Monday, February 09, 2015

Cyber Security News, Education and Vulnerability Patch Report for the Week of February 9, 2015





Cyber Crime

Anthem Hackers Tried To Breach System As Early As December: SAN FRANCISCO (AP) — The hackers who stole millions of health insurance records from Anthem Inc. commandeered the credentials of five different employees while seeking to penetrate the company’s computer network — and they may have been inside the system since December. Huffington Post, February 8, 2015
Anthem hack exposes data on 80 million; experts warn of identity theft: Health insurance giant Anthem Inc. said hackers had breached its computer system and that the personal information of tens of millions of customers and employees was possibly at risk. LA Times, February 5, 2015
Data Breach at Health Insurer Anthem Could Impact Millions: Anthem Inc., the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. Given the company’s size, this breach could end up impacting tens of millions of Americans. KrebsOnSecurity, February 4, 2015
Banks: Card Thieves Hit White Lodging Again: For the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation. White Lodging says it is investigating, but that so far it has found no signs of a new breach. KrebsOnSecurity, February 3, 2015
Target Hackers Hit Third Parking Service:, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. is the third online parking service since December 2014 to fall victim to this cybercriminal group. KrebsOnSecurity, February 2, 2015

Financial Cyber Security

Hackers and Cybercrime: Financial Firms Increasingly Targeted For Fraud: The email Keith McMurtry received in early June read, “This is a strictly confidential operation,” and it was signed by his boss, Chuck Elsea, CEO of the Scoular Co., a commodities-trading firm based in Omaha, Nebraska. So, McMurtry took the mysterious missive seriously, even though the address was unfamiliar. International Business Times, February 6, 2015

Identity Theft

Citing Tax Fraud Spike, TurboTax Suspends State E-Filings: TurboTax owner Intuit Inc. said Thursday that it is temporarily suspending the transmission of state e-filed tax returns in response to a surge in complaints from consumers who logged into their TurboTax accounts only to find crooks had already claimed a refund in their name. KrebsOnSecurity, February 6, 2015
Anthem Hacking Points to Security Vulnerability of Health Care Industry: The cyberattack on Anthem, one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information. The New York Times, February 6, 2015
Protect Yourself After Anthem Data Breach: Citadel VP David Lam talks to NBC Southern California – A massive data breach for California’s largest health insurance provider — Anthem. Mekahlo Medina reports for NBC4. NBC LA, February 5, 2015
Why hackers are targeting the medical sector: A hack at Anthem, the second-largest health insurer in the country, exposed personal information about millions of employees and customers. But the attack is just the latest evidence that cybercriminals are increasingly targeting the medical sector where they can collect health information that can be sold for a premium on the black market. Washington Post, February 5, 2015

Cyber Warning

Yet Another Flash Patch Fixes Zero-Day Flaw: For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks. KrebsOnSecurity, February 5, 2015
Hacked Hotel Phones Fueled Bank Phishing Scams: A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity. KrebsOnSecurity, February 4, 2015
Serious bug in fully patched Internet Explorer puts user credentials at risk: A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1. ars technica, February 3, 2015
Hackers Abuse Another Adobe Zero-Day To Attack Thousands Of Web Users: Adobe is scurrying to patch the third Flash zero-day of the year, with criminal hackers already using a previously unknown and unpatched vulnerability to launch attacks against thousands of web denizens, security researchers warned today. Those attacks hit visitors to popular video sharing site Dailymotion, with other sites thought to be affected as the infections were launched via advertisements that will likely be resident on many other web pages. Forbes, February 2, 2015

Cyber Security Management

Amy Pascal To Step Down As Sony Co-Chair Following ‘The Interview’ Cyberattack: Amy Pascal announced Thursday she will step down as co-chairman of Sony Pictures Entertainment following the November cyberattack on the studio in which hackers leaked thousands of email messages, including a number of embarrassing ones that Pascal had sent. Forbes, February 5, 2015
Investment firms become cybercrime focus, highlights insurance need: Over half of US brokerage and investment firms have been targeted by scams designed to trick them into releasing client funds, regulators say. ZDNet, February 4, 2015
Brokerage Firms Worry About Breaches by Hackers, Not Terrorists: The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge. The New York Times, February 3, 2015
Obama’s Budget Can’t Fix Corporate Cybersecurity: President Barack Obama’s fiscal 2016 budget proposal calls for $14 billion in spending on federal efforts to bolster cybersecurity and encourages legislation to ease data sharing between the government and the private sector in order to quickly detect and respond to online attacks. US News and World Report, February 3, 2015

Cyber Security Management – Cyber Defense

As Flash 0day exploits reach new level of meanness, what are users to do?: Less than five weeks into the new year, 2015 is already shaping up as one of the most perilous years for users of Adobe Flash, with active exploits against three separate zero-day vulnerabilities, one of which still wasn’t fully patched as this post went live. ars technica, February 4, 2015

Securing the Village – ISSA-LA

Cybersecurity Expert David Kennedy of TrustedSec to Speak at ISSA-LA Seventh Annual Information Security Summit on Cybercrime Solutions – June 4: David Kennedy, founder and CEO of TrustedSec, LLC, will be the opening keynote speaker at the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) Seventh Annual Information Security Summit on Thursday, June 4, 2015 at the Los Angeles Convention Center. The theme of the one-day Summit, The Growing Cyber Threat: Protect Your Business, highlights the impact cybercrime has on all organizations: business, nonprofits, government agencies, schools, healthcare and others. The Summit advances ISSA-LA’s core belief that ‘It takes the village to secure the village’SM. Security Orb, Febraury 6, 2015

National Cyber Security

Defense nominee: US ‘not where it should be’ on cybersecurity: The Defense Department’s network security “is not where it should be,” said Ashton Carter, the nominee for Defense secretary, during his Wednesday nomination hearing. The Hill, February 4, 2015
WESTERN SPY AGENCIES SECRETLY RELY ON HACKERS FOR INTEL AND EXPERTISE: The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. The Intercept, February 4, 2014

Cyber Misc

Hackers Use Old Lure on Web to Help Syrian Government: WASHINGTON — To the young Syrian rebel fighter, the Skype message in early December 2013 appeared to come from a woman in Lebanon, named Iman Almasri, interested in his cause. Her picture, in a small icon alongside her name, showed a fair-skinned 20-something in a black head covering, wearing sunglasses. The New York Times, February 1, 2015

Cyber Sunshine

Silk Road: S.F. man convicted of running underground drug website: NEW YORK — A San Francisco man was swiftly convicted Wednesday of creating and operating an underground website that prosecutors said enabled drug dealers around the world to reach customers they would never find on the street. San Jose Mercury News, February 4, 2015
For alleged Russian hacker, a visit to Amsterdam is a costly trip: At noon on June 28, 2012, Vladimir Drinkman, targeted as one of America’s most wanted cybercriminals, and his wife hustled into a cab pulling away from their Amsterdam hotel. They had just been tipped off that the police were on to them, but an unmarked police car blocked their getaway. The Russian was handcuffed and arrested on charges of helping to mastermind what has been called the largest criminal hacking scheme ever prosecuted in the United States. The Washington Post, January 30, 2015 


Weekend Vulnerability and Patch Report

Important Security Updates

Adobe Flash Player: Adobe has released version to fix at least 15 vulnerabilities, some of which are extremely critical, reported in previous versions. Updates are available from Adobe’s website.
Evernote: Evernote has released version Updates are available on Evernote’s website.

Google Chrome: Google has released Google Chrome version 40.0.2214.111 to fix at least 4 highly critical vulnerabilities. Updates are available from within the browser or from Google Chrome’s website.
Google Chrome for Android: Google has released version 40.0.2214.109 of Google Chrome for Android to fix at least 4 highly critical vulnerabilities reported in previous versions. Updates are available through the device.
Opera: Opera has released version 27.0.1689.66. Updates are available from within the browser or from Opera’s website.
VLC Media Player: VLC has released version 2.1.5 (32-bit) of its Media Player. Download from the VLC website.

Current Software Versions

Adobe Flash [Windows 7: IE]
Adobe Flash [Windows 7: Firefox, Mozilla]
Adobe Flash [Windows 8: IE]
Adobe Flash [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.10
Dropbox 3.0.5 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 35.0.1
Google Chrome 40.0.2214.111
Internet Explorer 11.0.9600.17501
Java SE 8 Update 31 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Safari 5.1.7 
Safari 7.1.3 [Mac OS X]

Newly Announced Unpatched Vulnerabilities

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates for its WebEx Meetings Server, UCS C-Series Rack Servers, Unified IP Phones 9900 Series, and others. Apply updates.
McAfee Multiple Products: Secunia reports McAfee has released updates for its Data Loss Prevention, Security Information and Event Management, SiteAdvisor, and others. Apply updates.
Microsoft Windows Flash Player: Secunia reports Microsoft has released updates for its Windows Flash Player to fix at least 15 vulnerabilities, some of which are highly critical, reported in previous versions for Windows 8, Windows RT Windows 8.1, Windows RT 8.1, and Windows Server 2012. Apply the updates.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.'s Security Recruiter Blog