Monday, November 26, 2012

Cyber Security News for the Week of November 26, 2012

From our friends at Citadel Information Group

Cyber Crime
South Carolina Faults Weak IRS Standard in Massive Data Breach: IDG News Service - South Carolina's governor faulted an outdated Internal Revenue Service standard as a contributing factor to a massive data breach that exposed Social Security numbers of 3.8 million taxpayers plus credit card and bank account data. CIO, November 21, 2012

Hackers stole data from electronically filed returns; DOR chief resigns: Data swiped by hackers from computers at the S.C. Department of Revenue came from tax returns that had been filed electronically, state officials said Tuesday. Charleston Business Journal, November 21, 2012

Hackers hit Nationwide Mutual, steal data on 28,000 in Ga: Hackers accessed personal information-including Social Security numbers - of more than 28,000 Georgians after a computer breach at Nationwide Mutual Insurance Co. The Atlanta Journal Constitution, November 20, 2012

Hackers attack web accounts of Israeli Vice PM Shalom: Social-media accounts, including those on Facebook and Twitter, belonging to Israeli Deputy Prime Minister Silvan Shalom have been hacked. BBC, November 21, 2012

Anonymous Hackers Ramp Up Israeli Web Attacks And Data Breaches As Gaza Conflict Rages: It was a busy weekend for Palestinian Hamas militants, the Israeli Defense Forces, and the growing army of hackers who seem determined to answer every Israeli barrage of the Gaza strip with a digital broadside of their own. Forbes, November 19, 2012

Cyber Warning
Hackers crack two FreeBSD Project app dev servers: Hackers have compromised two servers used by the FreeBSD Project to build third-party software packages. Anyone who has installed such packages since September 19 should completely reinstall their machines, the project's security team warned. PC World, November 19, 2012

Cyber Security Management
Energy Fails to Patch Vulnerable PC Apps: More than half of U.S. Department of Energy desktop systems tested by the DoE's inspector general failed to apply security patches for known vulnerabilities, although the software fixes were issued months earlier, a just-released audit reveals. GovInfoSecurity, November 16, 2012

HIPAA Omnibus Package: A Waiting Game: Now that the presidential election is finally over, healthcare reform and the HITECH electronic health records incentive program look like they're here to stay. But there's still a big uncertainty lingering: A long-overdue omnibus package of regulations that includes extensive HIPAA modifications.GovInfoSecurity, November 19, 2012

Cyber Update
Mozilla Releases Firefox 17 with Click-to-Play, Updates Firefox for Android: Mozilla pushed out the latest build of its flagship browser, Firefox 17, today, adding a new click-to-play blocklisting feature that will help prevent users from running out-of-date or vulnerable versions of plug-ins or extensions. Threat Post, November 20, 2012

Adobe Patches DoS Flaw in ColdFusion 10: Adobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ThreatPost, November 19, 2012

Online Bank Fraud
RSA Upgrades Malware Defenses For Bank Transactions: RSA, a division of EMC, Tuesday announced the release of the latest version of its adaptive authentication technology, which is used by banks to help spot and block unauthorized transactions or account takeovers. InformationWeek, November 20, 2012

Cyber Privacy
Senate bill rewrite lets feds read your e-mail without warrants: Proposed law scheduled for a vote next week originally increased Americans' e-mail privacy. Then law enforcement complained. Now it increases government access to e-mail and other digital files. Cnet, November 20, 2012

Cyber Underworld
Cyber Crime: Russia's Underground Economy 101; Digital Trends Terms and Conditions:Bennet Kelley discusses cyber crime in Russia with Rik Ferguson, the Director of Security Research and Communication at Trend Micro. Trend Micro has released a report providing an overview of the cyber crime services and prices offered by the Russian underground revealing a vibrant community of never-do-wells offering every conceivable service at dirt-cheap prices. Webmaster Radio, November 14, 2012

National Cyber Security
Cybersecurity Bill Stalls Again, Executive Order Coming Soon?: The comprehensive cybersecurity legislation has stalled again in the United States Senate, effectively killing the bill for the rest of the year. Will the president issue an executive order to protect the nation's critical infrastructure from cyber-attacks? Security Watch, November 18, 2012

Securing the Village-Events Calendar

OWASP Monthly Meeting; Nov 28: Join OWASP at their monthly meeting.

Cyber Security Awareness-Continuing CPA Education; Dec 3, 2012: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the lunch meeting of the West San Gabriel Valley (Pasadena) Discussion Group. In this non-technical presentation, Dr. Stahl will discuss cyber security risks and what CPAs need to do to protect themselves and their clients.

Content Protection Summit 2012, Dec 6, 2012, Universal Hilton, Universal City: This year's summit will again offer cutting-edge strategies on protecting content against rapidly evolving piracy and cyber-attack threats. Produced by Variety and CDSA, ISSA-LA is proud to be an Association Partner. Keynote Speaker: Former Senator Chris Dodd. For more information and to register, click here.

Imperial Capital's 2012 Security Investor Conference, Dec 12-13, 2012, Waldorf Astoria, New York: Featured keynote speaker, Richard A. Clark.  For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.


Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator.'s Security Recruiter Blog