Sunday, July 26, 2015

Cyber Security Vulnerability and Patch Report for the Week of July 26, 2015




Cyber Crime

Spike in ATM Skimming in Mexico?: Several sources in the financial industry say they are seeing a spike in fraud on customer cards used at ATMs in Mexico. The reason behind that apparent increase hopefully will be fodder for another story. In this post, we’ll take a closer look at a pair of ATM skimming devices that were found this month attached to a cash machine in Puerto Vallarta — a popular tourist destination on Mexico’s Pacific coast. KrebsOnSecurity, July 22, 2015

Cyber Privacy

Online Cheating Site AshleyMadison Hacked: Large caches of data stolen from online cheating site have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.” KrebsOnSecurity, July 19, 2015

Identity Theft

As Many as 4.5M People’s Personal, Medical Information Put at Risk During UCLA Health Cyber Attack: The prominent medical provider was clear to point out that although hackers accessed parts of the computer network that contained personal and medical information of patients and providers, it didn’t have evidence attackers “actually accessed or acquired” that data. Featuring Dr. Stahl – NBC4, July 17, 2015

Cyber Warning

Jeep owners urged to update their cars after hackers take remote control: Security experts are urging owners of Fiat Chrysler Automobiles vehicles to update their onboard software after hackers took control of a Jeep over the internet and disabled the engine and brakes and crashed it into a ditch. The Guardian, July 21, 2015
Leaking bugs : Wikileaks dumps contain malware: Josh Wieder, a researcher was browsing through the Wikileaks dump of the Stratfor leak found that the documents were laced with malware. TechWorm. July 19, 2015

Cyber Security Management

Information security governance maturing, says Gartner: Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cyber security incidents, is making IT risk a board-level issue, says Gartner. ComputerWeekly, July 21, 2015
Confidence in Information Security Capabilities is Lacking: Data breaches and cyberattacks happen daily, across industries and to businesses of all sizes. However, as these attacks become more sophisticated, companies admit that they are at a loss on how to best protect the data. According to eWeek, a study from RSA shows that those responsible for protecting the network don’t necessarily trust their information security capabilities. ITBusinessEdge, July 21, 2015
OPM Break-In an Object Lesson for CIOs: There are days when your only consolation is that someday, somewhere, your mistake might help prevent someone else’s. The Federal government’s Office of Personnel Management (OPM) has been having a bunch of days like that recently, which gives us all an opportunity to learn what to do differently. Featuring Dr. Stahl – Laserfiche, July 20, 2015
Los Angeles County Security Audits Identify Weak Information Security Practices: Three recent audits have found security lapses in several departments of Los Angeles County government putting residents’ medical information, Social Security numbers and other sensitive information at risk of being stolen. – Featuring Dr. Stahl – Sunday Morning Newsmakers with Larry Marino, AM 870 The Answer, July 19, 2015
U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push: WASHINGTON — In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets. The New York Times, July 18, 2015
What’s worrying today’s CISO?: Find out now. Download the 2014 IBM Chief Information Security Assessment to gain the latest insights. IBM Chief Information Security Assessment, 2014

Cyber Security Management – Cyber Defense

Using Wi-Fi in-flight? Employ information security best practices: When you are 30,000 feet in the air and your flight offers Wi-Fi, are you really thinking about hacker Jon who is sitting in seat 44C? Probably not. Most people do not even consider that in-flight Wi-Fi is just like public Wi-Fi at a coffee shop. When you purchase time on an in-flight wireless network, your credit card transaction is encrypted. Once the transaction is complete, your laptop and devices are flying high in their birthday suits, again, if you do not take information security hygiene seriously. In the eye of a cybercriminal, in-flight Wi-Fi-gorging passengers are like a shiny tin of pungent tightly-packed sardines. Dell Power More, July 24, 2015
Free Hacking Team malware checker released: A security company has released a free tool to users who suspect they may be a victim of Hacking Team’s exploit cache. ZDNet, July 21, 2015

Securing the Village

Google boots ‘porn clicker’ malware from Play Store: Google has removed dozens of apps from its Play Store that purport to be games but secretly click on advertisements on pornographic websites. PCWorld, July 24, 2015
Facebook info security chief: ‘Death to Adobe Flash': The social network’s Internet protection provocateur is wasting no time in his new post. He wants this buggy software condemned to death. Fortune, July 14, 2015

Cyber Politics

Why the FBI Wants “Special Access” to Your Smartphone: Yesterday, FBI Director James Comey told Congress that the federal government was increasingly concerned about the widespread use of data encryption in consumer technology, implying—although not explicitly demanding—that tech companies give law enforcement easier access to cryptographically scrambled customer data. Comey’s testimony came one day after some of the world’s top cybersecurity experts and computer scientists issued a report arguing that the government’s call for special access to encrypted information is technically unfeasible and unworkably vague. Law enforcement officials need to get specific about what they want, the report’s authors argued, instead of simply waving their hands and hoping for a technological unicorn that gives them on-demand access to personal information while also protecting user privacy and securing data. Scientific American, July 9, 2015

National Cyber Security

Israel, US commit to beef up cybersecurity cooperation: WASHINGTON — The US deputy secretary of Homeland Security and the top Israeli official handling cybersecurity have cosigned a statement committing to US-Israel cooperation in the area. Times of Israel, July 19, 2015

Cyber Underworld

It’s disturbingly easy to become a hacker millionaire: All it takes to make over $900,000 a year is to learn some code, pick up some Russian, decide to become a criminal, and have no fear. That’s it. Put it all together, take a deep breath, and then even you can become a novice cybercriminal. Business Insider, July 19, 2015

Cyber Law

F.T.C. Accuses LifeLock of Violating Settlement: The Federal Trade Commission on Tuesday accused LifeLock, an identity theft protection service, of making deceptive claims in its advertising, in violation of an agreement the company made with the agency in 2010. The New York Times, July 21, 2015
Experian Hit With Class Action Over ID Theft Service: Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California. The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves. KrebsOnSecurity, July 21, 2015

Cyber Misc

Regulators Investigating Fiat Chrysler Cybersecurity Recall: Federal regulators launched an investigation into Fiat Chrysler Automobiles’s recall of 1.4 million vehicles with a potential cybersecurity flaw first identified by the auto maker in January 2014, ratcheting up concerns about broader automobile security days after hackers demonstrated an ability to remotely commandeer a Jeep’s controls through wireless communications systems. Wall Street Journal, July 24, 2015's Security Recruiter Blog