Monday, July 13, 2015

Cyber Security News and Education for the Week of July 12, 2015





Cyber Crime

Credit Card Breach at a Zoo Near You: Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems. KrebsOnSecurity, July 9, 2015
A London Hedge Fund Lost $1.2 Million in a Friday Afternoon Phone Scam: The finance chief at Fortelus Capital Management LLP got an alarming phone call just as he was getting ready to leave work on a Friday. Bloomberg, July 7, 2015

Cyber Privacy

IEEE group recommends random MAC addresses for Wi-Fi security: According to new recommendations by an IEEE study group, the Wi-Fi protocol needs to be updated to use randomly generated addresses for better security and privacy. CSO, July 8, 2015
Security Experts Oppose Government Access to Encrypted Communication: SAN FRANCISCO — An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger. The New York Times, July 7, 2015
Experts Blast Encryption ‘Backdoor’ Plan: A dozen well-known cryptographers and cybersecurity specialists have published a paper explaining why they believe it’s unrealistic to create a so-called “backdoor” to allow law enforcement and intelligence agencies to decrypt coded information. BankInfoSecurity, July 7, 2015

Cyber Warning

‘Cowboy Adventure’ Game Infects Up To 1 Million Android Users With Malware: Innocent souls who wanted nothing more than to enjoy a game called “Cowboy Adventure” may have found their personal information compromised thanks to malware contained within the app. The Huffington Post, July 10, 2015
This new Android malware looks like a classic Nintendo game: If you’re not reaching, engaging, and monetizing customers on mobile, you’re likely losing them to someone else. Register now for the 8th annual MobileBeat, July 13-14, where the best and brightest will be exploring the latest strategies and tactics in the mobile space. VentureBeat, July 7, 2015

Cyber Security Management

OPM director resigns under pressure after scope of data hack was revealed: Office of Personnel Management Director Katherine Archuleta resigned under pressure ­Friday, a day after the Obama administration announced that two major breaches of U.S. government databases holding personnel records and security-clearance files exposed the sensitive information of at least 22.1 million people. The Washington Post, July 10, 2015
Years of Tech Mismanagement Led to OPM Breach, Resignation of Chief: The massive cyberattacks that led Friday to the resignation of Katherine Archuleta as head of the U.S. Office of Personnel Management followed years of audits that identified deficient systems and processes for managing technology. The Wall Street Journal, July 10, 2015
Audits find data security lapses at L.A. County agencies: Security lapses in several departments of Los Angeles County government put residents’ medical information, Social Security numbers and other sensitive information at risk of being stolen, three recent audits have found. Dr Stahl is quoted. The LA Times, July 10, 2015

Cyber Security Management – Cyber Defense

Microsoft security tool fails malware detection test: There are many great choices out there for malware protection and detection. Unfortunately, Microsoft’s offering isn’t one of them. In recent tests by AV Test, the German lab that is pretty much the de facto standard in malware testing, Microsoft came in a distant last place. NetworkWorld, July 7, 2015

Cyber Security Management – Cyber Update

Flash Player update closes vulnerability identified by Hacking Team: Adobe on Wednesday updated Flash Player to fix a number of security vulnerabilities, including one in the hands of Hacking Team, a company that infamously sold snooping tools and services to government agencies around the world — potentially including harsh authoritarian regimes. AppleInsider, July 8, 2015

National Cyber Security

Finding a Way to Access Encrypted Data: FBI Director James Comey says he has faith in American technological ingenuity to overcome obstacles and give law enforcement the ability to access and decrypt data on the devices of criminals and terrorists. BankInfoSecurity, July 8, 2015

Critical Infrastructure

The Dinosaurs Of Cybersecurity Are Planes, Power Grids And Hospitals: As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up. TechCrunch, July 10, 2015

Cyber Underworld

Finnish Decision is Win for Internet Trolls: In a win for Internet trolls and teenage cybercriminals everywhere, a Finnish court has decided not to incarcerate a 17-year-old found guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, operating a huge botnet and calling in bomb threats, among other violations. KrebsOnSecurity, July 8, 2015

Cyber Law

CIOs Will Have to Defend Cybersecurity Policies in Court: As Donna Seymour, CIO of the U.S. Office of Personnel Management, faces a lawsuit for her role in failing to protect millions of personal data files of employees, CIOs generally should expect to be sued in increasing numbers over cybersecurity issues, one attorney says. The Wall Street Journal, July 9, 2015

Cyber Sunshine

Cybercrime Kingpin Pleads Guilty: An Estonian man who ran an organized cybercrime ring that infected more than four million PCs in over 100 countries with moneymaking malware has pleaded guilty in New York to wire fraud and computer intrusion charges. KrebsOnSecurity, July 10, 2015's Security Recruiter Blog