Tuesday, December 31, 2013

Cyber Security News and Education for the Week of December 29, 2013

Cyber Security News
From our friends at Citadel Information Group

Cyber Attack

NEW MALWARE ATTACKS TARGET SYRIAN ACTIVISTS: A new set of malware campaigns targeted at Syrian activists, journalists and NGOs has emerged, and security researchers say that the attackers are employing a variety of tactics, including a new OS X Trojan that could be part of a “false flag” operation. ThreatPost, December 24, 2013

Cyber Privacy

Judge Upholds N.S.A.’s Bulk Collection of Data on Calls: WASHINGTON — A federal judge on Friday ruled that a National Security Agency program that collects enormous troves of phone records is legal, making the latest contribution to an extraordinary debate among courts and a presidential review group about how to balance security and privacy in the era of big data. The New York Times, December 27, 2013
TV Message by Snowden Says Privacy Still Matters: LONDON — In a message broadcast Wednesday on British television, Edward J. Snowden, the former American security contractor, urged an end to mass surveillance, arguing that the electronic monitoring he has exposed surpasses anything imagined by George Orwell in “1984,” a dystopian vision of an all-knowing state. The New York Times, December 25, 2013
Security Researcher Cancels Talk At RSA Conference in Protest: IDG News Service (Bangalore Bureau) — Security researcher Mikko Hypponen has canceled his talk at a RSA security conference in San Francisco, reacting to a report that the security division of EMC allegedly received US$10 million from the U.S. National Security Agency to use a flawed random number generator in one of its products. CIO, December 24, 2013
RSA Denies Trading Security For NSA Payout: EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access. InformationWeek, December 23, 2013

Identity Theft

Target: Encrypted PINs stolen but not encryption key: Encrypted PINs were taken in the recent hack but Target says the data should be “safe and secure” since the actual encryption key was not obtained. CNet, December 27, 2013
Target says PINs stolen, but confident data secure: BOSTON/NEW YORK (Reuters) – Target Corp said PIN data of some customers’ bank ATM cards were stolen in a massive cyber attack at the third-largest U.S. retailer, but it was confident that the information was “safe and secure.” Chicago Tribune, December 27, 2013
Target challenges report that hackers stole PINs in data breach: Target maintains that shoppers’ personal identification numbers (PINs) are safe following a data breach that affected more than 40 million customer credit and debit cards in November and December. VentureBeat, December 26, 2013
Non-US Cards Used At Target Fetch Premium: An underground service that is selling credit and debit card accounts stolen in a recent data breach at retail giant Target has stocked its virtual shelves with a new product: Hundreds of thousands of cards issued by non-U.S. banks that were used at Target across the United States during the retailer’s 19-day data breach. It’s not clear how quickly the non-U.S. cards are selling, but they seem to be fetching a much higher price than those issued by U.S. banks. KrebsOnSecurity, December 22, 2013

Cyber Threat

Computers Can Be Hacked Using High-Frequency Sound: (ISNS)—Using the microphones and speakers that come standard in many of today’s laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows. Scientific American, December 18, 2013

Cyber Warning

Snapchat users’ phone numbers may be exposed to hackers: Australian hackers say detailed coding shows how a vulnerability can be exploited to reveal phone numbers of users. The Guardian, December 27, 2013
Huge security vulnerability reportedly uncovered in Samsung phones: As giant and dominant as Samsung has become in the global mobile industry, the company still hasn’t quite cracked the enterprise market to the extent that it hoped to in 2013. Samsung made enterprise a key focus over this past year and launched the Knox security platform intended to add a new layer of secure services for businesses on top of Android, but it’s unclear how much traction the company has had. Now, a new hurdle has seemingly emerged as cybersecurity researchers at Israel’s Ben-Gurion University of the Negev claim to have uncovered a huge security vulnerability in the Galaxy S4 and other devices that run Samsung’s Knox security software. BGR, December 24, 2013

Cyber Security Management

Security hackers got you scared? Focus on fundamentals, not hype: You see them all over the news – reports of high-profile data breaches and computer attacks. This is a result of increased dependence on computers and increasing sophistication of the threats. Organizations and individuals who rely on computers, whether they sit in the boardroom or the family room, are wondering how they can protect against attacks, both old and new. TheNextWeb, December 27, 2013
Target Breach Should Spur POS Security, PCI 3.0 Awareness: Advanced skimming attack against Target’s whole network of point-of-sale devices will likely keep momentum moving forward for improving payment application security. DarkReading, December 24, 2013
Apple signals end to OS X Snow Leopard support: Computerworld – Apple has apparently decided to kill support for OS X Snow Leopard, the 2009 operating system that has resisted retirement for more than a year. ComputerWorld, December 17, 2013

Cyber Underworld

9 Notorious Hackers Of 2013: This year’s hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups. InformaitonWeek, December 27, 2013
Who’s Selling Credit Cards from Target?: The previous two posts on this blog have featured stories about banks buying back credit and debit card accounts stolen in the Target hack and that ended up for sale on rescatorla, a popular underground store. Today’s post looks a bit closer at open-source information on a possible real-life identity for the proprietor of that online fraud shop. KrebsOnSecurity, December 24, 2013

Cyber Misc

State Fining Deloitte $15,000 Per Day Over Glitchy Computer System: IDG News Service (Boston Bureau) — The state of Florida has begun fining Deloitte US$15,000 per business day until the systems integrator finishes fixing a number of alleged bugs in an unemployment compensation software system it built. CIO, December 24, 2013

Cyber Sunshine

China jails World of Warcraft cybercrime group: A real prison term for selling gold and guns in the online game World of Warcraft? Easy answer: ten men have been sentenced to up to two years behind bars in China for taking over 11,500 World of Warcraft accounts. RT, December 26, 2013
Dallas cyber-crime leader gets less than six years in prison: ALEXANDRIA, Va. — Tobechi Onwuhara, the leader of a Dallas-based cyber-crime ring that stole tens of millions from credit unions, was sentenced to five years and 10 months in prison here Friday. DallasNews, December 20, 2013

SecurityRecruiter.com's Security Recruiter Blog