Monday, December 10, 2012

Cyber Security News for the Week of December 10, 2012

From our friends at Citadel Informaiton Group

Cyber Crime
'Eurograbber' Lets Attackers Steal 36 Million Euros From Banks, Customers: Researchers say they have identified and thwarted a malware attack that enabled attackers to steal more than 36 million euros from more than 30,000 online banking customers in Europe. Dark Reading, December 6, 2012

Nationwide, Allied Insurance Breach Hits 1.1 Million Users: An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes. ThreatPost, December 5, 2012

ATM Thieves Swap Security Camera for Keyboard: This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine. KrebsOnSecurity, December 4, 2012

Cyber Warning
For PC Virus Victims, Pay or Else: CULVER CITY, Calif. - Kidnappers used to make ransom notes with letters cut out of magazines. Now, notes simply pop up on your computer screen, except the hostage is your PC. The New York Times, December 5, 2012

New 'Dockster' malware targets Apple computers: Trojan software, found on a website dedicated to the Dalai Lama, exploits the same Java vulnerability used by the Flashback malware. InfoWorld, December 4, 2012

Cyber Threat
Necurs Rootkit Infections Way Up: Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. ThreatPost, December 7, 2012

Android devices in U.S. face more malware attacks than PCs: Android devices are now attacked more often by malware than PCs, according to a report released Tuesday by a cyber security software maker. PC World, December 4, 2012

Identity Theft - HIPAA
Most Healthcare Organizations Suffered Data Breaches: Two separate reports released today show the critical condition of U.S. healthcare organizations and hospitals when it comes to data breaches, with 94 percent of healthcare organizations hit by at least one data breach and close to half suffering more than five breaches in the past two years. DarkReading, December 6, 2012

Small Medical Offices Biggest Risk to Patient Data Security, Privacy: Small physician practices, much like their small commercial business counterparts, have been the primary source of health care related data breaches, according to an analysis of breaches from 2009 to October 2012 released today by the Health Information Trust Alliance (HITRUST). ThreatPost, December 5, 2012

Identity Theft - Financial Services
FTC Issues Statement on Identity Theft "Red Flags" Prevention Program: (Source: FTC) - The Federal Trade Commission today announced publication of an Interim Final Rule on identity theft "red flags" that narrows the circumstances under which creditors are covered by the Rule., December 4, 2012

Cyber Security Management
Stepping Up SMB Security: When your company is the third-party vendor, improved security practices, transparency, and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance. Dark Reading, December 5, 2012

Achieve Cyber Security by Using Common Criteria Certification: Today's industry and government organizations are highlighting cybersecurity and information assurance as one of their top IT priorities. Cyber threats are presented by both individuals and nation-sponsored groups with intentions spanning the theft of trade secrets, "hacktivism" (the invasion or disruption of systems for activist purposes) and espionage. Similarly, new problems are rising around supply chain integrity, with tampering and counterfeit incidents degrading user confidence. Organizations suffering from such attacks are susceptible to losing control of confidential information and facing millions of dollars in fines or business losses. GovTech, December 6, 2012

Cyber Update
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday: Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. Threat Post, December 6, 2012

Cyber Privacy
California sues Delta Air Lines over mobile app privacy policy: The state of California has fired the opening shot in its fight to get mobile apps to comply with state privacy laws. California Atty. Gen. Kamala D. Harris filed a suit against Delta Air Lines over its Fly Delta mobile app. LA Times, December 6, 2012

Cyber Defense
Google Launches Private Android App Stores: Malicious apps have emerged as perhaps the most serious threat to mobile devices at the moment, and the major players, such as Apple and Google, have tried several different methods of preventing them from getting into their app stores and into the hands of users. Now, Google is taking one more step with the launch of a new service called the Private Channel for Google Apps, which gives enterprises and other organizations the ability to create private app stores and control the apps their users can download. Threat Post, December 6, 2012

Critical Infrastructure
EEI: When it comes to cybersecurity threats, 'This is not your parents' utility anymore': Utilities are taking actions to mitigate and manage cybersecurity threats, according to David Batz, director, Cyber & Infrastructure Security with the Edison Electric Institute (EEI). Energy Biz, December 7, 2012

Banks Are Powerless Against The Biggest Threat To The Financial System: Just when it appears that the banking system is beginning to stabilize, a new ominous threat to financial stability has become a serious concern among the nation's top bankers. Problem Bank List, November 28, 2012

Cyber Misc
Lock Firm Onity Starts To Shell Out For Security Fixes To Hotels' Hackable Locks: After four months, countless hacking embarrassments and a string of hotel burglaries, the maker of one of the world's most common hotel keycard locks is finally owning up to the cost of an epic-and expensive-security mess. Forbes, December 6, 2012

Tumblr Worm Exploited Site's Re-blogging Feature: A group of hackers going by the name "GNAA" claimed responsibility for a fast-spreading software worm that infected thousands of accounts on the popular micro-blogging site Tumblr on Monday morning. RedOrbit, December 4, 2012

These Are The 61 Countries Most Vulnerable To An Internet Shutdown: For 52 hours last week, Syria joined the unfortunate club of countries whose governments have chosen, however briefly, to return their citizens to the digital dark ages. That club, which also includes Egypt and Myanmar, remains small for now. But if you live in any of these five dozen countries, it could happen to you, too. Forbes, December 3, 2012

Cyber Sunshine
Law Enforcement Agencies Arrest Six in Online Auto Sales Fraud: IDG News Service (Washington, D.C., Bureau) - Police in Romania, the Czech Republic, the U.K. and Canada have arrested six Romanian citizens accused of advertising and selling nonexistent automobiles on several U.S. websites in a multimillion-dollar scheme, the U.S. Department of Justice said. CIO, December 5, 2012

Securing the Village-Events Calendar
Imperial Capital's 2012 Security Investor Conference; Dec 12-13, 2012:Waldorf Astoria, New York. Featured keynote speaker, Richard A. Clark. Speakers include Jane Holl Lute, United States Deputy Secretary of Homeland Security; Robert J. Carey, US Department of Defense Principal deputy Chief Information Officer; Mark Weatherford, Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD); Bradley Rotter, Executive Chairman , AirPatrol Corporation; Adrian Turner, Founder & CEO, Mocana; Robert Rodriguez, Chairman & Founder, Security Innovation Network. For more information and to register, click here.

ISSA-LA December Lunch Meeting; Dec 19: Join ISSA-LA at Les Freres Taix French Restaurant for our monthly meeting. For more information and to register, click here.

Santa Monica Rotary Club; May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator.'s Security Recruiter Blog