Cyber Security News of the Week
From our friends at Citadel Information Group
Phony Order Faxed To Registrar Leads to Metasploit Defacement: A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. ThreatPost, October 18, 2013
Breach at PR Newswire Tied to Adobe Hack: Earlier this year, hackers broke into the networks of marketing and press release distribution service PR Newswire, making off with usernames and encrypted passwords that customers use to access the company's service and upload news releases, KrebsOnSecurity has learned. KrebsOnSecurity, October 16, 2013
Verify, then trust: ONE of the many outcomes of Edward Snowden's leaks was to confirm what security researchers had long nervously joked about-that Western intelligence agencies spend a great deal of time and money trying to undermine the cryptographic software that secures computers all over the world (similar suspicions swirl around the Chinese and Russian spy agencies, too). The documents suggest that the spies lean on firms to build "back doors" into their products, infiltrate those companies with their own employees, and work to nobble cryptographic standards. The Economist, October 18, 2013
Privacy Fears Grow as Cities Increase Surveillance: OAKLAND, Calif. - Federal grants of $7 million awarded to this city were meant largely to help thwart terror attacks at its bustling port. But instead, the money is going to a police initiative that will collect and analyze reams of surveillance data from around town - from gunshot-detection sensors in the barrios of East Oakland to license plate readers mounted on police cars patrolling the city's upscale hills. The New York Times, October 13, 2013
Apple iMessage Open To Man In The Middle, Spoofing Attacks: The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users' text messages-or decrypt them and hand them over at the order of a government agency.ThreatPost, October 18, 2013
Facebook 'stalker' Tool Uses Graph Search for Powerful Data Mining: IDG News Service - When a high-profile public figure living in Hong Kong hired the security company Trustwave to test if its experts could get his passwords, they turned to Facebook. CIO, October 17, 2013
ISSA-LA Alerts Public to Potential Cybercrime When Microsoft Stops Support of Windows XP in 2014: Los Angeles (I-Newswire) September 23, 2013 - The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is launching an awareness campaign to alert the public to an increased exposure to cybercrime when Microsoft stops supporting Windows XP on April 8, 2014. According to Net Applications, 38% of computers still use Windows XP. i-Newswire, September 23, 2013
Backdoor found in D-Link home routers: An easy-to-exploit backdoor has been found in seven different models of domestic routers made by D-Link and Planex. BBC, October 14, 2013
Thousands of Sites Hacked Via vBulletin Hole: Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn. KrebsOnSecurity, October 14, 2013
Cyber Security Management
Essential considerations when making changes to security: When it comes to security policies and practices, there are rules (both written and unwritten) that need to be adhered to. An organization simply cannot implement changes to security on the fly as it could lead to disaster. Yet, there are times when changes are necessary, or mandated due to an incident response plan. In that instance, what should business leaders be focusing on? CSO, October 17, 2013
Cyber Risk And The Board of Directors - Closing The Gap: The responsibility of corporate directors to address cyber security is commanding more attention and is obviously a significant issue. Yet here is how one writer entitled her Forbes article about the 2012 Carnegie Mellon Cylab Report: "Boards Are Still Clueless About Cybersecurity." Bloomberg Law
Cyber Security Management - Cyber Defense
10 Pitfalls Of IT Risk Assessment: As IT organizations seek to make better risk-based decisions about security practices, perhaps the No. 1 component for success is the IT risk assessment. However, even when organizations actually conduct a risk assessment, they frequently fall prey to mistakes that can greatly devalue the exercise. Here are some of the most common blunders to avoid. DarkReading, October 17, 2013
Yahoo Mail is switching to default SSL encryption: On the heels of its recent redesign, Yahoo Mail is adding a new feature many users have been requesting for years: encryption. The Washington Post revealed today that Yahoo Mail will begin using default SSL encryption for its webmail interface as of January 8th, 2014. The encryption, which protects messages sent between a user's computer and Yahoo servers, was only made available earlier this year as an option from Yahoo, although most security professionals view it as crucial for any level of privacy on the web. The move comes nearly four years after Gmail switched over to default SSL in January of 2010. The Verge, October 14, 2013
WordPress Attacks: Time To Wake Up: If I wrote a Security 101 story in light of this news - outdated WordPress sites are used to launch malicious attacks on other websites - it would go something like this: Use strong passwords. Stay current on software updates and patches. Educate employees on security risks and fundamentals. Use anti-malware tools and other technologies. Wash, rinse, repeat. InformationWeek, October 2, 2013
Cyber Security Management - HIPAA
SANS Announces Results of its Inaugural Health Care Information Security Survey:BETHESDA, Md., Oct. 17, 2013 /PRNewswire-USNewswire/ - SANS announces results of its inaugural health care information security survey, in which 373 health care IT professionals answered questions about their digital health initiatives, awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was sponsored by Oracle, Redspin, Tenable Network Security and Trend Micro.DarkReading, October 17, 2013
More HIPAA enforcement coming: When Office for Civil Rights Director Leon Rodriguez took the stage Monday to talk HIPAA at the HIMSS Media and Healthcare IT News Privacy and Security Forum, the timing was perfect. Healthcare IT News, September 24, 2013
Cyber Security Management - Cyber Update
Critical Java Update Plugs 51 Security Holes: Oracle has released a critical security update that fixes at least 51 security vulnerabilities in its Java software. Patches are available for Linux, Mac OS X, Solaris and Windows versions of the software.KrebsOnSecurity, October 16, 2013
Hackers Target Town After Dropped Sexual-Assault Case: The international band of Internet activists known as Anonymous has chosen the rural Missouri town of Maryville as the target of its latest campaign, after the Kansas City Star published a powerful examination of a possible rape case that went unprosecuted by local authorities. Time, October 14, 2013
Securing the Village
The 28th Annual 2013 ISSA SoCal Security Symposium: The SoCal Security Symposium features over 30 vendor exhibits and several industry experts discussing current security issues such as eDiscovery, cloud security, threat vectors, mobile security, and much more. There will be lots of give a ways and prizes! This conference will provide tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. Your registration will include your breakfast, lunch, ice cream social, CPE credits (8) and entrance into the conference sessions and exhibit area. ISSA of Orange County, Event Date: October 30, 2013
Many energy companies lagging in cybersecurity efforts, expert says: Energy companies are continuing to be hit by cyberattacks, in large part because of complacency by executives who don't understand the threat, a Verizon executive saidThursday. FuelFix, October 17, 2013
When Companies Are Hacked, Customers Bear the Brunt. But Not for Long: For the past two weeks, Security States has been exploring the possibility of liability for software design flaws. It's a critical issue-and likely the right answer from an economic perspective. But at this point that answer is theoretical. There are many steps between where we are today (no liability for any cyber breach) and there (product liability for software defects). The New Republic, October 15, 2013
Cybercrime fighters in short supply: Governments and corporations are struggling to find enough recruits to help fight cyber attacks with demand outstripping supply when it comes to the sector. ITProPortal, October 14, 2013
UPDATE: Man charged in TSYS identity theft violated computer policy at Paragon Benefits: A week after he was placed at Paragon Benefits Inc. by a temporary staffing agency, Drew Johnson appeared to be spending more time on his computer than his duties required before personal information from more than 5,200 TSYS employees was sent to his personal Gmail account, records in U.S. District Court stated Tuesday.Ledger-Enquirer, October 15, 2013
Cybersecurity companies attracting huge investment: SEATTLE - It's clear Wall Street has a love affair going with cybersecurity companies. CyberTruth asked Bob Ackerman, founder and managing director of Allegis Capital, to quantify the scale of investment going into cutting-edge technologies to stop cybercriminals. The metrics he pulled together are staggering. USA Today, October 16, 2013
Landmark Leadership Conferences for IT Executives: The IT Summit is the executive technology conference series returning to Los Angeles for our seventh annual event onOctober 23, 2013. The purpose of the summit is to provide educational and networking resources for the IT leaders in Southern California. The conference is driven by an Executive Board of regional IT professionals that directs the content of the conference. The IT Summit is designed to address the real-world opportunities and challenges faced by today's executives. The IT Summit, Event Date: October 23, 2013
Monday, October 21, 2013
Cyber Security News and Education for the Week of October 21, 2013
President of SecurityRecruiter.com and JeffSnyderCoaching.com. SecurityRecruiter.com is an executive search firm specialized in information security recruiting, cyber security recruiting, corporate security recruiting, physical security recruiting, converged security recruiting, IT risk management recruiting, enterprise risk management, global compliance recruiting, global privacy recruiting and business intelligence recruiting.
Through JeffSnyderCoaching.com, I provide Resume Writing, LinkedIn Profile Optimization, Personal Branding, Personal Marketing, Strengths Coaching, Emotional Intelligence Coaching, Career Coaching, Leadership Coaching, Executive Coaching, Coaching for Entrepreneurs and aspiring Entrepreneurs, Career Transition Coaching and more.
My clients include Fortune 500 clients crossing many different different industry boundaries including but not limited to Banking, Financial Services, Hospitality, Gaming, Insurance, eCommerce, Oil & Gas, Retail, Entertainment, Media, Software, Consumer Products, Hospitality, Mining, Security Consulting, Telecommunications and more.
My Security Recruiter Blog is home to information that security, risk, compliance, governance and privacy professionals need to grow their security careers and is updated weekly.
My recent public speaking activities include:
- CISO Forum and ISSA of Los Angeles
- CSO Roundtable for ASIS
- North Texas ISACA in Dallas, TX
- Information Security Leadership Forum, Dallas, TX
- ISSA in Denver, CO
- National CISO Forum of ISSA in Las Vegas
- ISSA in Colorado Springs
- EVANTA in Phoenix
- A private training session to train computer sales people in Denver to leverage LinkedIn to drive their sales business opportunities.
- I speak on leadership, career and overcoming adversity topics.
Testimonials of my recruiting work are found on the Security Recruiting Testimonials page of SecurityRecruiter.com. Testimonials for my coaching work are found on the Coaching Testimonials page of JeffSnyderCoaching.com.
I have a rather large and growing LinkedIn network with nearly 30,000 direct connections.