Sunday, June 14, 2015

Cyber Security News and Education for the Week of June 14, 2015





Cyber Crime

Breach at Winery Card Processor Missing Link: Missing Link Networks Inc., a credit card processor and point-of-sale vendor that serves a number of wineries in Northern California and elsewhere, disclosed today that a breach of its networks exposed card data for transactions it processed in the month of April 2015. KrebsOnSecurity, June 10, 2015
Cybercrime Can Give Attackers 1,425% Return on Investment: Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain. DarkReading, June 9, 2015

Cyber Attack

German parliament cyber-attack still ‘live': A cyber attack on the German parliament uncovered a month ago is still stealing data from Bundestag computers, report German media. BBC, June 11, 2015
Kaspersky Lab cybersecurity firm is hacked: One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers. BBC, June 10, 2015

Cyber Privacy

U.S. Tech Industry Appeals to Obama to Keep Hands Off Encryption: Top U.S. tech companies are warning the Obama administration against imposing new policies that the companies say would weaken increasingly sophisticated encryption systems designed to protect consumers’ privacy. recode, June 9, 2015

Identity Theft

Why The OPM Breach Is Such a Security and Privacy Debacle: IF IT’S NOT already a maxim, it should be: Every big hack discovered will eventually prove to be more serious than first believed. That’s holding to be especially true with the recently disclosed hack of the federal Office of Personnel Management, the government’s human resources division. Wired, June 11, 2015
I.R.S. Adds New Safeguards to Thwart Identity Theft and Fraud: Reeling from an online attack that allowed criminals to steal personal information and divert tax refunds from tens of thousands of taxpayers, the Internal Revenue Service announced on Thursday a sweeping effort to step up protections against identity theft and fraud. The actions are expected to be completed by early next year, well before the April 15 filing deadline. The New York Times, June 11, 2015
Hackers May Have Obtained Names of Chinese With Ties to U.S. Government: WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation. The New York Times, June 10, 2015
How I Learned to Stop Worrying and Embrace the Security Freeze: If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data. Even if you haven’t noticed (or maybe you just haven’t actually received a breach notice), I’m here to tell you that if you’re an American, your basic personal data is already for sale. What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data (s)pillage. KrebsOnSecurity, June 8, 2015

Cyber Threat

Hackers Go After Little Fish, Too, While Trawling for Credit Cards: Hackers are going local in their efforts to steal credit card information from United States customers, hitting small businesses with as much frequency as retail giants. The New York Times, June 11, 2015

Cyber Warning

Beware authentication popups in iOS Mail: bug allows convincing-looking phishing attacks: If you are reading mail on your iPhone and iPad and a popup appears asking you to re-login to iCloud (or anything else), beware. Security researcher Jan Soucek discovered a bug in the iOS Mail app that allowed an attacker to run remote HTML code when an email is opened. That code could easily imitate an iCloud login prompt, fooling users into giving away their Apple ID credentials. 9to5mac, June 10, 2015
Scam warning over fake bank texts: Fraudsters send messages to people saying there has been a fraud on their accounts aimed at trying to steal security information. GetReading, June 9, 2015
Outdated Flash Player Editions Attacked in Latest Cyber-Crime: According to FireEye the security company, cyber-crooks by using attack tools aimed at Adobe Flash Player’s obsolete editions have created one exploit to abuse a security flaw which Adobe patched on May 12, 2015, a development that gives rise to certain severe security problems. SpamFighter, June 8, 2015
Memory scraping malware targets Oracle Micros point-of-sale customers: A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products. CIO, June 8, 2015

Cyber Security Management

RAND study: Cyber-defense must change course, or else: RAND today released the results of its multiphased study on cybersecurity’s future, The Defender’s Dilemma, delivering a frightening snapshot of defenders lost at sea. ZDNet, June 10, 2015
The Defender’s Dilemma: Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations’ attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. Rand Corporation, June 2015
Infosecurity Europe 2015: Check your supply chain security to reduce breach risk: Organisations should include supply chain security as part of their strategy to reduce the risk of data breaches, an expert panel told attendees of Infosecurity Europe 2015 in London. ComputerWeekly, June 8, 2015

Securing the Village

HackerOne Connects Hackers With Companies, and Hopes for a Win-Win: SAN FRANCISCO — In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems. The New York Times, June 8, 2015
Dan Geer’s 10 Cybersecurity Best Practices: In his keynote last year at the Black Hat USA conference, Dan Geer proposed 10 policy recommendations he thinks will make the digital world a much safer one. Here’s a much-condensed version of his ideas. Wired, June 2015

National Cyber Security

US Army website hacked as Obama demands cyber law: A hacker group backing the Syrian government claimed responsibility for hacking the official website of the US Army, just hours after President Obama called for new cybersecurity laws at the G-7 summit in Germany. RT, June 8, 2015
Obama: US Needs More Aggressive Cybersecurity: President Barack Obama says the United States is going to have to be much more aggressive when it comes to cybersecurity, but he refused to say who he believes is behind the massive hacking of U.S. government computers revealed last week. Voice of America, June 8, 2015
Here’s What a Cyber Warfare Arsenal Might Look Like: The Pentagon has made clear in recent weeks that cyber warfare is no longer just a futuristic threat—it is now a real one. U.S. government agency and industry computer systems are already embroiled in a number of nasty cyber warfare campaigns against attackers based in China, North Korea, Russia and elsewhere. As a counterpoint, hackers with ties to Russia have been accused of stealing a number of Pres. Barack Obama’s e-mails, although the White House has not formally blamed placed any blame at the Kremlin’s doorstep. The Obama administration did, however, call out North Korea for ordering last year’s cyber attack on Sony Pictures Entertainment. Scientific America, May 6, 2015

Cyber Career

The Horizon For Information Security Jobs: With graduation season upon us, many graduates entering the workforce are understandably anxious about their future employment. However, at least one group is poised to take advantage of a market suffering from a massive skills shortage: cybersecurity professionals. TechCrunch, June 7, 2015

Cyber Misc

Firms Could Be Forced to Disgorge Profits from Tax Refund Fraud: Last week, KrebsOnSecurity ran an interview with Julie Magee, Alabama’s chief tax administrator, to examine what the states are doing in tandem with the IRS and others to make it harder for ID thieves to commit tax refund fraud — a $6 billion a year problem. Today we’ll hear from John Valentine, chair of Utah’s State Tax Commission, about the challenges his state faced this year, as well as the prospect that tax preparation firms could be forced return to the U.S. Treasury any profits they make from processing fraudulent tax refunds. KrebsOnSecurity, June 9, 2015
This Hacked Kids’ Toy Opens Garage Doors in Seconds: AMERICANS’ GARAGES, THOSE sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts. But some garages are only protected by a code whose security is equivalent to a two-character password. And security researcher Samy Kamkar can crack that laughable safeguard in seconds, with little more than a hacked child’s toy. Wired, June 4, 2015

Cyber Sunshine

Europol shuts down cybercrime ring with 49 arrests: Europol’s European Cybercrime Centre has arrested 49 suspects in a joint international operation targeting the takedown of a major cybercrime ring, reports Tripwire. WeLiveSecurity, June 11, 2015's Security Recruiter Blog