Monday, June 03, 2013

Cyber Security News for the Week of June 3, 2013

Cyber Security News of the Week
From our friends at Citadel Information Group

The State of Cyber Security; Information System Security Association Los Angeles Findings; Role of Insurance in Cyber Security: Stan Stahl discusses ISSA-LA Summit V with Bennet Kelley. Cyber Law and Business Report - Online Radio, May 29, 2013

Cyber Espionage
It's Not Just China: Indian Hacker Group Spied On Targets In Pakistan, U.S. And Europe:Chinese hackers may have become the bogeyman of cybersecurity nightmares, but it's worth remembering that they don't have a monopoly on digital espionage. In fact, researchers have now tied a series of attacks on hundreds of targets over the last three years to a more unusual suspect: India. Forbes, May 21, 2013

Cyber Warning
Google Researcher Reveals Zero-Day Windows Bug: Google security researcher Tavis Ormandy this week published full details for a zero-day Windows vulnerability, including proof-of-concept (PoC) exploit code. Information Week, May 24, 2013

Cyber Security Management - Cyber Defense
3 Lessons From Layered Defense's Missed Attacks: Layering security measures typically protects systems better: Research (PDF) by three University of Michigan graduate students in 2008, for example, found that using multiple antivirus engines result in much better protection than using a single program. DarkReading, May 29, 2013

How to Secure USB Drives and Other Portable Storage Devices: For all their convenience, misplaced or stolen storage devices often result in the loss of confidential data. To protect against embarrassing, costly and damaging data breaches, take these steps to protect your employees' portable storage devices. CIO, May 28, 2013

Cyber Security Management - HIPAA HITECH
HHS OCR director leon rodriguez's dialogue on HIPAA/HITECH compliance: "HIPAA is a valve, not a blockage," stated HHS OCR Director Leon Rodriguez, at the OCR/NIST 6th Annual Conference on Safeguarding Health Information: Building Assurance through HIPAA Security. Discussing the tension inherent in HIPAA, between patient access to patient information and an organization's safeguarding of protected health information (PHI), Director Rodriguez characterized OCR's HIPAA guidance as providing the "super highways" to ensuring patient access to PHI and to safeguarding PHI. An organization, on its own, must figure out the "surface streets," emphasizing once again the flexibility and scalability of HIPAA. Regardless of the type or size of an organization governed by HIPAA, the basic rules remain the same. To adequately safeguard PHI, HIPAA defines a process. HIPAA provides an organization with a series of decisions, policies and procedures, analyses, and plans. Above all, patient expectations govern. Lexology, May 23, 2013

Securing the Village
New York Regulator Asks Insurers About Readiness for Cyber Threats: New York's top financial regulator has asked some of the largest U.S. insurance companies to disclose details on their preparedness for cyber attacks, following a similar request to major banks earlier this year. Insurance Journal, May 29, 2013

DHS Eyes Sharing Zero-Day Intelligence With Businesses: DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.Information Week, May 16, 2013

National Cyber Security
Obama to discuss cybersecurity with China's Xi: White House: (Reuters) - President Barack Obama will discuss cybersecurity with Chinese President Xi Jinping when the two leaders meet in California next week, White House spokesman Jay Carney said on Tuesday. Reuters, May 28, 2013

Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies: Designs for many of the nation's most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry. The Washington Post, May 27, 2013

Cyber Underworld
Underweb Payments, Post-Liberty Reserve: Following the U.S. government's seizure this week of virtual currency Liberty Reserve, denizens of the cybercrime underground collectively have been progressing through the classic stages of grief, from denial to anger and bargaining, and now grudging acceptance that any funds they had stashed in the e-currency system are likely gone forever. Over the past few days, the top discussion on many cybercrime forums has been which virtual currency will be the safest bet going forward? KrebsOnSecurity, May 30, 2013

U.S. Government Seizes U.S. federal law enforcement agencies on Tuesday announced the closure and seizure of Liberty Reserve, an online, virtual currency that the U.S. government alleges acted as "a financial hub of the cyber-crime world" and processed more more than $6 billion in criminal proceeds over the past seven years. KrebsOnSecurity, May 28, 2013

Reports: Liberty Reserve Founder Arrested, Site Shuttered: The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing, a volunteer organization dedicated to combating global computer crime. KrebsOnSecurity, May 25, 2013

Cyber Law
Senators propose law to combat cyber theft: (Reuters) - A group of senior Republican and Democratic senators proposed a new law on Tuesday to combat computer espionage and the theft of valuable commercial data from U.S. companies. Reuters, May 7, 2013

Cyber Research
Experts Say More Research Needed to Foil Cyber Criminals: Virtually non-existent two decades ago, cybercrime has become one of the fastest growing criminal enterprises around the world. Estimates peg the global cost of crimes ranging from malware to data theft at about $100 billion a year. And it's growing. Efforts to combat the problem have taken on urgency, but, there is growing debate on how best to foil hi-tech offenders. Voice of America, May 28, 2013

Cyber Sunshine
Ill. man pleads guilty in NY cyber-attacks case; targets included law enforcement, contractors: NEW YORK - A self-described anarchist and "hacktivist" from Chicago pleaded guilty Tuesday to charges he illegally accessed computer systems of law enforcement agencies and government contractors. The Washington Pos, May 28, 2013

Jeff Snyder’s Security Recruiter Blog 719.686.8810's Security Recruiter Blog