Monday, July 22, 2013

Cyber Security News and Education for the Week of July 22, 2013

Cyber Security News of the Week
 From our friends at Citadel Information Group

Cyber Attack

Most stock exchanges see cyber-crime as systemic risk: Survey: NEW DELHI: A majority of stock exchanges worldwide came under cyber attacks last year and almost 90 per cent of them perceive such activities to be a potential systemic risk, according to a survey. The Economic Times, July 17, 2013

South Korean Officials: North Korea Was Behind Recent Cyberattacks: The attacks on South Korea's presidential office website as well as other government and media sites last month on the anniversary of the Korean War came out of North Korea, officials in South Korea said today. DarkReading, July 16, 2013

Cyber Privacy

Detroit withdraws list with creditors' personal information: The City of Detroit withdrew a list of creditors filed with the U.S. Bankruptcy Court for the Eastern District of Michigan after accidentally disclosing the names and addresses of all of the city's active employees and retirees. Detroit Free Press, July 19, 2013

NSA Data Collection Worrisome For Global Firms: With the past month's revelations of vast data-collection by the National Security Agency and the cooperation of U.S. technology companies with that collection, global firms should focus on encrypting their data in the cloud, security experts say. DarkReading, July 13, 2013

How Microsoft handed the NSA access to encrypted messages: Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian. The Guardian, July 11, 2013

This MIT Website Tracks Your Digital Footprint Through Gmail: While the world is still trying to figure out how much the NSA is spying on them, this MIT website offers a glimpse at the personal data email users reveal online every day Time, July 5, 2013

Online Bank Fraud

How Online Bank Fraud Could Destroy Your Business: In the past 10 years, online banking has exploded, with millions of customers checking their balances and moving money around through Web browsers. TechNewsDaily, July 16, 2013

Report: Phone Fraud Plagues Call Centers At Financial Institutions: A caller phones the customer service center at a regional bank and gives just enough information to authenticate himself as a customer. Then he starts asking the service representative for information he has "forgotten" - and he keeps dialing the call center until he has enough information to open a new account somewhere else. DarkReading, July 15, 2013

Survey Says: ACH, Wire Fraud Growing: Despite increased investments in anti-fraud solutions and technologies, banking institutions continue to struggle with losses linked to ACH and wire fraud. BankInfoSecurity, July 13, 2013

FFIEC Guidance: Has It Reduced Fraud?: Two years after federal banking regulators issued updated guidelines aimed at enhancing authentication for online-banking transactions, BankInfoSecurity asked industry leaders whether that new guidance has been effective at curbing account takeover losses. BankInfoSecurity, July 12, 2013

Cyber Threat

Universities Face a Rising Barrage of Cyberattacks: America's research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen. The New York Times, July 16, 2013

New Techniques Obfuscate, Optimize SQL Injection Attacks: SQL injection attacks already stand as one of the most effective means hackers use to break into enterprise database infrastructures today. Now the attack could get a boost in effectiveness when a researcher at Black Hat USA later this month takes the wraps off new techniques that will make it harder for defenses to detect SQL injection attempts and which will speed up the process of extracting data from databases through blind SQL injection attacks. DarkReading, July 9, 2013

Cyber Warning

Styx Crypt Makers Push DDoS, Anti-Antivirus Services: I recently published a piece that examined the role of several Ukrainian men likely responsible for making and marketing the Styx Pack malware exploit kit. Today's post will show how this same enterprise is linked to a DDoS protection scheme and a sprawling cybercrook-friendly malware scanning service that is bundled with Styx-Crypt. KrebsOnSecurity, July 19, 2013

FAUX FBI RANSOMWARE TARGETING OS X USERS: The Federal Bureau of Investigation issued an alert yesterday warning users about a strain of ransomware purporting to come from the FBI that is targeting Mac OS X machines. ThreatPost, July 19, 2013

'Hangover' Persists, More Mac Malware Found: Researchers who this spring unearthed details of a diverse cyberespionage campaign out of India recently discovered it using additional malware targeting Mac OS X machines, as well as telltale signs that some of the suspected actors behind the hacks know they are being watched online. darkReading, July 18, 2013

Massive Tumblr Security Flaw Requires Everyone On iPhone, iPad To Change Their Password: Tumblr has asked all users of its app on iPhone and iPad to change their password and download an update of the social blogging software in order to cure a security flaw. The news came in a very brief blog post by the company that did not explain the extent of the security breach. Business Insider, July 17, 2013

D'OH! Use Tumblr on iPhone or iPad, give your password to the WORLD: Exclusive Tumblr's iOS app fails to log users in through a secure (SSL) server, it has emerged. As a result users' plaintext passwords are exposed to anyone able to sniff traffic on any Wi-Fi network an iOS user happens to use to connect to the popular cats'n'grumble free-content platform. The Register, July 17, 2013

New digitally signed Mac malware confuses users with right-to-left file name tricks: A new piece of digitally signed spyware for Mac OS X uses a special Unicode character in its file name to hide its real file extension from users and trick them into installing it. MacWorld, July 16, 2013

Cyber-Criminals: Extorting Money From a Computer Near You: Traditionally speaking, when the laymen think about cybercrime, they are usually picturing hackers sneaking into networks and installing viruses designed to destroy data and computers. To many, cybercrime consists of computer whizzes hanging out in their rooms, creating viruses for malicious purposes, all so they can brag to their hacking buddies. It's a stereotype that was somewhat accurate over 20 years ago, but today? Nothing could be further from the truth. Cybercrime aims to not destroy computers and data for malicious purposes, but instead steal information and data for financial gain. In short, cybercrime is now a huge business, and no one is 100% safe. Yahoo, July 15, 2013

Encryption no protection from government surveillance: Microsoft, Skype and other online service providers regularly tell their customers that customer privacy is "our priority." Perhaps they should add a disclaimer, that orders from the federal government seeking surveillance of those customers are a higher priority. CSO, July 15, 2013

UNPATCHED VULNERABILITIES DISCLOSED IN ASUS HOME ROUTERS: Asus home routers are open to a number of potential remote attacks because of vulnerabilities in the AiCloud service bundled with the hardware. ThreatPost, July 15, 2013

WordPress, Other CMS Platforms Give Attackers Room For Creativity: The recent news about the role WordPress played in a pair of New York Times breaches and a string of other compromises has refocused the spotlight on how content management systems (CMS) offer attackers fertile ground for sowing the seeds of criminal intrigue online. DarkReading, July 15, 2013

Browser Plug-In Vulns The Endpoint's Weakest Link: Despite all of the attention given to zero-day attacks and system vulnerabilities, the typical exploit assaulting enterprise endpoints actually looks for a much easier attack vector to launch attacks. In more cases than not, the application used to access the Web is also the one most online attackers will target. That's because most attackers and online exploit kit designers realize that the common browser is usually an endpoint's weakest link. Not only are enterprises generally slow to keep up with browser patching, they're downright sluggish at updating plug-ins and extensions. DarkReading, July 12, 2013

Unusual file-infecting malware steals FTP credentials: A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro. PC World, July 15, 2013

Cyber Security Management

One big threat to cybersecurity: IT geeks can't talk to management: A new report on the state of risk-based cybersecurity management helps explain why IT employees and their corporate bosses don't see eye to eye about hacking and other computer-based threats. Quartz, July 15, 2013

7 reasons for security awareness failure: There is a great dichotomy in Security Awareness. Just about all of the CSOs we talk to believe that one of their top priorities is to improve their organization's security culture - in other words, the behavior of their users. Similarly, we see article after article and study after study talking about how humans are the primary attack vector for advanced attacks. Some studies indicate that human exploitation is the key enabler in as many as 90 percent of attacks. Buzzphrases, such as protecting and attacking Layer 8 have emerged. CSO, July 10, 2013

Cyber Security Management - Cyber Update

Google patches Glass hijack vulnerability: Google Glass suffered its first major security vulnerability that would have allowed an attacker to take control of the wearable headset by exploiting a flaw in how it connects to Wi-Fi networks. ZDNet, July 17, 2013

Alternative fixes released for Android 'master key' vulnerability: More fixes are appearing for a pair of highly dangerous vulnerabilities exposed earlier this month in the Android mobile operating system. PCWorld, July 16, 2013

Cyber Security Management - Cyber Defense

Windows 8.1 steps up security with biometrics, encryption, and more: Most of the attention on Windows 8.1 Preview emphasizes the many interface changes and new features. In the background, Windows 8.1 also offers a number of security enhancements that will help keep the new OS in step with changing times-how we browse, how we share data among devices, and which devices we use. The improvements range from better browser security to built-in encryption, to remote wiping of business files. We even tracked down a few sneak-preview screenshots of things that have been announced but aren't part of the Preview release. PCWorld, July 16, 2013

Oracle's July Patch Release Includes 27 Fixes for Remote Exploits: IDG News Service - Oracle said on Tuesday that its monthly round of patches for July includes 89 fixes, 27 of which address remotely exploitable vulnerabilities in four widely used products. CIO, July 16, 2013

UC BERKELEY STUDY CONFIRMS BROWSER SECURITY WARNINGS PROVING EFFECTIVE: Users heed Web browser security warnings more than previously thought, according to research unveiled this week. ThreatPost, July 11, 2013

Cyber Underworld

Nations Buying as Hackers Sell Flaws in Computer Code: On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs - not the island's many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit. The New York Times, July 13, 2013

Critical Infrastructure

NIST closer to critical infrastructure cybersecurity framework: The National Institute of Standards and Technology (NIST) held in San Diego last week the third of four workshops to develop a comprehensive cybersecurity framework for critical infrastructure as required under an executive order signed by President Obama on February 12, 2013. NIST's goal with the workshop was to solicit feedback from nearly five hundred attendees to generate content for the preliminary draft framework, which is due in early October. CSO, July 17, 2013's Security Recruiter Blog