Sunday, June 07, 2015

Cyber Security News and Education for the Week of June 7, 2015






Cyber Privacy

New Snowden leak: NSA uses warrantless Web surveillance to hunt hackers: Ever since Edward Snowden began to leak details on the mass surveillance programs of the NSA and other government agencies, there’s been an ongoing debate over the nature and limits that should be placed on such surveillance. One of the most troubling trends exposed in repeated leaks is the degree to which the government has exceeded the enormous authority granted it by the Patriot Act and other legislation. New information, available today, is going to reignite that argument. Days after the Senate voted to reauthorize the Patriot Act with some modest modifications, details have leaked on how the Obama Administration authorized the NSA to search the Internet for evidence of malicious hacking, even when there were no obvious ties between the alleged hackers and any international groups. ExtremeTech, June 4, 2015
NSA’s use of ‘back-door searches’ against hackers is reformers’ next target: Surveillance reformers, fresh off a week of tenuous victories, have vowed to ensure there are further overhauls to the National Security Agency’s vast dragnets after a new report detailed another stretch of legal authority by the US government to stop malicious hackers. The Guardian, June 4, 2015
Bruce Schneier on Privacy and the Data Free-for-All: OVER THE PAST two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He’s the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March. Wired, May 31, 2015

Identity Theft

Chinese Hackers Accused Of Attacking US Government Agencies: Citadel’s Dr. Stan Stahl discusses breach at Office of Personnel Management putting as many as four million current and former federal employees at risk of identity theft. Dave Bryan reports. CBS Los Angele, June 4, 2015
Hacking Linked to China Exposes Millions of U.S. Workers: WASHINGTON — The Obama administration on Thursday announced what appeared to be one of the largest breaches of federal employees’ data, involving at least four million current and former government workers in an intrusion that officials said apparently originated in China. The New York Times, June 4, 2015

Identity Theft — Tax Refund Fraud

States Seek Better Mousetrap to Stop Tax Refund Fraud: With the 2014 tax filing season in the rearview mirror, state tax authorities are struggling to incorporate new approaches to identifying and stopping fraudulent tax refund requests, a $6 billion-a-year problem that’s hit many states particularly hard this year. But some states say they are encountering resistance to those efforts on nearly every front, from Uncle Sam to online tax vendors and from the myriad of financial firms that profit handsomely from processing phony tax refunds. KrebsOnSecurity, June 2, 2015
Phony Tax Refunds: A Cash Cow for Everyone: When identity thieves filed a phony $7,700 tax refund request in the name of Joe Garrett, Alabama’s deputy tax commissioner, they didn’t get all of the money they requested. A portion of the cash went to more than a half dozen U.S. companies that each grab a slice of the fraudulent refund, including banks, payment processing firms, tax preparation companies and e-commerce giants. KrebsOnSecurity, June 2, 2015
IRS Changes Identity Theft Policy: The Internal Revenue Service has agreed to change its policy on identity theft and provide victims with copies of the fraudulent tax returns that have been filed under their names by scammers. Accounting Today, June 1, 2015

Cyber Warning

New exploit leaves most Macs vulnerable to permanent backdooring: Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction. ars technica, June 1, 2015

Cyber Security Management

Data breach costs now average $154 per record: The average total cost of a single data breach rises 23% to $3.8 million, according to the Ponemon Institute. ComputerWorld, May 27, 2015

Cyber Security Management – Cyber Defense

MICROSOFT GIVES DETAILS ABOUT ITS CONTROVERSIAL DISK ENCRYPTION: Recently, I wrote a guide explaining how to encrypt your laptop’s hard drive and why you should do so. For the benefit of Windows users, I gave instructions for turning on BitLocker, Microsoft’s disk encryption technology. The Intercept, June 4, 2015
Facebook boosts notification email security with OpenPGP encryption: The next time someone tags you in a Facebook post, the social network can send you a super secret notification that not even the National Security Agency can read—at least as far as we know. On Monday, Facebook announced that you can now add an OpenPGP key to your Facebook profile. PCWorld, June 1, 2015

Securing the Village

Co-operation driving progress in fighting cyber crime, say law enforcers: International collaboration and co-operation is driving progress in fighting cyber crime, according to a panel of UK, US and European law enforcement officers. ComputerWeekly, June 5, 2015
Security Compass Donates Security Training Courses to the ISSA-LA Summit Attendees: With threats to the mobile environment growing steadily over recent years, and new features like mobile payments raising the stakes even more for consumers and businesses, Security Compass, with extensive knowledge in web and mobile application security, is announcing a new mobile security training program for application developers and architects, IT administrators and security professionals which can dramatically reduce these risks. PRWeb, June 3, 2015
Cybercrime Solutions Top Agenda of ISSA-LA Information Security Summit (CDSA): This week will see the seventh annual Information Security Summit, held by the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA). CSDA, June 1, 2015
ISSA-LA Seventh Annual Information Security Summit on Cybercrime Solutions Reaching Out the Entertainment Industry: The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is holding its Seventh Annual Information Security Summit on June 4 – 5, 2015 at the Los Angeles Convention Center. The Summit theme, The Growing Cyber Threat: Protect Your Business, reflects the reality that cybercrime impacts the financial health of all our organizations: businesses, government agencies, healthcare, schools, nonprofits, and the entertainment industry. The Summit will highlight emerging solutions to the challenges of cybercrime. Virtual-Strategy Magazine, May 14, 2015

National Cyber Security

Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border: WASHINGTON — Without public notice or debate, the Obama administration has expanded the National Security Agency‘s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents. The New York Times, June 5, 2015

Cyber Underworld

Profile Of A Cybercrime Petty Thief: Although the cybercrime game is dominated by organized criminals — according to IBM X-Force, 80 percent of cyber attacks are driven by highly organized crime rings — there are one-man operations getting a piece of the action, too. Trend Micro today proposed that actors like these may be the “evolved version of the petty thief,” and profiled one individual operating in Canada. DarkReading, May 26, 2015

Cyber Misc

A flaw in the design: A brief history of Internet (in)security. David D. Clark, an MIT scientist whose air of genial wisdom earned him the nickname “Albus Dumbledore,” can remember exactly when he grasped the Internet’s dark side. He was presiding over a meeting of network engineers when news broke that a dangerous computer worm — the first to spread widely — was slithering across the wires. The Washington Post, May 30, 2015's Security Recruiter Blog