Monday, October 29, 2012

Cyber Security News for the Week of October 29, 2012

From our friends at Citadel Information Group

Cyber Crime

Hackers Just Stole Over 3 Million Social Security Numbers: If you've filed tax returns in South Carolina sometime since 1998, you might be in a little bit of hot water. An unidentified, foreign hacker has gotten into the state's Department of Revenue, pilfering around 3.6 million social security numbers, and 387,000 credit and debit card numbers. In other words, no small haul. Gizmodo, October 26, 2012

Hackers steal data from compromised Barnes & Noble payment terminals: Criminal hackers planted malicious code in payment card keypads used at 63 Barnes & Noble stores across the United States and siphoned account data belonging to people who used them, company officials have warned. ars technica, October 24, 2012

Cyber Threat
Android apps used by millions vulnerable to password, e-mail theft: Android applications downloaded by as many as 185 million users can expose end users' online banking and social networking credentials, e-mail and instant-messaging contents because the programs use inadequate encryption protections, computer scientists have found. ars technica, October 21, 2012

Cyber Warning
Service Sells Access to Fortune 500 Firms: An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks. KrebsOnSecurity, October 22, 2012

Cyber Security Management - Cloud
Another Amazon Outage Takes Out Reddit and Raises More Concerns About the Cloud: Windows 8, Microsoft's heavily cloud based operating system, is due to hit the market in four days along with their Surface RT Tablet. While Microsoft (including Bill Gates) is talking up the operating system and its virtues there are many in the industry that are concerned about what will happen once (really if) a larger number of people start using these cloud services. This is highlighted today by yet another outage at Amazon that brought down many services including Reddit. Decrypted Tech, October 22, 2012

Cyber Update
Adobe Ships Critical Fixes for Shockwave Player: Adobe has released a critical security update that plugs at least a half-dozen security holes in its Shockwave media player software. October 23, 2012

Securing the Village - Stahl Quoted in WSJ
Banks Pushed to Clear Fog of Cyberwar: "Banks need to do a better job of getting out in front of these attacks and communicating with their customers," said Stan Stahl, president of Citadel Information Group, a security management and consulting firm. Wall Street Journal, October 19, 2012

Securing the Village-Events Calendar

ISSA-LA November Lunch Meeting; Nov 14: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.

ISC2 Monthly Meeting; Nov 6: Join ISC2 at their monthly meeting.

CSA-LA Monthly Meeting; Nov 14: Join the Los Angeles Chapter of the Cloud Security Alliance for their monthly meeting.

OWASP Monthly Meeting; Nov 28: Join OWASP at their monthly meeting.

Cyber Security Awareness-Continuing CPA Education; Dec 3, 2012: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Imperial Capital's 2012 Security Investor Conference; Dec 12-13, 2012: Waldorf Astoria, New York. Featured keynote speaker, Richard A. Clark. For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim. 

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton.'s Security Recruiter Blog