Monday, June 10, 2013

Cyber Security News for the Week of June 10, 2013


Cyber Security News of the Week
 From our friends at Citadel Information Group

Cyber Privacy

PRISM: Here's how the NSA wiretapped the Internet: The U.S. National Security Agency's PRISM program is able to collect, in real time, intelligence not limited to social networks and email accounts. But the seven tech companies accused of opening 'back doors' to the spy agency could well be proven innocent. ZDNet, June 8, 2013

Obama Calls Surveillance Programs Legal and Limited: WASHINGTON - President Obama offered a robust defense of newly revealed surveillance programs on Friday as more classified secrets spilled into public, complicating a summit meeting with China's new president focused partly on human rights and cybersecurity. The New York Times, June 7, 2013

U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program: The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post. The Washington Post, June 6, 2013

Watch Top U.S. Intelligence Officials Repeatedly Deny NSA Spying On Americans Over The Last Year (Videos): To paraphrase Joseph Heller: Just because you're paranoid doesn't mean they aren't surveilling you. Forbes, June 6, 2013

Europe Continues Wrestling With Online Privacy Rules: BRUSSELS - More than a year ago, the European Union's top justice official proposed a tough set of measures for protecting the privacy of personal data online. The New York Times, June 6, 2013

NSA's Verizon Spying Order Specifically Targeted Americans, Not Foreigners: The National Security Agency has long justified its spying powers by arguing that its charter allows surveillance on those outside of the United States, while avoiding intrusions into the private communications of American citizens. But the latest revelation of the extent of the NSA's surveillance shows that it has focused specifically on Americans, to the degree that its data collection has in at least one major spying incident explicitly excluded those outside the United States. Forbes, June 5, 2013

NSA collecting phone records of millions of Verizon customers daily: NSA collecting phone records of millions of Verizon customers daily: The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April. The Guardian, June 5, 2013

Online Bank Fraud

FDIC: 2011 FIS Breach Worse Than Reported: A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation's largest financial services providers. KrebsOnSecurity, June 4, 2013

Cyber Warning

Android super-malware discovered - Is Google's platform in peril?: Android malware has long been a very real, but limited threat to devices. These malicious software packages have so far been poorly coded, easy to detect, and even easier to remove. But a newly detected Trojan targeting Google's platform looks more like an advanced Windows virus than Android malware. It exploits multiple previously unknown vulnerabilities in the mobile OS, uses complex code obfuscation techniques, and blocks uninstall attempts. ExtremeTech, June 7, 2013

Android Antivirus Products a Big Flop, Researchers Say: Android smartphones and tablets are under attack, and the most popular tools developed to protect them are easily circumvented, according to new research from Northwestern University and the University of North Carolina. CIO, June 6, 2013

Cyber Security Management - Cyber Defense

Should companies be allowed to 'hack back'?: Radio featuring Dr. Stahl American businesses are at a loss as to what they could do to end cyber-espionage and intellectual property theft. One Internet security firm estimates that an organization is hit by malware every few minutes, and there's very little companies can do to protect themselves or seek recourse. Air Talk with Larry Mantle. KPCC. Southern California Public Radio, June 4, 2013

How To Avoid The Virus On Facebook That Can Drain Your Bank Account: If you click on the wrong link on Facebook, a virus may find its way into your bank account and drain it of all your money. The New York Times' Bits Blogs details how a 6-year-old virus called Zeus is all over Facebook right now. Here's how to avoid it. Huffington Post, June 4, 2013

Some companies looking at retaliating against cyber attackers: Frustrated by their inability to stem an onslaught of computer hackers, some companies are considering adopting the standards of the Wild West to fight back against online bandits. LA Times, May 31, 2013

Cyber Security Management

Mobile Boom Turns BYOD Into Unmanaged Risk, Check Point Finds: The challenge of securing mobile technology is starting to overwhelm some IT departments, with many BYOD smartphones and tablets left in an unmanaged state despite the risk of data loss, a global survey by Check Point has found. CIO, June 7, 2013

CISOs Must Engage the Board About Information Security: With technology now at the center of nearly all business processes, information security is no longer simply an operational concern. It deserves a place on the board's strategic agenda. And that means the CISO needs to step up in the boardroom. CIO, May 31, 2013

Securing the Village

Google Ups Bug Bounty Awards: Google has made its vulnerability reward program even more lucrative for security researchers who discover bugs in its software and services. DarkReading, June 7, 2013

Microsoft Authorities Disrupt Hundreds of Citadel Botnets with 'Operation  B54': Calling it the company's "most aggressive" botnet operation operation to date, Microsoft has joined with the FBI for a massive disruption of the Citadel botnet. ThreatPost, June 6, 2013

The Report of the Commission on the Theft of American Intellectual Property: The scale of international theft of American intellectual property (IP) is unprecedented-hundreds of billions of dollars per year, on the order of the size of U.S. exports to Asia. IP Commission, May 2013

National Cyber Security

President Obama to Press Chinese President on Cybersecurity, As NSA Surveillance Looms Large: SAN JOSE, Calif. - News that the U.S. government has been secretly monitoring Americans' phone calls and internet activity is threatening to derail President Obama's efforts to press Chinese President Xi Jinping on cybersecurity when the two leaders sit down for two days of talks in California later today. ABC News, June 7, 2013

Cyber Underworld

Vrublevsky Arrested for Witness Intimidation: Pavel Vrublevsky, the owner of Russian payments firm ChronoPay and the subject of an upcoming book by this author, was arrested today in Moscow for witness intimidation in his ongoing trial for allegedly hiring hackers to attack against Assist, a top ChronoPay competitor. KrebsOnSecurity, June 5, 2013

Cashout Service for Ransomware Scammers: There are 1,001 ways to swindle people online, but the hardest part for crooks is converting those ill-gotten gains into cash. A new service catering to purveyors of ransomware - malware that hijacks PCs until victims pay a ransom - levees a hefty fee for laundering funds from these scams, and it does so by abusing a legitimate Web site that allows betting on dog and horse races in the United States. KrebsOnSecurity, June 3, 2013

You're Being Hacked: Cyberspies are everywhere. But who are they helping? Winding through corridors lined with poison-tipped umbrellas, pistols fashioned from lipstick tubes, and bulky button-hole cameras, visitors to Washington's International Spy Museum will soon be confronted by a modern, quotidian tool of the trade: a small black laptop. According to the computer's owner, it was employed over a three-year period to briefly knock WikiLeaks offline, disable almost 200 jihadist websites, and develop a handful of sophisticated hacking tools. The laptop, says International Spy Museum executive director Peter Earnest, will "provide historical context to the ... world of espionage and the intelligence community, in this instance through the scope of cyberterrorism." Newsweek, May 29, 2013

Cyber Research

Laws of Physics Say Quantum Cryptography Is Unhackable. It's Not: In the never-ending arms race between secret-keepers and code-breakers, the laws of quantum mechanics seemed to have the potential to give secret-keepers the upper hand. A technique called quantum cryptography can, in principle, allow you to encrypt a message in such a way that it would never be read by anyone whose eyes it isn't for. Wired, June 7, 2013

Cyber Misc

Robbing a Gas Station: The Hacker Way: Thieves of the future will look back on today's stick-up artists and have a good old belly laugh. Why would anyone ever rob a cashier with a gun, when all that is needed is a smartphone? The New York Times, June 6, 2013


SecurityRecruiter.com's Security Recruiter Blog