Monday, December 02, 2013

Cyber Security News and Education for the Week of December 2, 2013

Cyber Security News of the Week  
From our friends at Citadel Information Group

Cyber Crime

Bitcoin Thefts Surge, DDoS Hackers Take Millions: Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays. InformationWeek, November 27, 2013

Cyber Privacy

Silicon Valley cranks up encryption, but it offers false sense of security: SAN JOSE - Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies. Mercury News, November 29, 2013

PRIVACY, HUMAN RIGHTS GROUPS FORM NEW ANTI-SURVEILLANCE COALITION: A large group of privacy and digital rights organizations has put together a new effort to urge politicians to curtail the mass surveillance operations that have been exposed in the last few months. The new coalition has developed a set of 13 principles for governments to follow in their intelligence gathering efforts and started a petition that it plans to deliver to the United Nations and governments around the world. ThreatPost, November 27, 2013

Microsoft to step up encryption to thwart NSA: Top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly. USA Today, November 27, 2013

EUROPEAN COMMISSION URGES U.S TO REFORM SURVEILLANCE METHODS: The European Commission is urging the United States government to make some changes to the way it handles surveillance to help restore the trust in the relationship between the EU and the U.S. The commission is asking for the U.S. to promote privacy rights internationally, adopt the EU's data protection reforms and respond to the commission's problems with the U.S.'s surveillance reform process. ThreatPost, November 27, 2013

N.S.A. May Have Hit Internet Companies at a Weak Spot: SAN FRANCISCO - The recent revelation that the National Security Agency was able to eavesdrop on the communications of Google and Yahoo users without breaking into either company's data centers sounded like something pulled from a Robert Ludlum spy thriller. The New York Times, November 25, 2013

Cyber Warning

FBI: Beware Online Shopping Scams: The FBI this week issued a series of reminders to online shoppers to beware of scams and to use their common sense. CIO, November 27, 2013

RUBY ON RAILS COOKIESTORE VULNERABILITY PLAGUES PROMINENT WEBSITES: A lingering security issue in Ruby on Rails that stems from a setting in the framework's cookie-based storage mechanism is still present in almost 2,000 websites. ThreatPost, November 26, 2013

Holiday Season Phishing Scams and Malware Campaigns: As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns. US-CERT, November 19, 2013

Cyber Security Management

Study: Companies are not as secure as they think: 80 percent of respondents satisfied with current level of security despite only 13 percent having recently updated security approach. CSO, November 25, 2013

The more you know, the less likely you are to be a victim of cybercrime: Security awareness and user education are the most effective tools for avoiding the rising costs of cybercrime. CSO, November 22, 2013

Study: Business leaders lacking confidence in IT: When it comes to the readiness of critical IT requirements, including availability, security, as well as backup and recovery, business leaders in some of the world's top markets lack confidence in their ability to cope and recover from disruptive incidents. CSO, November 21, 2013

Cyber Security Management - Cyber Defense

Microsoft Releases Security Advisory for Microsoft Windows Kernel: Microsoft has released Security Advisory 2914486 to address a vulnerability in a kernel component of Windows XP and Windows Server 2003. This vulnerability could allow an attacker to obtain elevation of privilege and then execute arbitrary code. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability in the wild. US CERT, November 28, 2013

REPLACING SECURITY BEST PRACTICES WITH THINGS THAT WORK: NEW YORK-The term "best practices" is high on the list of overused and nearly meaningless phrases that get thrown around in the security field. It forms the basis for regulations such as HIPAA and PCI DSS and yet if you asked a random sample of 10 security people what the phrase meant, you'd likely get 10 different answers. But what if there aren't actually any best practices? ThreatPost, November 21, 2013

National Cyber Security

NSA infected 50,000 computer networks with malicious software: The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this., November 23, 2013

N.S.A. Report Outlined Goals for More Power: WASHINGTON - Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document. The New York Times, November 22, 2013

Cyber Underworld

An Anti-Fraud Service for Fraudsters: Many online businesses rely on automated fraud detection tools to weed out suspicious and unauthorized purchases. Oddly enough, the sorts of dodgy online businesses advertised by spam do the same thing, only they tend to use underground alternatives that are far cheaper and tuned to block not only fraudulent purchases, but also "test buys" from security researchers, law enforcement and other meddlers. KrebsOnSecurity, November 26, 2013

No Bail for Alleged Silk Road Mastermind: A federal judge has denied bail for Ross Ulbricht, the 29-year-old man arrested last month on suspicion of running the Silk Road, an online black market that offered everything from drugs and guns to computer hackers and hitmen for hire. KrebsOnSecurity, November 21, 2013

Cyber Misc

A Mercenary Approach to Botnets: For a period of two years, if often felt that not a week went by without some security company or product vendor announcing the takedown of a multi-million node botnet. I don't know if it was the waning enthusiasm of the media to cover "yet another botnet takedown", the public's exhaustion over a threat they could do little prevent, or the fact that the majority of botnet "takedowns" were merely temporary setbacks for their criminal overlords, but as we reach the end of 2013 the frequency of such boastings have declined noticeably. DarkReading, November 28, 2013

HACKERS RIG TIME'S PERSON OF THE YEAR ONLINE POLL TO CORONATE MILEY CYRUS: Will Miley Cyrus be Time magazine's Person of the Year? If a team of savvy hackers get their way, she'll twerk and tongue her way to the top of a reader poll. Digital Trends, November 28, 2013

Cloud Traffic Poised to Quadruple by 2017, Challenge CIOs: A recent report from Cisco Systems suggests that global cloud traffic will reach 5.3 zettabytes in 2017. That's more than four times the traffic seen in 2012. Analysts and vendors say this will have far-reaching implications for enterprise IT. CIO, November 27, 2013

Cyber History

The Passing of A Pioneer: Willis H. Ware, a highly respected and admired pioneer in the fields of computing security and privacy, passed away on November 22nd, 2013, aged 93. CERIAS, November 26, 2013

Cyber Sunshine

Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered: The organization that oversees the Internet domain name registration industry last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime. KrebsOnSecurity, November 25, 2013's Security Recruiter Blog