Monday, February 25, 2013

Cyber Security News for the Week of February 25, 2013


From our friends at Citadel Information Group 

Cyber Crime

NBC.com hacked, briefly compromised with RedKit malware: The website NBC.com and other NBC websites were hacked and compromised by malware for a few hours around Thursday 12pm PST with RedKit malware. ZDNet, February 21, 2013

Developer Site That Was Used To Hack Facebook And Apple Issues Mea Culpa: The recent hacker breaches of high-profile tech firms including Facebook and Apple began with the compromise of another site you've likely never heard of: iPhoneDevSDK.com. And now that initial victim in the hacking spree is coming clean. Forbes, February 20, 2013

Educause Server Hit With Security Breach: A non-profit association for IT professionals in higher education announced Tuesday its server had been breached. ThreatPost, February 19, 2013

DDoS Attack on Bank Hid $900,000 Cyberheist: A Christmas Eve cyberattack against the Web site of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000. KrebsOnSecurity, February 19, 2013

Apple confirms attack by same hackers who hit Facebook: Apple acknowledged Tuesday that hackers had infiltrated a small number of the company's computers. The Washington Post, February 19, 2013

Cyber Espionage

The Shanghai Army Unit That Hacked 115 U.S. Targets Likely Wasn't Even China's 'A-Team': In just the last week, the abbreviation APT1 has come to represent the bogeyman of digital espionage nightmares. On Monday, security response firm Mandiant released a report profiling a hacker group of that name-referring to it as Advanced Persistent Threat One-and providing detailed evidence that it represented the most active hacking unit within China's People's Liberation Army, one that's compromised more than 141 private sector and government targets in seven years, 115 of which were American. Forbes, February 21, 2013

China Biggest, But Not the Only Country Engaged in Cyberespionage: Computerworld - China is by far the most aggressive, but not the only, country attempting the sort of extensive cyberespionage described in security firm Mandiant's dramatic report, released this week. CIO, February 20, 2013

Bit9 Breach Began in July 2012: Malware Found Matches Code Used Vs. Defense Contractors in 2012: Cyber espionage hackers who broke into security firm Bit9 initially breached the company's defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors. KrebsOnSecurity, February 20, 2013

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.: On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People's Liberation Army base for China's growing corps of cyberwarriors. The New York Times, February 18, 2013

Cyber Privacy

If You're Collecting Our Data, You Ought to Protect It: LAST summer, employees at the National Aeronautics and Space Administration received an in-house newsletter illustrated with mock front pages of USA Today and The Washington Post and seemingly hyperbolic headlines like: "NASA Laptop Stolen, Potential Compromise of 10,000 Employees' Private Information!" The New York Times, February 16, 2013

The President Revives an Old Debate About Privacy: Few expect Internet privacy legislation in Congress this year. But many were heartened that the "p" word came up at all in the State of Union address Tuesday night. The New York Times, February 14, 2013

Cyber Warning

Hackers circulate tainted version of China cyber security report: (Reuters) - Unknown hackers are trying to infect computers by capitalizing on strong interest in a recent report by a security firm that accuses the Chinese military of supporting widespread cyber attacks on U.S. companies. Reuters, February 22, 2013

Cyber Update

Critical Security Updates for Adobe Reader, Java: Adobe and Oracle each released updates to fix critical security holes in their software. Adobe's patch plugs two zero-day holes that hackers have been using to break into computers via Adobe Reader and Acrobat. Separately, Oracle issued updates to correct at least five security issues with Java. KrebsOnSecurity, February 20, 2013

Oracle Releases New Java Fixes, Speeds Up Patching Cycle: IDG News Service - Oracle released new Java security updates on Tuesday and announced plans to accelerate the release of future Java patches following recent attacks that have infected computers with malware by exploiting zero-day vulnerabilities in Java browser plug-ins. CIO, February 20, 2013

Chrome 25 Fixes Nine High-Risk Vulnerabilities: Google has fixed nine high-severity vulnerabilities in its Chrome browser, as well as a dozen other flaws with the release of Chrome 25. This release is one of the few for which the company did not pay out much in the way of bug bounties, only giving out $3,500. ThreatPost, February 22, 2013

Cyber Security Management - Employee Awareness

5 myths about awareness: I'm often amazed by all the myths and misconceptions that pervade the security community when it comes to security awareness training. Here are the most common falsehoods I have heard, and why they are wrong. CSO, February 11, 2013

Cyber Security Management - HIPAA

HITRUST Establishing Work Group To Address Cybersecurity Issues: On Wednesday, the Health Information Trust Alliance announced that it will establish a new work group to address cybersecurity issues, Modern Healthcare reports. iHealthBeat, February 22, 2013

National Cyber Security

Smoking gun: Evidence is mounting that China's government is sponsoring the cybertheft of Western corporate secrets. What should America do to stop it? The Economist, February 23, 2013

Kaspersky Lab CEO: Obama Cybersecurity Order 'Step In Right Direction': The founder of Russian cyber security firm Kaspersky Lab said President Barack Obama's Feb. 12 executive order on cybersecurity was a "step in the right direction." Forbes, February 19, 2013

Cyber Survey

Malware getting smarter, says McAfee: Savvier cyberattacks are being directed toward more critical segments of the U.S. economy, says the security provider. CNet, February 21, 2013

Cyber Career

15 tips for landing - and acing - a job interview: 1. Write a great resume to open the door: Interviews are granted to those whose resumes demonstrate accomplishments, contributions and value. If you're not a great writer and you have trouble tooting your own horn, seek help from industry friends or consider a security-resume writer. CSO, February 4, 2013

Cyber Sunshine

The long arm of the Google: Is Google becoming a key arm of the law-enforcement complex? It certainly seems to be so with respect to art thefts. I first came across this idea back in November, when Bloomberg Markets profiled Jeff Gundlach, who was hit by art thieves in September...Reuters, February 20, 2013

Securing the Village-Events Calendar

ISSA-LA March Dinner Meeting; March 20, 2013. For more information and to register, visit ISSA-LA.

NAWBO Ventura County March Dinner Meeting, March 28, 2013: Citadel Vice President Ms. Kimberly Pease, CISSP, will speak on cybersecurity at the monthly meeting of the Ventura County Chapter of the National Association of Women Business Owners. In her talk The Growing Cyber Threat: Why the Bad Guys are Winning!,  Kimberly will identify threats to  information and computers, review common weaknesses being exploited by the bad guys and offer proactive steps you can take at business and at home to increase your security posture and decrease your exposure.

ISSA-LA April Lunch Meeting; April 17, 2013. For more information and to register, visit ISSA-LA.

Santa Monica Rotary Club; Lunch Meeting, May 3, 2013: Dr. Stan Stahl, Citadel and ISSA-LA President, will speak on cybersecurity at the weekly meeting of the Santa Monica Rotary Club. In this non-technical talk - It Takes the Village to Secure the Village SM - Dr. Stahl discusses the financial implications of cyber crime, illustrates how cyber criminals take control of a user's computer, describes the limitations of technology, summarizes emerging cyber security laws, regulations and practices, and provides practical tips to lower the risk of becoming a victim.

ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join over 500 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA. Special Early-Bird pricing until March 1.

SecurityRecruiter.com's Security Recruiter Blog