Monday, August 03, 2015

Cyber Security News and Education for the Week of August 3, 2015





Cyber Crime

China-Tied Hackers That Hit U.S. Said to Breach United Airlines: The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines. Bloomberg, July 29, 2015

Cyber Attack

Planned Parenthood reports second website hack in a week: Planned Parenthood said electronic traffic to its websites was snarled by computer hackers on Wednesday in the second cyber attack mounted against the healthcare organization this week amid a controversy over alleged sales of aborted fetal tissue. Reuters, July 30, 2015

Cyber Privacy

How will the internet of things impact data security?: When we hand over data to a company most people realise there is a value exchange. The organisation gets to learn more about us for future communications, but in return they are able to deliver our shopping, get in contact if there is a problem or keep us up to date with special offers. TheGuardian, July 30, 2015
MIT researchers figure out how to break Tor anonymity without cracking encryption: The Tor network has millions of daily users who rely on it for anonymous access to resources on the open internet and within Tor itself. There have been various attacks on the anonymous aspect of Tor over the years, but a new proof of concept from researchers at MIT demonstrates what may be the simplest way yet to find out what people are accessing through Tor. Luckily, there’s also a fix Tor’s operators can implement. ExtremeTech, July 29, 2015

Financial Cyber Security

Hackers Trick Email Systems Into Wiring Them Large Sums: Cybercriminals are exploiting publicly available information and weaknesses in corporate email systems to trick small businesses into transferring large sums of money into fraudulent bank accounts, in schemes known as “corporate account takeover” or “business email fraud.” Wall Street Journal, July 29, 2015

Identity Theft

How Many Times Has Your Personal Information Been Exposed to Hackers? Half of American adults had their personal information exposed to hackers last year alone. In a recent attack at the federal Office of Personnel Management, hackers stole the most sensitive personal data for 21.5 million people. The New York Times, July 29, 2015
Five Steps to Secure Personal Data After a Breach: The hacking of the Office of Personnel Management adds to an already long list of companies and government agencies whose computer systems have been breached, exposing the personal data of millions of people. The New York Times, July 10, 2015

Cyber Warning

Hacker Controls GM Car with Flawed OnStar RemoteLink Mobile App: Bad news, car owners. A security researcher discovered that GM smart cars are vulnerable to hacking and thievery after he was able to intrude into the vehicle’s system via the flawed OnStar RemoteLink smartphone app. iDigitalTimes, July 31, 2015
GM issues fix for OnStar hack: Just last week Chrysler recalled 1.4 million vehicles after hackers revealed a software bug. Now, a new hack exposes a vulnerability in GM vehicles equipped with OnStar. Users of the iOS RemoteLink app are encouraged to update ASAP. Cnet, July 30, 2015
Remote denial of service vulnerability exposes BIND servers: BIND operators released new versions of the DNS protocol software overnight to patch a critical vulnerability which can be exploited for use in denial-of-service cyberattacks. ZDNet, July 30, 2015
New vulnerability can put Android phones into permanent vegetative state: Researchers have developed an attack that puts more than 50 percent of Android phones into the digital equivalent of a persistent vegetative state in which they’re almost completely unresponsive and are unable to perform most functions, including making or receiving calls. ars technica, July 29, 2015
Windows 10 Shares Your Wi-Fi With Contacts: Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends. KrebsOnSecurity, July 29, 2015
How hackers can take control of your Android with one text message (+video): Security researchers have exposed what experts are calling the worst Android flaw discovered to date. CSMonitor, July 28, 2015

Cyber Security Management

Cybersecurity job market to suffer severe workforce shortage: The shortage of experienced cybersecurity talent may explain why a cybersecurity software engineer earns more than a CSO. CSO, July 28, 2015
Why Cybersecurity Is So Difficult to Get Right: It seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. If you’re a company trying to secure your data, where do you start? What should you think about? To answer these questions, I talked to Marc van Zadelhoff, VP of IBM Security, about the current state of cybersecurity and the Ponemon Institute’s 2015 study of cybersecurity around the world, which IBM sponsored. Harvard Business Review, July 27, 2015
Does Your CEO Know What’s Keeping You Up at Night?: As far too many companies victimized by data breaches can attest, we are in a “blame the victim” environment, where the breach victim is treated like an accessory to the crime. Time and time again, Congress, regulators, the courts and the media treat victim companies as if they are guilty until proven innocent, or rather “negligent until proven reasonable.” SecurityMagazine, June 1, 2015

Cyber Security Management – Cyber Defense

What Businesses Need to Know About Windows 10 Security: Windows 10 arrived this week, touting improvements and new features for businesses. Security experts were cautiously optimistic about the new security enhancements, including improved access controls, data loss prevention features, and app whitelisting capabilities. PCMag, July 30, 2015
The Five Online Security Measures You’re Probably Doing Wrong: After surveying security experts and non-experts alike, three Google GOOGL -1.01% researchers identified some distinct discrepancies between the practices and recommendations of experts (defined as having studied or worked in computer security for at least five years) and non-experts, recruited from Amazon’s Mechanical Turk platform. Forbes, July 30, 2015
Google lets you bring your encryption keys to its cloud: Companies like the idea of the flexibility the cloud computing model, but many remain unconvinced that cloud—especially public cloud—is a secure place for their important data. So Google GOOG says it will now enable customers to bring their own encryption keys to the Google Compute Engine, the computing portion of Google Cloud Platform. Fortune, July 28, 2015
​Stagefright: Just how scary is it for Android users?: If your smartphone or tablet vendor doesn’t fix the Stagefright security hole, this text-message based malware can be really scary. But you can protect yourself from it with a few simple steps. ZDNet, July 27, 2015

Cyber Awareness

Email security: A phishing tale: A few weeks ago my wife told me that she got an unexpected email from the Canada Revenue Agency. It wanted to initiate an Interac e-transfer of $980.99 into her account. The alarm bells immediately started ringing in my head. Dell Power More, July 29, 2015

National Cyber Security

Coalition for Responsible Cybersecurity Applauds Commerce Department Decision to Revise Proposed Export Control Rule, Seek Additional Industry Input: WASHINGTON, Jul 31, 2015 (BUSINESS WIRE) — Today, the Coalition for Responsible Cybersecurity, formed to ensure that U.S. export control regulations do not negatively impact U.S. cybersecurity effectiveness, applauds the U.S. Department of Commerce’s decision to substantially revise its proposed export controls rule on cybersecurity tools and to seek additional industry input before opening a second comment period on the proposed rule. MarketWatch, July 31, 2015
U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies: WASHINGTON — American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years. The New York Times, July 25, 2015

Cyber Law Enforcement

FBI understaffed to tackle cyber threats, says watchdog: The FBI is struggling to attract computer scientists to its cybersecurity program mainly due to low pay, a report by the U.S. Department of Justice showed, highlighting weaknesses in a flagship initiative to tackle growing cyber threats. Reuters, July 30, 2015

Critical Infrastructure

Hackers Could Heist Semis by Exploiting This Satellite Flaw: REMEMBER THE OPENING scene of the first Fast and Furious film when bandits hijacked a truck to steal its cargo? Or consider the recent real-life theft of $4 million in gold from a truck transiting from Miami to Massachusetts. Heists like these could become easier to pull off thanks to security flaws in systems used for tracking valuable shipments and assets. Wired, July 30, 2015

Cyber Underworld

Cybercrime Evolves in Russia: The underground Russian cybercrime market is evolving. Malware prices have fallen, while the sophistication level of products and services continue to rise – they now include translation and anti-spam proofing features. Credit Union Times, July 30, 2015
Cybercrime forum Darkode returns with security, admins intact: Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested. The Register, July 28, 2015
Darkode cybercrime forum might be making a comeback: The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members. PCWorld, July 28, 2015's Security Recruiter Blog