Monday, November 05, 2012

Cyber Security News for the Week of November 5, 2012

From our friends at Citadel Information Group

Cyber Crime

South Carolina governor seeks to calm taxpayers after security breach: (Reuters) - South Carolina Governor Nikki Haley sought on Monday to temper the anger and frustration of state taxpayers left wondering if their personal information was compromised by recent cyber attacks on computers belonging to the Department of Revenue. Reuters, October 29, 2012

Haley: Taxpayer info didn't need to be encrypted: COLUMBIA, S.C. - South Carolina used the same standards as banks and other private institutions when it decided not to encrypt Social Security numbers and other information on a database of state tax returns that was accessed by a hacker, Gov. Nikki Haley said Monday. CBS News, October 29, 2012

Experian Customers Unsafe as Hackers Steal Credit Report Data: When hackers broke into computers at Abilene Telco Federal Credit Union last year, they gained access to sensitive financial information on people from far beyond the bank's home in west-central Texas. Bloomberg, October 29, 2012

Fast Flux Botnet Nets Fraudsters $78 Million: What does it take to build a cutting-edge, highly automated series of attacks against banking systems, powered by financial malware and bulletproof hosting services? For starters, it helps to have extensive experience using the Zeus and SpyEye financial malware toolkits. InformationWeek, October 26, 2012

Cyber Threat
Cyberattacks victimizing largest banks, feds say: Homeland Security chief Janet Napolitano says the nation's largest financial institutions "are actively under attack" by cybercriminals, and one expert says it is a trend contributing to the rising security costs of banks. PC World, November 3, 2012

'US financial institutions under attack by hackers': American financial institutions are "actively under attack" from hackers, a top Obama Administration official has said. Business Line, November 2, 2012

Cyber Warning
Facebook Shutdown: Hackers Give Advance Warning of Attack: A Facebook shutdown would be difficult for many people to handle. The social media giant is the hub of activity for millions of users at any given moment. However not all is well in the Zuckerberg Kingdom. According to a report in Business Insider, group known as Anonymous has targeted Facebook and will shut them down on Monday, November 5th. It was nice of Anonymous to give Facebook users advance notice so they can make other plans and maybe revamp their defunct MySpace accounts. Gather, October 30, 2012

Cyber Security Management
Companies Struggle to Keep Pace with Information Security Solutions: Organizations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies according to Ernst & Young's Global Information Security Survey 2012 report - "Fighting to Close the Gap" - released October 29. The report, now in its fifteenth year, is one of the most comprehensive surveys in its field and is based on responses from over 1,850 CIOs, CISOs and other information security executives in 64 countries. AccountingWeb, November 2, 2012

Cyber Update
Apple bumps iOS to 6.0.1, fixes an interesting set of bugs: If you have an Apple device that is capable of running iOS 6, you might have resisted upgrading it after hearing people complain about Apple's new mapping application. Naked Security, November 1, 2012

Cyber Underworld
Shopping The Russian Cybercrime Underground: If you weren't already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report. Dark Reading, October 30, 2012

Hackers Trade Tips On DDoS, SQL Injection: Study of hacker bulletin boards reveals focus on attack techniques, tips for beginning hackers, buying and selling of fake social network endorsements. InformationWeek, October 30, 2012

Hackers deface 'sinful' French Euromillions site: Hackers sprayed digital graffiti on the French Euromillions website over the weekend as part of a protest against the "sin" of gambling. The Register, October 29, 2012

Cyber Mercenaries
The Hackers Who Found The First Windows 8 Bug Have Put It Up For Sale: That didn't take long. Windows 8 was officially released a week ago and hackers have already found a security flaw in it. Business Insider, November 2, 2012

Cyber Defenders
FBI Expands Cybercrime Division: The Federal Bureau of Investigation is adding resources, building new tools, increasing hiring and expanding collaboration with local groups as part of its Next Generation Cyber Initiative, an effort to overhaul the FBI's Cyber Division, the agency announced last week. InformationWeek, October 30, 2012

Cyber Infrastructure
DHS Warns of 'Hacktivist' Threat Against Industrial Control Systems: The U.S. Department of Homeland Security is warning that a witches brew of recent events make it increasingly likely that politically or ideologically motivated hackers may launch digital attacks against industrial control systems. The alert was issued the same day that security researchers published information about an undocumented software backdoor in industrial control systems sold by hundreds different manufacturers and widely used in power plants, military environments and nautical ships. KrebsOnSecurity, October 30, 2012

Cyber security at US energy agency found wanting: Cyber security at the US government's largest renewable power transmission agency has been found wanting by an Energy Department inspector general. ComputerWeekly, October 29, 2012

Legal fears muffle warnings on cybersecurity threats: SAN FRANCISCO (Reuters) - The agenda at a secretive conference on protecting critical infrastructure from computer attack was curtailed at the last minute last week, underscoring the legal challenges of sharing such information, much less getting companies to respond to it. Chicago Tribune, October 29, 2012

Cyber Insurance
Companies increasingly aware of data breach and cyber liability risk, says expert: Businesses are becoming increasingly aware of insurance products that protect against the risks posed by data breaches and liability for other cyber incidents, an expert has said. Out-Law, October 29, 2012

Cyber Career
Future of cybersecurity workforce a concern for federal agencies: The calls for a beefed-up workforce that specializes in cybersecurity are not new, but with a nationwide shortage of students of science, technology, engineering and math, federal government leaders are concerned about where tomorrow's workforce will be found, Federal Computer Week reported. Washington Business Journal, October 29, 2012

Cyber History
When Hacking Was in Its Infancy: Was Peter G. Neumann the world's first "white hat" computer hacker? The term "hacker" was popularized in Steven Levy's 1984 book "Hackers: Heroes of the Computer Revolution." It described an early generation of M.I.T. students who did not break into computers and networks - or black hats - but instead were passionate programmers and hardware tinkerers. The New York Times, October 29, 2012

Cyber Survey
Malware infects 13 percent of North American home networks: Some 13 percent of home networks in North America are infected with malware, half of them with "serious" threats, according to a report released Wednesday by a cyber-security company. PC World, October 31, 2012

Cyber Misc
Could computer hackers disrupt the US election? It's happened in other countries: Will the US need to defend its right to vote from Internet hackers on Tuesday? If the experience of neighboring countries is any indication, the answer could be "yes." Christian Science Monitor, November 3, 2012

Securing the Village-Events Calendar
ISSA-LA November Lunch Meeting; Nov 14: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.

ISC2 Monthly Meeting; Nov 6: Join ISC2 at their monthly meeting.

CSA-LA Monthly Meeting; Nov 14: Join the Los Angeles Chapter of the Cloud Security Alliance for their monthly meeting.

OWASP Monthly Meeting; Nov 28: Join OWASP at their monthly meeting.

Cyber Security Awareness-Continuing CPA Education; Dec 3, 2012: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Imperial Capital's 2012 Security Investor Conference; Dec 12-13, 2012: Waldorf Astoria, New York. Featured keynote speaker, Richard A. Clark. For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton.'s Security Recruiter Blog