Monday, January 21, 2013

Cyber Security News for the Week of January 21, 2013

From our friends at Citadel Information Group 

Cyber Crime

Zaxby's Restaurants Hit With Security Breach: The chicken food chain Zaxby's is warning customers that hackers may have compromised customer credit-card data at locations throughout the country. DarkReading, January 16, 2013

European Commission rules out Red October malware attack: The European Commission (EC) has said there is no evidence to suggest the Red October cyber espionage campaign managed to infiltrate its networks. V3, January 16, 2013

Red October hackers also used Java exploit for spy campaign: Hackers behind the long-running espionage campaign dubbed Red October were also using an old Java exploit to capture targets from government agencies and embassies. ZDNet, January 16, 2013

Cyber Underworld

Red October Attackers Shutting Down C&C Infrastructure: It appears that the attackers behind the Red October cyberespionage campaign are taking their ball and going home. Since the attack came to light on Monday, the attackers have begun shutting down their infrastructure and the hosting providers and registrars involved with some of the command-and-control domains are shutting those down, as well. ThreatPost, January 18, 2013

Spam Volumes: Past & Present, Global & Local: Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. KrebsOnSecurity, January 15, 2013

Most Malware Tied to 'Pay-Per-Install' Market: New research suggests that the majority of personal computers infected with malicious software may have arrived at that state thanks to a bustling underground market that matches criminal gangs who pay for malware installations with enterprising hackers looking to sell access to compromised PCs. Technology Review, June 9, 2011

Cyber Warning

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found: Expect the roar from security experts urging users to abandon Java to reach ear-splitting levels after reports this morning that new sandbox bypass vulnerabilities are present in the latest Java update. ThreatPost, January 18, 2013

New Java Exploit Fetches $5,000 Per Buyer: Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned. KrebsOnSecurity, January 16, 2013

Cyber Threat

Laser Precision Phishing - Are You on the Bouncer's List Today?: As we close out 2013, it's safe to say that phishing has had yet another record year in attack volumes. The total number of phishing attacks launched in 2013 was 59% higher than the total calculated for 2011, up from 279,580 attacks to 445,004, costing the global economy over $1.5 billion dollars in fraud damages. According to RSA research, this amount is 22% higher than the losses recorded in 2011, part of the growing worldwide monetary losses associated with phishing attacks. RSA, January 15, 2013

Identity Theft

IRS vows more support for identity theft victims: The good guys and the bad guys are getting ready for tax season. Tampa Bay Online, January 14, 2013

Cyber Security Management

'Rogue Clouds' Giving IT Staffs Nightmares: Cloud computing is increasingly being adopted by companies around the world, but IT managers say "rogue cloud implementations" in which business managers sign up for services without getting IT approval is among their biggest challenges. CIO, January 16, 2013

Cyber Update

Foxit Patches Vulnerability, Updates Reader Product: Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents. ThreatPost, January 18, 2013

Novell Patches Vulnerability in eDirectory Product: Novell has fixed a vulnerability in its eDirectory service that could affect users who run the program on some Linux and WIndows platforms. The problem, a stack buffer overflow (CVE-2013-0432) is remotely exploitable and can be done without authentication, according to an alert issued yesterday by David Klein on the Full Disclosure mailing lists. ThreatPost, January 16, 2013

Microsoft Issues Fix for Zero-Day IE Flaw: Microsoft today deviated from its usual monthly patch cycle in issuing an emergency security update to fix a critical security hole in its Internet Explorer Web browser that attackers have been exploiting to break into Windows PCs. KrebsOnSecurity, January 14, 2013

Cyber Defense

Microsoft bombs another security test:'s latest security-suite efficacy test fails Microsoft Security Essentials - for the second time in a row. This time, though, it's not alone. CNet, January 16, 2013

What You Need to Know About the Java Exploit: On Thursday, the world learned that attackers were breaking into computers using a previously undocumented security hole in Java, a program that is installed on hundreds of millions of computers worldwide. This post aims to answer some of the most frequently asked questions about the vulnerability, and to outline simple steps that users can take to protect themselves. KrebsOnSecurity, January 12, 2013

Critical Infrastructure

U.S. Power Plant Hit by USB-Based Malware: A U.S.-based power plant was hit with a malware attack thanks to an infected USB stick used for software updates. PC Magazine, January 16, 2013

The SCADA Patch Problem: If you think database patching is onerous and fraught with risk, then try patching a SCADA system that's running a power plant. With post-Stuxnet paranoia pressuring major SCADA vendors like Siemens to regularly respond to vulnerability finds with software patches, utilities and other organizations running industrial control systems (ICS) face some serious decisions over where and when to patch - if at all. DarkReading, January 15, 2013

Cyber Law

'Aaron's Law' Suggests Reforms To Computer Fraud Act (But Not Enough To Have Protected Aaron Swartz): If any good comes out of the tragic suicide of brilliant programmer Aaron Swartz, it may be a new political will to reform the the bluntly crafted hacking laws that allowed prosecutors to threaten the 26-year-old activist with decades in prison. But an "Aaron's Law" that's already been proposed to make those reforms may need serious tweaking if it's going to prevent the next overzealous hacker crackdown. Andy Greenberg, Forbes Magazine, January 16, 2013 

National Cyber Security

DOD to forge stronger cyber ties with European allies: As he begins a week-long visit to the United States' European allies, Defense Secretary Leon Panetta is raising cybersecurity as one of the chief areas of discussion with European leaders and defense officials, the Defense Department said. DefenseSystems, January 16, 2013

Hagel would continue admin's push for cybersecurity legislation: If he becomes the next secretary of defense, former Nebraska Senator Chuck Hagel will continue the Pentagon's push for legislation that establishes cybersecurity standards for banks, utilities, energy firms, defense contractors, communications and transportation companies, an Obama administration official told Killer Apps. Foreign Policy, January 15, 2013

Cyber Misc

False Google Malware Warning Blocks Access to Tech News Websites: Google Chrome blocked access to websites including TechCrunch, Cult of Mac, Inside Facebook, and VatorNews for some users yesterday after detecting malware in ads from the isocket ad network, The Next Web reported. All issues appear to have been resolved. SearchEngineWatch, January 16, 2013

What Is a 'Hacktivist'?: The untimely death of the young Internet activist Aaron Swartz, apparently by suicide, has prompted an outpouring of reaction in the digital world. Foremost among the debates being reheated - one which had already grown in the wake of larger and more daring data breaches in the past few years - is whether Swartz's activities as a "hacktivist" were being unfairly defined as malicious or criminal. In particular, critics (as well as Swartz's family in a formal statement) have focused on the federal government's indictment of Swartz for downloading millions of documents from the scholarly database JSTOR, an action which JSTOR itself had declined to prosecute. The New York Times, January 13, 2013


Polish Takedown Targets 'Virut' Botnet: Security experts in Poland on Thursday quietly seized domains used to control the Virut botnet, a huge army of hacked PCs that is custom-built to be rented out to cybercriminals. KrebsOnSecurity, January 18, 2013

Securing the Village-Events Calendar

OWASP-LA January Dinner Meeting; January 23, 2013. For more information and to register, go to  

Cyber Hacking; Special Evening Event, January 24, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at this special evening event hosted by the Dingman Property Group. Kimberly will identify threats to information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure. For more information and to register, please email:

ISC2-LA February Dinner Meeting; February 5, 2013: Email Bill Zajac at for more information.

Cloud Security Alliance - Los Angeles Chapter; February 13, 2013: "Can encryption help alleviate concerns about moving to the cloud?" For more information and to register, go to

ISSA-LA February Lunch Meeting; February 20, 2013.

ISSA-LA March Dinner Meeting; March 20, 2013.

NAWBO Ventura County March Dinner Meeting, March 22, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at the monthly meeting of the Ventura County Chapter of the National Association of Women Business Owners. In her talk The Growing Cyber Threat: Why the Bad Guys are Winning!,  Kimberly will identify threats to  information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure.

Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: SAVE THE DATE. Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator.'s Security Recruiter Blog