Sunday, May 03, 2015

Cyber Security News and Education for the Week of May 3, 2015





Securing the Village

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Crime

Harbortouch is Latest POS Vendor Breach: Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch disclosed that a breach involving “a small number” of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity has recently heard from a major U.S. card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide. KrebsOnSecurity, May 1, 2015
Ryanair confirms hackers stole almost $5m via Chinese bank: Ryanair has been targeted by fraudsters who took out almost $5m (£3.25m) from its accounts through a Chinese bank. The Guardian, April 29, 2015

Cyber Attack

Facebook’s login system is being hijacked by China’s Great Firewall: For the last three days, China’s Great Firewall has been intercepting the Javascript module from Facebook Login, which allows third-party sites to authorize users through Facebook infrastructure. First reported on Sunday, the attack causes sites using Facebook Login to redirect to a third-party page for many web users in China. “This behavior is occurring locally and beyond the reach of our servers,” a Facebook spokesperson told The Verge. “We are investigating the situation.” TheVerge, April 28, 2015

Identity Theft

A Day in the Life of a Stolen Healthcare Record: When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach. KrebsOnSecurity, April 28, 2015

Cyber Warning

Spam-blasting malware infects thousands of Linux and FreeBSD servers: Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam, researchers said Wednesday. The malware likely infected many more machines during the five years it’s known to have existed. ars technica, April 30, 2015
CareerBuilder Attack Sends Malware-Rigged Resumes To Businesses: Attack displays ‘simple elegance and brilliance,’ security researcher say. DarkReading, April 30, 2015
Macroviruses are BACK and are the future of malware, says Microsoft: Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. TheRegister, April 30, 2015

Cyber Security Management

Federal Cybersecurity Carrots and Sticks: Critical infrastructure cybersecurity professionals want to see more government incentives and harsher penalties. NetworkWorld, May 1, 2015
Breaking The Security Fail Cycle: How security teams are evolving in the face of today’s threats. DarkReading, April 30, 2015
Information Security: Identifying Your Weakest Links: Modern security execs use existing tools to identify areas of risk and find new ones to track, evaluate, and share their progress. InformationWeek, April 30, 2015
New DOJ guidance offers tips for cyber incident response: During one of her first public appearances since being sworn in, Attorney General Loretta Lynch said she will focus on investigating and prosecuting cyber crimes and stressed the need for law enforcement to work with the private sector to achieve true cybersecurity. FederalTimes, April 29, 2015
What’s Your Security Maturity Level?: Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ‘15 pieces of flair‘). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase. KrebsOnSecurity, April 27, 2015

Cyber Security Management – Cyber Defense

Use data to fight industrialised cyber crime, says RSA fraud head: Fighting cyber criminals is all about collecting and using data, according to RSA head of anti-fraud services Daniel Cohen. ComputerWeekly, May 1, 2015

Cyber Security Management – Cyber Update

WordPress quickly patches second critical vulnerability: WordPress patched a second critical vulnerability in its Web publishing platform on Monday, less than a week after fixing a similar problem. PCWorld, April 27, 2015

Cyber Security Management – Cyber Awareness

Social Engineering Defenses: Reducing The Human Element: Most security awareness advice is terrible, just plain bad, and not remotely feasible for your average user. Dark Reading, April 30, 2015

National Cyber Security

Russian Hackers Read Obama’s Unclassified Emails, Officials Say: WASHINGTON — Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation. The New York Times, April 25, 2015

Cyber Misc

The Unfortunate Growth Sector: Cybersecurity: In 2012, a computer virus known as Shamoon wiped the hard drives on tens of thousands of computers belonging to Saudi Aramaco, Saudi Arabia’s oil & gas behemoth, and left a burning American flag on screens of the infected devices. It’s widely believed that attack was carried out by Iran as retaliation for the 2010 destruction of Iranian nuclear centrifuges by a computer program known as Stuxnet. Deployed by American and Israeli software experts, the Stuxnet worm was secretly authorized by President Obama to slow Iran’s nuclear progress. Forbes, April 27, 2015

Cyber Sunshine

Police breaks up cybergang that stole over $15 million from banks: Romanian authorities have detained 25 people who are suspected of being members of an international gang of cyberthieves who hacked into banks, cloned payment cards and used them to steal over $15 million. CSO, April 27, 2015's Security Recruiter Blog