Monday, April 27, 2015

Cyber Security News and Education for the Week of April 27, 2015





Securing the Village

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Attack

Hyatt resets Gold Passport passwords after security incident: On Tuesday, Hyatt alerted some 200 customers that their Gold Passport account had been flagged for suspicious activity, while the other 18 million members have had their account passwords reset out of an abundance of caution. CSO, April 22, 2015
Zero-Day Malvertising Attack Went Undetected For Two Months: Researchers at Malwarebytes tracked stealthy attack campaign that infected some major websites with malicious ads harboring ransomware. DarkReading, April 21, 2015

Cyber Privacy

Google’s Encryption Efforts Are Paying Off In Wake Of Snowden Leaks: Google’s Executive Chairman Eric Schmidt said the company has evidence that its efforts to improve encryption in the wake of Edward Snowden leaks have worked. His remarks at BoxDev, Box’s yearly developer conference, come as law enforcement officials are criticizing encryption efforts for slowing down investigations. TechCrunch, April 22, 2015

Financial Cyber Security

Bank Botnets Continue to Thrive One Year After Gameover Zeus Takedown: RSA CONFERENCE — San Francisco — Despite the takedowns of the Gameover Zeus and Shylock botnets last year, banking botnet activity continues to persist unabated. DarkReading, April 22, 2015

Cyber Warning

SSL certificate flaw allows hackers to crash devices running iOS 8: A flaw in iOS 8 would allow attackers to render devices running the mobile OS useless if they’re within range of a fake wireless hotspot, according to researchers from security firm Skycure. CIO, April 22, 2015
Samsung Galaxy S5 Flaw Allows Hackers To Clone Fingerprints, Claim Researchers: Biometric information is about as personal as data gets. But Google’s Android partners are still failing to protect it, as researchers from security firm FireEye will discuss this week at RSA, pointing to failures in the Samsung Galaxy S5 and other unnamed Android devices. Though the affected phone makers have tried to segment and encrypt the information in a separate secure zone, it’s possible to grab the biometric data before it reaches that protected area and create copies of people’s fingerprints for further attacks, said Tao Wei and Yulong Zhang from FireEye. Forbes, April 21, 2015

Cyber Security Management

Having ‘the ear of the CEO’ is key to battling cyberthreats: Former FBI director stresses the importance of an enterprise-wide approach to cybersecurity, while Congress considers legislation to promote sharing threat information. CSO, April 23, 2015
How CISOs can communicate risk to businesses: CISOs have been hearing for some time now that they need to learn how to “speak the language of business” better. It is one way to gain respect and avoid being viewed mainly as a scapegoat. CSO, April 22, 2015
RSA chief to security pros: Stop addressing the wrong problems: IT pros need to stop using old frameworks for addressing security and deal with today’s reality because the old view of security is no longer useful, attendees at the RSA Conference 2015 in Las Vegas were told on Tuesday. CSO, April 22, 2015

Cyber Security Management – Cyber Defense

6 Most Dangerous New Attack Techniques in 2015: SANS experts lay out the up-and-coming trends in attack patterns at RSA Conference. DarkReading, April 23, 2015
The Rise of Counterintelligence in Malware Investigations: The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious. DarkReading, April 22, 2015
10 critical security habits you should be doing (but aren’t): Staying safe these digital days takes more than antivirus. Here are 10 fundamental things you do to protect your PC and other devices. CSO, June 30, 2014

Cyber Awareness

Why Millennials Are an Information-Security Threat: Millennials like being social, and they like using technology. What some don’t recognize is how the combination of these behaviors may cause issues for organizations. The Wall Street Journal, April 20, 2015

Securing the Village

The international effort to confront international cybercrime: Cybercriminals obviously do not respect international borders. So it should be equally obvious that the effort to defeat or even slow them down is going to take an international effort, involving both the public and private sector. CSO, April 23, 2015

National Cyber Security

Malware used in White House and State Department hacks possibly linked to Russia: The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin. CIO, April 22, 2015

Critical Infrastructure

Smart City Technology May Be Vulnerable to Hackers: So-called smart cities, with wireless sensors controlling everything from traffic lights to water management, may be vulnerable to cyberattacks, according to a computer security expert. The New York Times, April 21, 2015

Cyber Underworld

Bank of the Underworld: In the fall of 2011, the U.S. Secret Service orchestrated a sting operation. The target was a Vietnamese man named Hieu Minh Ngo. Investigators believed he was a big-time identity thief who sold packages of data known as “fullz,” each of which typically included a person’s name, date of birth, mother’s maiden name, Social Security number, and e-mail address and password. Criminals could buy fullz from Ngo for as little as eight cents and then use them to open credit cards, take out loans, or file for bogus tax refunds. They could also pay Ngo for access to a vast database of people’s personal records. The Atlantic, May 2015 Issue
Taking Down Fraud Sites is Whac-a-Mole: I’ve been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there’s one question that nearly always comes from the audience: “Why are these fraud Web sites allowed to operate, and not simply taken down?” This post is intended to serve as the go-to spot for answering that question. KrebsOnSecurity, April 20, 2015

Cyber Law

House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches: WASHINGTON — Responding to a series of computer security breaches in government and the private sector, the House passed an expansive measure Wednesday that would push companies to share access to their computer networks and records with federal investigators. The New York Times, April 22, 2015
House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches: WASHINGTON — Responding to a series of computer security breaches in government and the private sector, the House passed an expansive measure Wednesday that would push companies to share access to their computer networks and records with federal investigators. The New York Times, April 22, 2015

Cyber Insurance

Warning: Cyberinsurance Policies Have Their Own Vulnerabilities: Cyberinsurance policies are in hot demand thanks to the increasing sophistication of hackers, the mounting toll on executives and directors and regulators’ dwindling patience. AmericanBanker, April 17, 2015

Cyber Misc

Keeping Your Car Safe From Electronic Thieves: Last week, I started keeping my car keys in the freezer, and I may be at the forefront of a new digital safety trend. The New York Times, April 16, 2015's Security Recruiter Blog