Monday, December 16, 2013

Cyber Security News and Education for the Week of December 16, 2013

Cyber Security News of the Week  
From our friends at Citadel Information Group

Cyber Crime

Hackers broke into poker pro's hotel room to install 'sharking' malware: This September, on the Barcelona leg of the European Poker Tour, Jens Kyllönen had a strange run-in with the criminal underworld. He'd busted out of that day's tournament early, but when he returned to his hotel room, his laptop was missing. He went downstairs to find his roommate, but when they came back to the room together, the laptop had mysteriously reappeared. And to make things even more suspicious, Kyllönen's computerized room key was malfunctioning, triggered by some problem with the electronic door lock. The Verge, December 10, 2013

Cyber Privacy

Xbox Live among game services targeted by US and UK spy agencies: To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs. The Guardian, December 9, 2013

Tech giants' demand for NSA reform 'a major game-changer', advocates say: Senior figures behind efforts to curtail the powers of American spy agencies have seized on the decision by the world's largest tech companies to call for radical surveillance reform, saying the unexpected intervention is a potential "game-changer". The Guardian, December 9, 2013

World's leading authors: state surveillance of personal data is theft: More than 500 of the world's leading authors, including five Nobel prize winners, have condemned the scale of state surveillance revealed by the whistleblower Edward Snowden and warned that spy agencies are undermining democracy and must be curbed by a new international charter. The Guardian, December 9, 2013

ZeroPoint is the malware cure that could be worse than the disease: The internet is, on balance, a very hostile place. More than 70 percent of all email traffic is spam, and a fair portion of that is malware and phishing attempts. One 2012 census counted 1.5 billion browser-based malware attacks. A recent Team Cymru map Open video inline player of globally compromised computers showed nearly all of Italy lit up, with southeastern Europe glowing from the sheer quantity. None of this is particularly dangerous if you take modest measures to protect your computer, but it's a strange state of nature - and an expensive one. Most appraisals put the global cost of malware in the tens of billions. Antivirus solutions mostly protect individual nodes or networks, shifting the attacks around but doing little to combat the core of the issue. Larger companies can keep blacklists and spread best practices, but they're limited solutions. Every time a botnet gets shut down, a new one springs up to fill the gap, slightly smarter than the one before. The Verge, December 9, 2013

Spies Infiltrate a Fantasy Realm of Online Games: Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.The New York Times, December 9, 2013

Editor Describes Pressure After Leaks by Snowden: The top editor of the British newspaper The Guardian told Parliament on Tuesday that since it obtained documents on government surveillance from a former National Security Agency contractor, Edward J. Snowden, it has met with government agencies in Britain and the United States more than 100 times and has been subjected to measures "designed to intimidate." The New York Times, December 3, 2013

Identity Theft

Identity Theft Now Costs Far More Than All Other Property Crimes COMBINED: The Bureau of Justice Statistics (BJS) has a sobering new report finding identity theft cost Americans $10 billion more last year than all other property crimes measured by the National Crime Victimization Survey. SFGate, December 12, 2013

Cyber Warning

Data-stealing malware pretends to be Microsoft IIS server module: Trustwave's SpiderLabs researchers have found a piece of malware that collects data entered into Web-based forms, pretending to be a module for Microsoft's Internet Information Services (IIS) web-hosting software. PC World, December 10, 2013

ZeroAccess Botnet Down, But Not Out: Authorities in Europe joined Microsoft Corp. this week in disrupting "ZeroAccess," a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity, December 5, 2013

Researchers uncover Point-of-Sale botnet: Researchers from Arbor Networks have spotted an active Point of Sale (PoS) compromise campaign using the Dexter malware or variants of it, aimed at stealing credit and debit card data. Help Net Security, May 12, 2013

Cyber Security Management

Information security: protecting the 'crown jewels': Cyber security must change from being a technical issue to a business strategy, reveals a new report from the Institute of Chartered Accountants England and Wales The Guardian, December 9, 2013

4 ways metrics can improve security awareness programs: Looking for ways to prove the value of security awareness efforts in your organization? Ira Winkler and Samantha Manke break down four ways to use metrics as a way to measure your program's effectiveness. CSO, October 23, 2013

Cyber Security Management - Cyber Update

Zero-Day Fixes From Adobe, Microsoft: Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing at least two dozen flaws in Windows and other software. KrebsOnSecurity, December 10, 2013

Securing the Village

ISSA-LA Donates to ISSA Education Foundation to Support Its Information Security Scholarship Program: Dr. Stan Stahl, president of the Los Angeles chapter of the Information Systems Security Association (ISSA-LA), presented a check for $2,202 to the ISSA Education Foundation (ISSAEF) Scholarship Fund. Foundation Board Chair Sandra Lambert and Board President Steve Haydostian accepted the donation on behalf of the Foundation. PRLOG, December 11, 2013

Dr Stahl on LA Talk Radio: Tuesday's Legal Help Desk, hosted by ISSA-LA Community Outreach Advisory Board Member Salar Atrizadeh, was about cybersecurity. Salar's guest was ISSA-LA President Dr. Stan Stahl, Ph.D. who specializes in cybersecurity and related issues. LA Talk Radio, December 10, 2013

Presidential Council Calls For Feds And ISPs To Step Up In Cybersecurity: An advisory council to President Obama blasted the federal government for failing to lead in cybersecurity best practices and recommended, among other things, a more active role in security by Internet service providers. DarkReading, November 26, 2013

National Cyber Security

China Is Tied to Spying on European Diplomats: SAN FRANCISCO - Computer breaches at the foreign ministries of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary have been traced to Chinese hackers. The New York Times, December 10, 2013

IG Report Shows DHS Still Needs to Improve on Information Security: Although there are still a number of issues that need to be addressed with the Department of Homeland Security's information security efforts, the department is improving in many areas and making strong progress toward implementing better security controls, a new report from the Inspector General found. ThreatPost, December 4, 2013

Cyber Underworld

Who Is Paunch?: Last week, the world got the first glimpses of a man Russian authorities have accused of being "Paunch," a computer crime kingpin whose "Blackhole" crimeware package has fueled an explosion of cybercrime over the past several years. So far, few details about the 27-year-old defendant have been released, save for some pictures of a portly lad and a list of his alleged transgressions. Today's post follows a few clues from recent media coverage that all point to one very likely identity for this young man. KrebsOnSecurity, December 9, 2013

Cyber Misc

How the Bitcoin protocol actually works: Many thousands of articles have been written purporting to explain Bitcoin, the online, peer-to-peer currency. Most of those articles give a hand-wavy account of the underlying cryptographic protocol, omitting many details. Even those articles which delve deeper often gloss over crucial points. My aim in this post is to explain the major ideas behind the Bitcoin protocol in a clear, easily comprehensible way. We'll start from first principles, build up to a broad theoretical understanding of how the protocol works, and then dig down into the nitty-gritty, examining the raw data in a Bitcoin transaction. DDI, December 6, 2013

Cyber Sunshine

Guilty Verdict in First Ever Cybercrime RICO Trial: A young Arizona identity thief is the first person in the U.S. to be found guilty of federal racketeering charges for facilitating his crimes over a website. Wired, December 9, 2013

Group charged in PayPal cyber attack pleads guilty: SAN FRANCISCO (Reuters) - A group of 13 defendants who had been charged in a cyber attack on PayPal's website pleaded guilty and admitted to the December 2010 attack over PayPal's suspension of WikiLeaks accounts. Yahoo News, December 6, 2013

Cyber Calander

ISSA-LA December Lunch Meeting: Please join us for our annual Holiday Party! Let's gather to celebrate another successful year for ISSA-LA at our final meeting of 2013. Network. Lunch. Raffles & more. ISSA-LA, Event Date: December 18, 2013

Final OWASP Meeting of 2013, Networking Celebration: Network with your OWASP peers as we celebrate the holidays and the end of a great year for our Los Angeles Chapter. Free food and drinks. ISSA-LA, Event Date: December 18, 2013's Security Recruiter Blog