Monday, July 15, 2013

Cyber Security News and Education for the Week of July 15, 2013

Cyber Security News of the Week
 From our friends at Citadel Information Group

Nintendo's Fan Site Hit By Illicit Logins, 24,000 Accounts Accessed: IDG News Service (Tokyo Bureau) - Nintendo said a main fan site was hit by a wave of illicit login attempts in Japan over the last month, with attackers gaining access to nearly 24,000 accounts containing users' real names, addresses, phone numbers and emails information. CIO, July 8, 2013

Morningstar warns clients of data breach: Morningstar Inc. says personal information of about 2,300 users of its Morningstar Document Research service may have been compromised by a security breach last year. ChicagoTribune, July 5, 2013

Cyber Warning
CRYPTOCAT ENCRYPTED CHAT VULNERABLE TO SIMPLE BRUTE FORCE DECRYPTION: Cryptocat, an open source encrypted Web-based chat application, is taking heat from numerous places after a vulnerability was discovered that put chats at risk for relatively simple decryption, experts say. ThreatPost, July 8, 2013

Cyber Underworld
Styx Exploit Pack: Domo Arigato, PC Roboto: Not long ago, miscreants who wanted to buy an exploit kit - automated software that helps booby-trap hacked sites to deploy malicious code - had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms." KrebsOnSecurity, July 8, 2013

Cyber Security Management
5 Security Bolstering Strategies That Won't Break the Bank: CSO - Today's security threats span a broad spectrum of social engineering schemes, international hackers, and insider threats like the recent NSA breach. It's easy to get overwhelmed by all of the potential threats and where money should be spent to keep up, let alone stay ahead of the curve. CIO, July 8, 2013

Workers Don't Trust Employers with Personal Data: Survey: A new report from Aruba Networks has outlined a clear disparity between what employees want and what the IT department needs, particularly when it comes to the blending of personal and work-related information. Security Week, July 8, 2013

Cyber Security Management - Cyber Update
Adobe, Microsoft Release Critical Updates: Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks. KrebsOnSecurity, July 9, 2013

Securing the Village
NIST seeks input on cybersecurity framework: Starting tomorrow, July 10th, in San Diego, the National Institute of Standards and Technology (NIST) will host the third, and perhaps most important, in a series of workshops aimed at developing a voluntary comprehensive cybersecurity framework that will apply across sixteen critical infrastructure sectors. CSO, July 9, 2013

Record Number of Executives Attend ISSA-LA Information Security Summit on Cybercrime: A diverse group of nearly 800 leading cybercrime experts, information security professionals, and C-suite business executives recently attended the most successful ISSA-LA Cybercrime Summit. PRLog, July 6, 2013

Securing the Village - Online Bank Fraud
Banks' Commercial Customers Face Online Risks: Written by Dr. Stahl An L.A. accounting firm recently discovered cybercriminals had fraudulently transferred $150,000 from its bank account ... The article describes how ISSA-LA and several forward-looking banks - including City National Bank, American Business Bank, BBCN and California United Bank - are working together to combat online bank fraud. Los Angeles Business Journal, July 7, 2013

Critical Infrastructure
EXPOSED ROOT SSH KEY WAS SHIPPING WITH EMERGENCY ALERT SYSTEM DEVICES:UPDATE - Firmware images for the application servers that distribute messages for the Emergency Alert System in the United States were shipping with a private root SSH key that has been disclosed. Hackers who have this key can access one of these servers and interrupt or manipulate an EAS message. ThreatPost, July 8, 2013

FAA CALLED OUT FOR LAX INFORMATION SECURITY CONTROLS: The Federal Aviation Administration's (FAA) Civil Aviation Registry lacks proper security controls to prevent unauthorized access to its systems, according to a report based on a recent audit undertaken by the Office of the Inspector General (OIG) for the United States Department of Transportation (DoT). ThreatPost, July 8, 2013

Cyber Law
Senate Commerce panel unveils cybersecurity bill: The Senate Commerce, Science and Transportation Committee announced a draft bill on Thursday aimed at improving the nation's defenses against hackers. The Hill, July 11, 2013

Cyber Misc
DEF CON To Feds: We Need Some Time Apart: One of the more time-honored traditions at DEF CON - the massive hacker convention held each year in Las Vegas - is "Spot-the-Fed," a playful and mostly harmless contest to out undercover government agents who attend the show. KrebsOnSecurity, July 10, 2013

Jeff Snyder’s Security Recruiter Blog 719.686.8810's Security Recruiter Blog