Monday, July 29, 2013

Cyber Security News and Education for the Week of July 29, 2013


Cyber Security News of the Week
From our friends at Citadel Information Group

Cyber Crime

Hacker Ring Stole 160 Million Credit Cards: U.S. federal authorities have indicted five men - four Russians and a Ukrainian - for allegedly perpetrating many of the biggest cybercrimes of the past decade, including the theft of more than 160 million credit card numbers from major U.S. retailers, banks and card processors. KrebsOnSecurity, July 25, 2013

Apple Confirms That Its Dev Center Has Been Breached By Hackers: After 3 days of silence as to why the iOS Developer Center has been down, Apple has just confirmed that they are investigating a security breach. TechCrunch, July 21, 2013

Cyber Privacy

Pinterest updating privacy policy soon; stresses 'Do Not Track' support: Pinterest has unveiled a number of new changes set to roll out in the coming weeks that could affect how users both discover and share traffic. ZDNet, July 26, 2013

Cyber Threat

What the $500 Billion Cybercrime Estimate Means for Enterprises: For enterprises, breaches have an ongoing cost that can take a long time to manifest as intellectual property continues to be stolen from the organization and is put into practice competitively in global markets. "When an attacker breaches your network his work has just begun," said security analyst Tom Cross. July 26, 2013

Cyber Warning

Email 'phishing' attacks by hackers growing in number, intensity: Fake emails get harder to distinguish from real ones as hackers use 'phishing' attacks to access company and government data. LA Times, July 25, 2013

Toward A Greater Mobile Mal-Awareness: Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. KrebsOnSecurity, July 24, 2013

SIM cards vulnerable to hacking, says researcher: IDG News Service - Millions of mobile phones may be vulnerable to spying due to the use of outdated, 1970s-era cryptography, according to new research due to be presented at the Black Hat security conference. ComputerWorld, July 22, 2013

UN warns on mobile cybersecurity bugs in bid to prevent attacks: BOSTON, July 21 (Reuters) - A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones. Reuters, July 21, 2013

Cyber Security Management

Fact or Fiction: Your Smartphone and Tablet Are Vulnerable to Hackers: Personal computers have been subject to cyber attacks from the moment we began connecting them to the Internet. Nowadays, malicious software lurking in spam and on Web pages is kept at bay only through effort and expense. So why don't we have the same security problem with our smartphones and tablets, which are essentially variations on the PC? Scientific American, July 22, 2013

CSIS Releases Study Linking Cybercrime To Job Loss: WASHINGTON, D.C., - July 22, 2013 - McAfee announced today that it has sponsored a first-of-its-kind report quantifying the economic impact of cybercrime. After years of guesswork and innumerable attempts to quantify the costly effects of cybercrime on the U.S. and world economies, McAfee engaged one of the world's preeminent international policy institutions for defense and security, the Center for Strategic and International Studies (CSIS), to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide. "Estimating the Cost of Cybercrime and Cyber Espionage" posits a $100 billion annual loss to the U.S. economy and as many as 508,000 U.S. jobs lost as a result of malicious cyber activity. DarkReading, July 22, 2013

Cyber Security Management - Cyber Update

Somebody's Watching You: Hacking IP Video Cameras: Turns out those IP cameras used for physical security in businesses and homes can be easily hijacked by bad guys. DarkReading July 25, 2013

Cyber Security Management - Cyber Defense

MALWARE EVASION TECHNIQUES DISSECTED AT BLACK HAT: Malware ingenuity isn't limited to its functionality or its ability to propagate. Sometimes malicious code has to have guile to survive. ThreatPost, July 26, 2013

Cyber Security Management - HIPAA

United States: Business Associate Agreements ("BAAs") Under the New HIPAA/HITECH Omnibus Final Rule ("Final Rule"): Earlier this month, I attended the annual meeting of the American Health Lawyers Association in San Diego. This meeting was excellent from a networking perspective and the substantive information imparted during the various break-out sessions. A number of these sessions were devoted to or touched upon the Final Rule that was published on January 25, 2013, those terms that must now be included in BAAs under such Final Rule, and the effect of such Final Rule upon a business associate ("BA") - someone the Final Rule defines as a person acting on behalf of a covered entity ("CE") who (i) creates, receives, maintains or transmits protected health information ("PHI"); (ii) for a function or activity regulated by HIPAA; and (iii) provides certain identified services to such CE. Mondaq, July 21, 2013

Securing the Village

Security Vendors: Do No Harm, Heal Thyself: Security companies would do well to build their products around the physician's code: "First, do no harm." The corollary to that oath borrows from another medical mantra: "Security vendor, heal thyself. And don't take forever to do it!" KrebsOnSecurity, July 26, 2013

Critical Infrastructure - Banking

Wall Street's Exposure to Hacking Laid Bare: The indictment on Thursday of a long-running hacking ring is kindling fears that rogue programmers are going beyond theft and developing the capacity to wreak havoc on the broader financial system. The New York Times, July 25, 2013

Cyber Law

Wyndham Lawsuit Tests FTC's Data Security Enforcement Authority: A federal court judge in New Jersey on Wednesday agreed to allow the U.S. Chamber of Commerce and several other organizations to seek the dismissal of a closely watched data breach lawsuit filed by the Federal Trade Commission against Wyndham Worldwide Corp. CIO, July 19, 2013

Cyber Underworld

Haunted by the Ghosts of ZeuS & DNSChanger: One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing. KrebsOnSecurity, July 25, 2013

Cyber Misc

Why Cybersecurity is One of the Best Investments You Can Make Right Now: For months now, we've been harping to our readers about why cybersecurity is one of the absolute best investments you can get involved with right now. MoneyMorning, July 22, 2013

U.K.-based researcher claims responsibility for Apple Developer Center problems: Claiming that he was only attempting to hunt for bugs - security researcher Ibrahim BaliƧ has said that he was likely the source of a security breach, which forced Apple to take down their Developer Center portal last week. CSO, July 22, 2013


SecurityRecruiter.com's Security Recruiter Blog