Monday, November 12, 2012

Cyber Security News for the Week of November 12, 2012

From our friends at Citadel Information Group

Cyber Crime
Cyberheists 'A Helluva Wake-up Call' to Small Biz: The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the company's coffers in an overnight heist in May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers. KrebsOnSecurity, November 9, 2012

State must earn back taxpayers' trust: South Carolinians are facing a perfect storm of identity theft. The security breach into S.C. Department of Revenue tax records exposed our names, addresses, Social Security numbers, birth dates, credit and debit card numbers, and bank account and routing information. In short, everything a thief needs to steal our good names and take our money or stick us with bills for things we didn't buy. IslandPacket, November 4, 2012

Identity Theft
Identity theft scandal: Most South Carolinians no doubt have heard of identity theft. More than a few have had their computers hacked or their credit card information stolen. HeraldOnline, November 5, 2012

Cyber Privacy
Facebook Cancels Shortcut Over Concern for Security: SAN FRANCISCO - What was supposed to be a shortcut for Facebook users to log into their pages ended up exposing their e-mail addresses - and, in some cases, potentially allowing access to their accounts as well. The New York Times, November 2, 2012

Online Bank Fraud
Heist once again highlights e-banking vulnerabilities: The chief financial officer of a Missouri firm discovered that cyber thieves had withdrawn $180,000 from the company's bank accounts overnight described it as "a helluva wake-up call" to security blogger Brian Krebs. CSO, November 8, 2012

Cyber Threat
How hackers scrape RAM to circumvent encryption: Speaking at the company's media day forum in Singapore yesterday, Verizon Business Investigative Response managing principal Mark Goudie said that the various encryption standards today do a good job of protecting data that is at rest, such as data stored on a server or in transit across a network. But in many cases, data is left completely vulnerable during the processing stage. ZDNet, November 8, 2012

Malware Tools Get Smarter To Nab Financial Data: If you've got $3,931 burning a hole in your pocket, speak Russian, and want to invest in a crimeware toolkit, you're in luck. Information Week, November 7, 2012

Android Malware Rises, but Security Risks Remain Low in U.S.: Android malware has taken off, but infection rates are still relatively low, according to a new report from F-Secure. The study also found that nearly abandoned Symbian OS is still a target. eWeek, November 5, 2012

Cyber Warning
Twitter's Response To Compromised Account Situation: Accounts Were Compromised, But We Reset Too Many Passwords: Twitter has responded to us with a statement regarding the password reset situation. TechCrunch, November 8, 2012

Experts Warn of Zero-Day Exploit for Adobe Reader: Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. KrebsOnSecurity, November 7, 2012

Cyber Security Management
How to Devise Passwords That Drive Hackers Away: Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It's hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data. New York Times, November 7, 2012

Hackers talk about SQL injection and DDoS attacks: The second annual Imperva Hacker Intelligence Initiative report, this one entitled Monitoring Hacker Forums, is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack. DaniWeb, November 5, 2012

Cyber Update
Adobe Ships Election Day Security Update for Flash: Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems. KrebsOnSecurity, November 6, 2012

Cyber Espionage
Coca-Cola 'targeted' by China in hack ahead of acquisition attempt: Chinese hackers have been blamed for infiltrating confidential systems within Coca-Cola for more than a month, Bloomberg has reported. BBC, November 5, 2012

National Cyber Security
Election's end revives hope for cybersecurity action: For much of the past year, cybersecurity has itself been a battleground - subject to partisan tug-of-war and unsuccessful legislation on Capitol Hill, as well as the possibility of a White House executive order. Now, as Congress is expected to reconvene on Nov. 13 following President Barack Obama's re-election, there is cautious optimism in Washington that there may finally be decisive action. FCW, November 8, 2012

Critical Infrastructure
After Stuxnet: The new rules of cyber war: Critical infrastructure providers face off against a rising tide of increasingly sophisticated and potentially destructive attacks from hacktivists, spies, and militarized malware InfoWorld, November 5, 2012

Largest banks under constant cyberattack, feds say: Defending against cyberattacks accounts for a significant portion of the $25 billion banks worldwide spend annually on security technology CSO, November 2, 2012

Securing the Village-Events Calendar

ISSA-LA November Lunch Meeting; Nov 14: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.

CSA-LA Monthly Meeting; Nov 14: Join the Los Angeles Chapter of the Cloud Security Alliance for their monthly meeting.

OWASP Monthly Meeting; Nov 28: Join OWASP at their monthly meeting.

Cyber Security Awareness-Continuing CPA Education; Dec 3, 2012: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Imperial Capital's 2012 Security Investor Conference; Dec 12-13, 2012: Waldorf Astoria, New York. Featured keynote speaker, Richard A. Clark. For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton.
Jeff Snyder’s Security Recruiter Blog's Security Recruiter Blog