains in cybersecurity role: The federal government is looking expectantly to the Homeland Security Department to take the lead on cybersecurity, and while officials there say they are ready to step up, it's not an effort without inherent growing pains. FCW, October 17, 2012

National Cyber Security
Draft order would give companies cyberthreat info: WASHINGTON - A new White House executive order would direct U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks, according to a copy obtained by The Associated Press. Huffington Post, October 20, 2012

OBAMA VS. ROMNEY ON CYBERSECURITY:As Americans prepare to go to the polls Nov. 6, President Barack Obama and his Republican challenger Gov. Mitt Romney have staked out starkly different positions on economic and foreign policy. Discovery News, October 19, 2012

Should Industry Face More Cybersecurity Mandates?: Defense Secretary Leon E. Panetta has warned that the United States faces a possible "cyber-Pearl Harbor" attack by foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government. But in August, Senate Republicans, siding with the U.S. Chamber of Commerce blocked legislation that would have required new standards at critical private-sector facilities, saying such rules would be too burdensome for businesses. The New York Times, October 18, 2012

Cyber Career
Cybersecurity business, jobs expected to grow through 2016: Cybersecurity industry analysts expect the market to grow more than 50 percent in the next four years even as other types of defense spending are expected to flatten or decline, creating new opportunities for workers and businesses in Maryland. Baltimore Sun, October 19, 2012

Cyber History
Consortium names award in honor of Lynn McNulty: The International Information Systems Security Certification Consortium, or (ISC)2, has announced the installment of a new award honoring the late Lynn F. McNulty, an early advocate of cybersecurity within the government. FCW, October 18, 2012

Cyber Survey
APWG Report: Brands Targeted by Cybercrime Gangs Reach All-Time High in April: CAMBRIDGE, MASS. - The APWG reports in its Q2 2012 Phishing Activity Trends Report released this week that the number of brands targeting by phishing attacks sustained an all-time high of 428 in April of this year, the second record-breaking quarter for cybercrime brand abuse reported by the APWG this year. HeraldOnline, October 17, 2012

Cyber Misc
Highly Contagious Malware Could Cause 'Mass Murder' By Hacking Pacemakers To Send A Deadly Jolt: A highly contagious software virus is proving very effective at targeting a very important piece of electronics: The Pacemaker. Business Insider, October 18, 2012

Voter Registration Rolls in 2 States Are Called Vulnerable to Hackers: Computer security experts have identified vulnerabilities in the voter registration databases in two states, raising concerns about the ability of hackers and others to disenfranchise voters. The New York Times, October 12, 2012

Securing the Village-Events Calendar
2012 ISSA International Conference; Oct 25-26: New opportunities abound in the midst of amazing transformations in technology, business, and culture. Inspired by Disney's innovative vision, the cybersecurity community will gather at the Magic Kingdom on October 25-26 to look at change as a chance to achieve excellence. Dr. Stan Stahl, Citadel and ISSA-LA President, and David Lam, ISSA-LA Vice President, will speak at 11:30AM on Friday. The title of their talk is It takes the village to secure the village. SM

OWASP Monthly Meeting; Oct 29: Join OWASP at their monthly meeting. For more information and to register, click here.

ISSA-LA November Lunch Meeting; Nov 14: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.

ISC2 Monthly Meeting; Nov 6: Join ISC2 at their monthly meeting.

CSA-LA Monthly Meeting; Nov 14: Join the Los Angeles Angeles Chapter of the Cloud Security Alliance for their monthly meeting.

OWASP Monthly Meeting; Nov 28: Join OWASP at their monthly meeting.

Imperial Capital's 2012 Security Investor Conference; Dec 12-13, 2012: Waldorf Astoria, New York. Featured keynote speaker, Richard A. Clark. For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting.

Cyber Security Awareness-Continuing CPA Education; Dec 3, 2012: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton.'s Security Recruiter Blog