Monday, May 13, 2013

Cyber Security News for the Week of May 13, 2013

Cyber Security News of the Week
From our friends at Citadel Information Group 

ISSA-LA - Summit V
ISSA-LA Provides Free Admission for Nonprofits to Attend the 5th Annual Information Security Summit: The Los Angeles Chapter of the Information Systems Security Association created a Not-for-Profit Educational Fund so that nonprofit executives and IT staff have free entry to the Fifth Annual Information Security Summit on Tuesday, May 21, 2013 24-7 PressRelease, May 3, 2013

ISSA-LA Offers Fed Employees Discount to Annual Info Security Summit on Cybercrime During Sequester: The LA Chapter of the Information Systems Security Association offers a discount to federal employees in information security positions for attending its Annual Information Security Summit on Tuesday, May 21, 2013, at Hilton Universal City Hotel PRLog, April 19, 2013
Cyber Crime
In Hours, Thieves Took $45 Million in A.T.M. Scheme: It was a brazen bank heist, but a 21st-century version in which the criminals never wore ski masks, threatened a teller or set foot in a vault. The New York Times, May 9, 2013

Hackers Retrieve Personal Data in Washington State: OLYMPIA, Wash. (AP) - The Washington State Administrative Office of the Courts was hacked sometime between last fall and February, and up to 160,000 Social Security numbers and a million driver's license numbers could have been obtained during the data breach of its public Web site, officials said Thursday. The New York Times, May 9, 2013
Cyber Warning
OLD IE ATTACK FINDS ITS WAY INTO COOL EXPLOIT KIT: You cannot accuse the keepers of the Cool Exploit Kit of not recognizing market trends. Given a rash of recent watering hole attacks and zero-day exploits built around Microsoft's Internet Explorer browser, it's no surprise that a 15-month-old IE exploit has been included in the crimeware package. ThreatPost, May 8, 2013

Stealthy Web Server Malware Spreads Further: IDG News Service - A stealthy malicious software program is taking hold in some of the most popular Web servers, and researchers still don't know why. CIO, May 8, 2013

Zero-Day Exploit Published for IE8: Security experts are warning that a newly discovered vulnerability in Internet Explorer 8 is being actively exploited to break into Microsoft Windows systems. Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online. KrebsOnSecurity, May 6, 2013
Cyber Underworld
Hackers sell out and go corporate as cyber crime becomes shift work: Online hackers are leaving surprising clues for cyber sleuths based on the time of their attacks - a trail suggesting the computer criminals are punching a clock for shift work. The WAshington Times, May 9, 2013
Cyber Defense
Google unveils 5-year roadmap for strong authentication: Google unveiled on Wednesday a five-year roadmap for stronger consumer authentication tagging smartphones, long-life tokens, and futurist schemes to harden access controls while striking an unapologetic tone toward users who resist the change. ZDNet, May 9, 2013

PENTAGON DECISION MOVES ANDROID SECURITY FORWARD: Android's security gets its share of grief, but perhaps it's been a bit misguided. Like many other popular open source technologies, there are a number of different flavors of the mobile platform, each with its security properties and nuances. ThreatPost, May 8, 2013
Cyber Security Management
BYOD, or else. Companies will soon require that workers use their own smartphone on the job: Bring-your-own-device strategies are the single most radical change to the economics and culture of client computing in a decade, according to a new study by Gartner. ComputerWorld, May 1, 2013 
Cyber Update
A Stopgap Fix for the IE8 Zero-Day Flaw: Microsoft has released an stopgap solution to help Internet Explorer 8 users blunt the threat from attacks against a zero-day flaw in the browser that is actively being exploited in the wild. KrebsOnSecurity, May 8, 2013
Securing the Village
Security Awareness and Developing a Cyber Workforce: Cyber Defense experts from the California National Guard traveled to Kiev, Ukraine to conduct a Cyber Security Familiarization, Awareness and Workforce Development Seminar with the Ukrainian Ministry of Defense Armed Services, 19 - 21 March 2013. United States European Command, May 1, 2013
Cyber Privacy
Apple deluged by police demands to decrypt iPhones: ATF says no law enforcement agency could unlock a defendant's iPhone, but Apple can "bypass the security software" if it chooses. Apple has created a police waiting list because of high demand. Cnet, May 10, 2013

U.S. Weighs Wide Overhaul of Wiretap Laws: WASHINGTON - The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations. The NEw York Times, May 7, 2013
National Cyber Security
Senate Bill Calls For 'Watch List' Of Nations Cyberspying On U.S., Trade Sanctions:China faces increasing political pressure from the U.S. to curb its cyberespionage activity, but legislation not certain DarkReading, May 8, 2013

U.S. Blames China's Military Directly for Cyberattacks: WASHINGTON - The Obama administration on Monday explicitly accused China's military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map "military capabilities that could be exploited during a crisis." The New York Times, May 6, 2013

Four Cybersecurity Breaches That Could Rattle The World: The cyber-ruffians who briefly tanked the stock market recently by faking a news tweet about an attack at the White House showed how much damage can be done with a few well-placed keystrokes. Those who hacked into a Department of Labor website earlier this week could have wreaked even more havoc, say, if they successfully tweaked the monthly jobs report. Business Insider, May 5, 2013
Critical Infrastructure
Honeypots Lure Industrial Hackers Into the Open: Dummy water-plant control systems rapidly attracted attention from hackers who tinkered with their settings-suggesting it happens to real industrial systems, too. MIT Technology Review, May 8, 2013
Cyber Misc
Trade Sanctions Cited in Hundreds of Syrian Domain Seizures: In apparent observation of international trade sanctions against Syria, a U.S. firm that ranks as the world's fourth-largest domain name registrar has seized hundreds of domains belonging to various Syrian entities, including a prominent Syrian hacker group and sites associated with the regime of Syrian President Bashar al-Assad. KrebsOnSecurity, May 8, 2013

Syria, and Pro-Government Hackers, Are Back on the Internet: Syrian Internet and cellphone access resumed Wednesday morning after an Internet failure pulled the company offline Tuesday. The New York Times, May 8, 2013
Securing the Village - Events Calendar
ISSA-LA Fifth Annual Information Security Summit; May 21, 2013: Join 800 of your colleagues and peers at the Universal City Hilton. Special Keynote Speaker: Howard Schmidt, former White House CyberSecurity Coordinator. For more information and to register, visit ISSA-LA.

Jeff Snyder’s Security Recruiter Blog 719.686.8810's Security Recruiter Blog