Sunday, May 31, 2015

Cyber Security News and Education for the Week of May 30, 2015





ISSA-LA 7th Annual Information Security Summit

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Attack

Islamic, Chinese hackers target media: News outlets are coping with a wave of cyberattacks as hackers around the world seek to monitor their coverage or deface their websites for publicity. The latest intrusion at the Washington Post redirected users to a site controlled by the Syrian Electronic Army (SEA), a group that supports embattled President Bashar al-Assad. The attack, which took place last Thursday, affected parts of the paper’s mobile website but did not compromise its internal networks. The Hill, May 25, 2015

Identity Theft

Russian hackers behind $50 million IRS scheme, report says: Hackers in Russia are again proving to be a thorn in the side of US government agencies.The theft of critical information of more than 100,000 taxpayers from the Internal Revenue Service (IRS) database was the work of hackers in Russia, CNN reported on Thursday after speaking to Rep. Peter Roskam (R – IL), chairman of a House subcommittee that oversees the US tax agency. The lawmaker didn’t say whether the Russian government played any role in the attack. Cnet, May 29, 2015
Why Medical Identity Theft Is Rising And How To Protect Yourself: Anthem. Premera. Carefirst. Since the start of the year, these three major health insurers, all Blue Cross Blue Shield plans, have been victims of major data breaches, with up to about 92 million records affected.For the past three years, the health/medical sector has accounted for the highest percent (42.5% in 2014) of total hackings of any industry, according to the Identity Theft Resource Center. While data breaches at major retailers like Home Depot and Target may resonate more in consumers’ minds, files that contain someone’s medical data can make victims much more vulnerable. Forbes, May 29, 2015
IRS Believes Hackers Who Stole Data From Over 100K US Taxpayers Were In Russia: Reports: The Internal Revenue Service (IRS) believes that hackers who stole the personal data of over 100,000 U.S. taxpayers are part of an organized crime group based in Russia, according to sources inside the agency cited by both CNN and the Associated Press (AP).International Business Times, May 28, 2015
IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature: The Internal Revenue Service (IRS) believes that hackers who stole the personal data of over 100,000 U.S. taxpayers are part of an organized crime group based in Russia, according to sources inside the agency cited by both CNN and the Associated Press (AP). Krebs On Security, May 26, 2015

Cyber Privacy

UN report: Encryption is important to human rights — and backdoors undermine it: A new report from the United Nation’s Office of the High Commissioner for Human Rights says digital security and privacy are essential to maintaining freedom of opinion and expression around the world — and warns that efforts to weaken security tools in some countries may undermine it everywhere. The Washington Post, May 28, 2015
More Evidence of mSpy Apathy Over Breach: Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software. Unfortunately for victims of this breach, mSpy’s lackadaisical response has left millions of screenshots taken from those devices wide open and exposed to the Internet via its own Web site. Krebs On Security, May 27, 2015
Recent Breaches a Boon to Extortionists: The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain. Krebs On Security, May 26, 2015
Philip Zimmermann: king of encryption reveals his fears for privacy: When Philip Zimmermann was campaigning for nuclear disarmament in the 1980s, he kept an escape plan in his back pocket. The inventor of the world’s most widely used email encryption system, Pretty Good Privacy – more commonly known as PGP – was ready to move his family from Colorado to New Zealand at a moment’s notice. The button was never pressed and the Zimmermanns stayed put. Until this year, that is. The Guardian, May 25, 2015

Cyber Threats and Warnings

NetUSB vulnerability leaves millions of connected devices open to attack:Security researchers have published proof-of-concept code for a major router vulnerability leveraging a popular driver that could be used by hackers to compromise millions of connected devices.The vulnerable Linux kernel driver is called NetUSB, and it allows USB devices such as printers, external hard drives and flash drives to be connected to a router or access point so as to be made available on the network. The NetUSB technology belongs to a Taiwanese firm called KCodes Technology, but each vendor has a different name for the technology. Netgear calls it ReadySHARE, while other vendors use terms such as “print sharing” or “USB share port.” ZDNet, May 27, 2015
Retailers targeted by new point-of-sale malware through job requests: Researchers have discovered a new point-of-sale malware variant which targets machines through indiscriminate spam campaigns. According to FireEye’s security team, the NitlovePOS malware is the latest malicious software used to target the lucrative retail market. Point-of-sale (POS) malware is written and tailored to steal customer payment data — especially credit card data — from checkout systems used in retail stores, and often finds its way onto vulnerable systems through malicious email campaigns. ZDNet, May 26, 2015
WordPress malware: Don’t let too-good-to-be-true deals infest your site: Sometimes you can smell when it’s not going to end well. It’s almost like there’s a taste in the air. It started with a routine email message in my inbox. But after reading the first few words, I knew this was going to be one of those. Here’s how it started: “We bought the seamless donation plugin for our website…” ZDNet, May 26, 2015

Cyber Security Management

10 tips for creating a cybersecurity program: With major data breaches making headline news on a near-weekly basis, the healthcare industry is increasingly focused on cybersecurity, as well it should be. In addition to working toward a culture of security wherein all employees are trained to spot and prevent attempted cyber-attacks, a strong program is an essential part of any long-term business strategy, and healthcare entities are not exempt. But where to begin? And how best to move forward? Government Health IT, May 26, 2015
Cybersecurity on the agenda for 80 percent of corporate boards: Cybersecurity is a topic of discussion at most board meetings, according to a new survey of 200 corporate directors. The survey, conducted jointly by NYSE Governance Services and security vendor Veracode, revealed that more than 80 percent of board members say that cybersecurity is discussed at most or all board meetings. CSO Online, May 28, 2015
SEC Division of Investment Management Issues Cybersecurity Guidance: On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential
and sensitive information concerning fund investors and advisory clients. The staff noted that cyber-attacks on a wide range of financial services firms highlight the need for firms to review their cybersecurity measures. National Law Review, May 24, 2015
Why IT security needs a rebrand: Most organisations, regardless of size or sector, would be hard pushed to call their IT security ‘popular’. The general feeling is these tools, together with those of us that implement and maintain them, hamper technological innovation and inhibit organisational flexibility. In short, some (many?) don’t see us adding value. Information Age, May 21, 2015

Cyber Security Management – Cyber Defense

The Highs and Lows of Cybersecurity Integration: Based upon anecdotal evidence, I estimate that the average large enterprise organization uses more than 70 different security tools from an assortment of vendors. As they say in Texas, “that dog don’t hunt.” In other words, it’s nearly impossible to maintain strong security hygiene or establish best practices when the security organization is chasing cybersecurity optimization on a tool-by-tool basis. Network World, May 29, 2015

Securing the Village

ISSA Information Security Summit: The Los Angeles Chapter of the Information Systems Security Association presents its seventh annual Information Security Summit at the Los Angeles Convention Center. ISSA-LA is offering EFF supporters a 20% registration discount when you use the promotion code Z9H1RM. About the Summit: Known for its groundbreaking keynotes and speakers, this year’s Summit will be no exception with Internationally Renowned Security Technologist, Author, and EFF Board Member Bruce Schneier, Dave Kennedy, founder and CEO of TrustedSec, LLC, Marcus Ranum, Aaron Turner, Jim Manico, John Dickson, Jerry Hoff, Joe McCray, Rafal Los, Ira Winkler and Samy Kamkar amongst the line-up of featured keynotes and speakers. Electronic Frontier Foundation

Cyber Underworld

Hackers On Demand: In 2013, a pair of private investigators in the Bay Area embarked on a fairly run-of-the-mill case surrounding poached employees. But according to a federal indictment unsealed in February, their tactics sounded less like a California noir and something more like sci-fi: To spy on the clients’ adversaries, prosecutors say, they hired a pair of hackers. Fast Company , May 29, 2015
Phishing Gang is Audacious Manipulator: Cybercriminals who specialize in phishing — or tricking people into giving up usernames and passwords at fake bank and ecommerce sites — aren’t generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. That’s most definitely the case with a phishing gang that calls itself the “Manipulaters Team”, whose Web site boasts that it specializes in brand research and development. Krebs On Security, May 28, 2015

Cyber Sunshine

Ross Ulbricht, Creator of Silk Road Website, Is Sentenced to Life in Prison: Ross W. Ulbricht, the founder of Silk Road, a notorious online marketplace for the sale of heroin, cocaine, LSD and other illegal drugs, was sentenced to life in prison on Friday in Federal District Court in Manhattan. Mr. Ulbricht, 31, was sentenced by the judge, Katherine B. Forrest, for his role as what prosecutors described as “the kingpin of a worldwide digital drug-trafficking enterprise.” The New York Times, May 29, 2015

Citadel On Security

Dr. Stahl to Keynote CSAA 2015 Annual Meeting | Oct 10-14 | Sonoma CA: SONOMA, Calif.—CSAA announced three of the speakers for its 2015 Annual Meeting, to be held here Oct. 10-14, with the keynote speaker, Stan Stahl, Ph.D, discussing cybersecurity. “Over the next several years, CSAA will be restructuring our traditional annual meeting in order to bring the greatest possible value to our members who attend,” Pamela J. Petrow, CSAA’s new president, said in a prepared statement. “Members will start to see these changes in Sonoma, where we have already assembled an exciting roster of speakers to present on topics that will help them advance their businesses.” Security Systems News, May 6, 2015

Let Freedom Ring

Memorial Day, 2015 – by Stan StahlRita and I had the pleasure last month to spend a few days in Boston, the cradle of Liberty. One of the places we visited was the Old North Church. There in 1775 — on the 18th of October — Paul Revere began his ride to warn the patriots. The British are coming.The next day at Lexington and Concord, those first patriots gave their last full measure of devotion in the defense of liberty. It was here that our new nation was, as Lincoln said, conceived in liberty. After Boston Rita and I went to Philadelphia where — 15 months after the shot heard round the world — America was born. It was in Philadelphia on July 4, 1776 where America first dedicated itself to the proposition “that all men [and women] are created equal.” Even as we have always failed — sometimes miserably — to fully live up to this principle, this is the highest principle to which we aspire — to live as a people conceived in liberty and dedicated to the proposition that all of us are created equal. This is the standard Lincoln set; the standard by which America measures ourselves. The Agnostic Patriot, May 25, 2015

Jeff Snyder’s,, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810's Security Recruiter Blog