Sunday, April 19, 2015

Cyber Security News, Education for the Week of April 20, 2015





Securing the Village

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Crime

White Lodging Confirms Second Breach: In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations. KrebsOnSecurity, April 13, 2015
Decade-Long Cyberspy Attack Hacked Southeast Asian Targets: A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, marking one of the longest-running and most efficient campaigns unveiled, according to security company FireEye Inc. Bloomberg, April 12, 2015

Cyber Attack

Israeli military networks breached by hackers: researchers: (Reuters) – Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc. Reuters, April 17, 2015

Cyber Privacy

Privacy Is a Business Opportunity: Technology innovation and the power of data analytics present tremendous value, but also new challenges. While a digital economy requires businesses to rethink priorities and practices, this doesn’t have to be a burden. Instead, privacy protection should be a practice as fundamental to the business as customer service. Privacy is an essential element of being a good business partner. It may take time for this idea to sink in at the highest executive levels of some companies, but the conversation is advancing rapidly after a number of recent high-profile data breaches. Harvard Business Review, April 18, 2015
As encryption spreads, U.S. grapples with clash between privacy, security:
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers? The Washington Post, April 10, 2015

Financial Cyber Security

POS Providers Feel Brunt of PoSeidon Malware: “PoSeidon,” a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud. KrebsOnSecurity, April 15, 2015
Beware ‘invoice’ email scam to steal bank details: Criminals are sending emails with attachments containing malware, used to access information stored on your computer. The Telegraph, April 12, 2015

Identity Theft

Identity Theft Poses Extra Troubles for Children: The note that arrived in the mail, dated March 25 and addressed to my grade-school-age daughter, said what we had expected and feared: Like tens of millions of other Americans, including untold numbers of children, she may have fallen victim to thieves who gained access to Social Security numbers and other personal data from the health insurance giant Anthem. The New York Times, April 17, 2015

Cyber Warning

18-Year-Old Security Flaw Allows Hackers To Steal Credentials From All Versions Of Windows: In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB). Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered a much larger vulnerability that affects at least 31 applications including Adobe Reader, iTunes, Box , and Symantec SYMC -0.25% Norton Security Scan on all versions of Windows. Forbes, April 13, 2015

Cyber Security Management

5 costly consequences of SMB cybercrime: Cybercrime doesn’t affect only big businesses — hackers are increasingly targeting vulnerable, smaller organizations, too. Learn more about how SMBs are targeted and the true costs of these crimes. CIO, April 13, 2015

Cyber Security Management – Cyber Defense

Lax Update Policies Give Hackers an Edge: Computer hackers don’t have to be cutting edge to wreak havoc online. Rather, they rely on their targets to make it easier for them by not updating buggy software, according to a report by Verizon Communications Inc. expected to be released on Tuesday. The Wall Street Journal, April 14, 2015

Cyber Security Management – Cyber Update

Critical Updates for Windows, Flash, Java: Get your patch chops on people, because chances are you’re running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication. KrebsOnSecurity, April 14, 2015

National Cyber Security

Why the Sony hack is important: Fifteen years ago, when Steve Kroft did his first story on cyberwar, the story focused on “what ifs.” What if a foreign government attacked U.S. computer systems with a cyberweapon? CBS 60 Minutes Overtime, April 12, 2015
The Attack on Sony: North Korea’s cyberattack on Sony Pictures exposed a new reality: you don’t have to be a superpower to inflict damage on U.S. corporations. Steve Kroft reports. CBS 60 Minutes, April 12, 2015

Cyber Underworld

New Dark-Web Market Is Selling Zero-Day Exploits to Hackers: HACKERS HAVE FOR years bought and sold their secrets in a de facto gray market for zero-day exploits—intrusion techniques for which no software patch exists. Now a new marketplace hopes to formalize that digital arms trade in a setting where it could flourish: under the cover of the Dark Web’s anonymity protections. Wired, April 17, 2015

Cyber Career

Cybersecurity talent: Worse than a skills shortage, it’s a critical gap: The U.S. House of Representatives next week is expected to consider important measures aimed at bulking up American cyber defenses in the wake of numerous and relentless attacks. Leaders from government and the private sector continue to reinforce that cybersecurity is everyone’s business. The problem, however, is that we don’t have the workforce needed to address the challenges before us. The Hill, April 17, 2015's Security Recruiter Blog