Monday, July 01, 2013

Cyber Security News and Education for the Week of July 1, 2013

Cyber Security News of the Week
 From our friends at Citadel Information Group

Cyber Privacy

FTC'S 'RECLAIM YOUR NAME' WOULD REGULATE BIG DATA: Big data is big. So big in fact, Science Daily claimed in May that 90 percent of all the world's data have been generated in the last two years. In early 2012, the New York Times' Steve Lohr reported that the total amount of data in the entire world would double every two years from that point on. Much of these data are personal information. The same personal information that we now know the National Security Administration routinely and baselessly collects as part of its PRISM program. The same personal information that data brokers and other companies buy and sell and analyze with no little or no consent to consumers as part of an increasingly lucrative and largely unregulated industry. Threatpost, June 28, 2013

Under Obama, NSA Collected Bulk Email, Internet Data of Americans: The National Security Agency collected bulk data on the email traffic of Americans under the Obama administration, according to new documents leaked by NSA whistleblower Edward Snowden. Wired, June 27, 2013

Finally You'll Get To See The Secret Consumer Dossier They Have On You: For the first time ever, the big daddy of all data brokers is nearly ready to show consumers their intimate personal dossiers, a move aimed at staving off public fears of Big Brother and government regulation. Forbes, June 25, 2013

Identity Theft Protection Companies: Separating the Hype from the Real: The identity theft prevention industry has long been defined by its habits of overpromising and underdelivering. Perhaps the best example of that was the famous LifeLock (LOCK) ad campaign, in which the company's CEO proudly announced: "My name is Todd Davis. This is my Social Security number: 457-55-5462." Daily Finance, June 25, 2013

Personal information accessed in Dept. of Education security breach: TALLAHASSEE, Fla. - The Florida Department of Education is warning prospective teachers that their personal information may have been accessed during a security breach. WFTV, june 23, 2013

Data Security Is a Classroom Worry, Too: LIKE many privacy-minded parents of elementary students, Tony Porterfield tries to keep close tabs on the personal information collected about his two sons. So when he heard that their school district in Los Altos, Calif., had adopted Edmodo, an online learning network connecting more than 20 million teachers and students around the world, he decided to check out the program. The New York Times, June 22, 2013

Cyber Warning

Opera Says Hackers Pilfered Expired Code-signing Certificate: IDG News Service - Opera Software said Wednesday hackers pilfered from its internal systems at least one code-signing certificate that was used to sign malicious software. CIO, June 27, 2013

Web Badness Knows No Bounds: If your strategy for remaining safe and secure online is mainly to avoid visiting dodgy Web sites, it's time to consider a new approach. Data released today by Google serves as a welcome reminder that drive-by malware attacks are far more likely to come from hacked, legitimate Web sites than from sites set up by attackers to intentionally host and distribute malicious software. KrebsOnSecurity, June 25, 2013

PRE-INSTALLED BACKUP SOFTWARE ON LG ANDROID PHONES VULNERABLE TO ROOT EXPLOIT:  A vulnerability in backup software installed on some LG Android smart phones could enable an attacker with access to the device to gain root privileges. Threatpost, June 25, 2013

Cyber Security Management

How big data is transforming information security: In this video recorded at Hack In The Box 2013 Amsterdam, Eddie Schwartz, CSO at RSA, The Security Division of EMC, discusses the impact of big data on information security. He talks about security management, fraud, identity management, governance, risk and compliance. Help Net Security, June 25, 2013

What Comes After A Data Breach? Reduce Legal Risk: You're breached; it's above the fold in the paper. Customers are fearful. What do you do? At a minimum start with providing credit monitoring for victims to reduce litigation risk. Forbes, June 24, 2013

The Debate Over Cyber Threats: The federal government is taking actions to help defend corporations from cyber attacks. Cyber warfare ranks high as a risk for any business. Fortunately for corporate boards, the federal government has action heroes attacking this evil. Pennsylvania Avenue has been fighting cyber crime since the earliest days of the Internet. Consider the Federal Bureau of Investigation's successful bust of the 414s hackers back in 1983 under President Ronald Reagan. Yet of all presidential administrations, Obama's may be the most active yet in fighting cyber crime. Directors can take tips from the action. NACD, June 21, 2013

Cyber Security Management - Cyber Update

14 VULNERABILITIES FIXED IN FIREFOX 22: Mozilla has fixed 14 security vulnerabilities in Firefox, including four critical flaws that could allow remote code execution. There also are six high-severity vulnerabilities fixed in Firefox 22. Threatpost, June 26, 2013

Cyber Security Management - HIPAA

Healthcare cybersecurity requires provider collaboration: With a consistently-evolving cybersecurity threat landscape, healthcare organizations are going to be forced more than ever to collaborate and learn security best practices from each other. The National Health Information Sharing and Analysis Center (NH-ISAC) is one example of a forum in which these organizations can share healthcare data security successes and failures that become even more pertinent in the event of emergency or disaster.Healthitsecurity, June 27, 2013

Cyber Underworld

Carberp Code Leak Stokes Copycat Fears: The source code for "Carberp" - a botnet creation kit coded by a team of at least two dozen hackers who used it to relieve banks of an estimated $250 million - has been posted online for anyone to download. The code leak offers security experts a fascinating and somewhat rare glimpse into the malcoding economy, but many also worry that its publication will spawn new hybrid strains of sophisticated banking malware. KrebsOnSecurity, June 27, 2013

National Cyber Security

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far: A leaker as fascinating as Edward Snowden is his own worst enemy. The world has become so caught up in the suspense and intrigue of the Snowden Affair-practically a ready-made Robert Ludlum title-that it seems to have almost forgotten the massive National Security Agency surveillance controversy that he's risked his future to bring to light. Forbes, June 25, 2013

Cyber Misc

How Much is Your Gmail Worth?: If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground. KrebsOnSecurity, June 26, 2013's Security Recruiter Blog