Monday, May 27, 2013

Cyber Security News for the Week of May 27, 2013


Cyber Security News of the Week
From our friends at Citadel Information Group 

Cyber Attack
Twitter Account of U.K.'s Largest TV Network Falls to Syrian Hackers: A Twitter account belonging to ITV, Britain's largest TV broadcaster, is the latest victim of a hacking campaign by the Syrian Electronic Army. The network confirmed to Reuters that the account was compromised. It's the latest attack on a Twitter account controlled by a Western media organization by the pro-Assad group. Previous targets include the Associated Press, the Financial Times, the Onion and CBS News. Twitter has recently instituted new security measures to help prevent incidents like these. AllThingsD, May 24, 2013

Identity Theft
THOUSANDS OF DHS PERSONNEL NOTIFIED OF DATA BREACH: The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk. ThreatPost, May 23, 2013

Online Bank Fraud
NC Fuel Distributor Hit by $800,000 Cyberheist: A fuel distribution firm in North Carolina lost more than $800,000 in a cyberheist earlier this month. Had the victim company or its bank detected the unauthorized activity sooner, the loss would have been far less. But both parties failed to notice the attackers coming and going for five days before being notified by a reporter. KrebsOnSecurity, May 23, 2013

Cyber Warning
How to Hack Twitter's Two-Factor Authentication: We've pointed out some problems with Twitter's new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter's two-factor authentication won't work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse. PCMag, May 24, 2013

Hackers use social media to bedevil advertisers: The hallowed halls of social media are no longer safe. Not when the operators of botnets like Chameleon are able to systematically steal $6 million per month from advertisers in the form of payments received for clicks from infected PCs, not real consumers. USA Today, May 15, 2013

Cyber Security Management
DESPITE £800M IN LOSSES, SMALL BUSINESSES SCOFF AT SECURITY: Small- and medium-sized businesses are losing a staggering £785 million per year to cybercrime, according to a joint report published by the Federation of Small Businesses (FSB) and the Home Office and Business Departments in the United Kingdom. ThreatPost, May 24, 2013

Telling the FBI Your Company Has Been Hacked: As cyber attacks against U.S. companies move markets, drain tens of millions dollars from bank accounts, siphon off trade secrets, and threaten critical infrastructure, the mantra among government officials is: sharing (information) is caring. The government's desire to increase information sharing on cyber intrusions with the private sector is at the heart of an executive order issued in February-and it was a point underscored at a New York City Bar Association event on Monday, when Mary Galligan, who is an FBI "cyber cop," urged corporations to come forward with information about attacks on their networks.Law.com, May 22, 2013

Cyber Security Management - Cyber Defense
Google plans to beef up its SSL encryption keys: Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications. PC World, May 24, 2013

Skype Beta Plugs IP Resolver Privacy Leak: A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.KrebsOnSecurity, May 24, 2013

U.S. Defense Department Approves Apple's iOS Devices for its Networks: IDG News Service (Bangalore Bureau) - Devices built around Apple's iOS operating system have been approved by the U.S. Department of Defense for use on its networks, as the department moves to support multivendor mobile devices and operating systems. CIO, May 20, 2013

Securing the Village
REPORT SAYS ACTIVE RECOVERY EFFORTS COULD DETER IP THEFT BY FOREIGN ATTACKERS: An independent commission focused on the threat of intellectual property from U.S. companies says that between 50 percent and 80 percent of all IP theft originates in China and, in a new report, urges the government to take stronger action against government-sanctioned IP theft. The Commission on the Theft of American Intellectual Property said in the report that the dollar value of all IP stolen from the U.S. in a year could approach the value of all American trade with Asia, a figure in the hundreds of billions of dollars. ThreatPost, May 24, 2013

California Launches Cybersecurity Task Force: On May 13, California government officials and private-sector leaders met behind closed doors to discuss a comprehensive cybersecurity plan for the state - it was the beginning of the California Cybersecurity Task Force, the first state-led collaboration of its kind.EmergencyManagement, May 20, 2013

National Cyber Security
Hackers From China Resume Attacks on U.S. Targets: WASHINGTON - Three months after hackers working for a cyberunit of China's People's Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials. The New York Times, May 19, 2013

Critical Infrastructure
Hackers appear to probe U.S. energy infrastructure, suspicions about Iran: The United States is investigating "a string of malicious" cyber incidents that appear to be focused on probing energy infrastructure, a U.S. official familiar with the latest intelligence tells CNN. CNN, May 24, 2013

Cyber Underworld
Conversations with a Bulletproof Hoster: Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called "bulletproof hosting" providers - the online equivalent of offshore havens where shady dealings go ignored. Last month I had an opportunity to interview a provider of bulletproof services for one of the Web's most notorious cybercrime forums, and who appears to have been at least partly responsible for launching what's been called the largest cyber attack the Internet has ever seen. KrebsOnSecurity, May 20, 2013

Cyber Law
FTC Fires Back In Cybersecurity Case: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. The Wall Street Journal, May 24, 2013

Cyber Misc
ANALYSIS: Bets overlap in cybersecurity gold rush: SEATTLE - Champagne corks popped at Allegis Capital this week as the Silicon Valley venture firm announced what it describes as the "highly profitable" sale of Solera Networks to network security firm Blue Coat Systems in an all-cash transaction. USA Today, May 24, 2013

Krebs, KrebsOnSecurity, As Malware Memes: Hardly a week goes by when I don't hear from some malware researcher or reader who's discovered what appears to be a new sample of malicious software or nasty link that invokes this author's name or the name of this blog. I've compiled this post to document a few of these examples, some of which are quite funny. KrebsOnSecurity, May 22, 2013

Jeff Snyder's SecurityRecruiter.com Security Recruiter Blog 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog