Sunday, August 16, 2015

Cyber Security News and Education for the Week of August 17, 2015





Cyber Crime

When Online Loan Applications Lead to Unauthorized Bank Account Debits: Thousands of cash-strapped Americans who filled out applications for payday loans on sites with names like instead found their financial details had been used to make unauthorized debits or credit card charges, according to an investigation by federal regulators. The New York Times, August 12, 2015
Chip Card ATM ‘Shimmer’ Found in Mexico: Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine’s card acceptance slot and used to read data directly off of chip-enabled credit or debit cards. KrebsOnSecurity, August 11, 2015
How Hackers Made $1 Million by Stealing One News Release: A scheme, announced by federal authorities on Tuesday, to hack into three news wire services to steal copies of corporate news releases went on for years, and required a good deal of patience and persistence. For a while, it seemed to pay off. The New York Times, August 11, 2015

Identity Theft

HHS Hit With Five Data Security Breaches in Three Years: The Department of Health and Human Services (HHS) has suffered from five data security breaches within the last three years, according to a recent report by the House Energy & Commerce Committee. HealthITSecurity, August 11, 2015

Cyber Warning

Your router: Gateway for hackers: The device that connects us to the Internet is dangerously vulnerable, security experts say. And while there are some signs of impending improvements, not much has happened in the past several years, while the threats have grown. CSO, August 14, 2015
My browser visited and all I got was this lousy malware: Millions of people visiting,,, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said. ars technica, August 14, 2015
Vulnerability identified in Google Admin app, remains unpatched: The Google Admin application – which allows users to manage their Google for Work accounts from their Android devices – contains an unpatched vulnerability that can be exploited to read data from any file within the Google Admin sandbox. SC Magazine, August 14, 2015
Darkhotel APT Gang Taps Flash Flaw: The advanced persistent threat gang behind a long-running series of cyberespionage-focused campaigns quickly tapped a zero-day exploit for a flaw in Adobe Flash after it was leaked in July, as part of the 400 GB dump of data stolen from hacked spyware vendor Hacking Team. But the APT gang has long employed trickery to exploit a number of high-profile targets, suggesting that potential victims will need to do more than just update their version of Flash Player to counter these types of attacks in the future. BankInfoSecurity, August 11, 2015
Hackers stealing data on iOS via major security flaw: Hackers are taking advantage of vulnerability in Apple’s iOS mobile operating system to install malicious software disguised as popular apps such as Facebook, Twitter and WhatsApp to steal personal information. CNBC, August 7, 2015

Cyber Security Management

6 Observations About Cybersecurity Based On Two New Surveys: Cybersecurity incidents and attacks have become almost daily news, and two new surveys give voice to the executives and cybersecurity professionals struggling to defend their organizations. Forbes, August 12, 2015
Hacking charges show merger of finance and cybercrime: Companies can spend millions of dollars on state-of-the-art cybersecurity to protect their most precious information, but that could all be for naught if outside companies with access to it don’t adhere to the same high security standards. SFGate, August 11, 2015

Cyber Security Management – Cyber Defense

To shine a light on cybercrime, go Dark: One of the best ways to understand your enemy – what he’s up to, what his capabilities are and how he can damage you – is to spy on him. CSO, August 10, 2015

Cyber Security Management – Cyber Update

Adobe, MS Push Patches, Oracle Drops Drama: Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down. KrebsOnSecurity, August 11, 2015

Securing the Village

Private-Public Collaboration Puts Pittsburgh at Fore of Cybercrime Fight: Pittsburgh is home to the country’s first motion-picture theater, oil refinery and commercial radio station. The city is now emerging as a front line in the global fight against cybercrime. The Wall Street Journal, August 13, 2015

National Cyber Security

Steptoe Cyberlaw Podcast, Episode #78 hosted by Stewart A. Baker: The Atlantic Council Panel: “I know, I know, we promised that the Cyberlaw Podcast would go on hiatus for the month of August. But we also hinted that there might be a bonus episode. And here it is, a stimulating panel discussion with Dmitri Alperovitch, Harvey Rishikof, and me, sponsored by the Atlantic Council and moderated by Melanie Teplinsky. The topic is whether the United States should abandon its longstanding policy of refusing to steal the commercial secrets of foreigners to help American companies compete. The discussion is lively, with plenty of disagreements and an audience vote at the start and finish of the discussion to gauge how persuasive we were. Enjoy!” Lawfare, August 12, 2015
China Cybersecurity Fears Prompt Business Groups to Press Obama: BEIJING—Ahead of Chinese President Xi Jinping’s U.S. visit, 19 American business and technology industry groups asked President Barack Obama to urge Beijing not to use cybersecurity measures to protect its domestic technology industry from foreign competition. The Wall Street Journal, August 12, 2015

Cyber Law

The information security landscape of the future: Picture the scene: you’ve had to hire a data protection officer, you’ve got a strict plan in place to notify all of your customers about breaches as soon as they happen, all of your data is encrypted and your company now has an insurance plan to help guard against data fines. This scene is in stark contrast to the security and compliance measures that many businesses currently operate under, yet this is expected to become standard practice, and the deadline to comply is fast approaching. SC Magazine, August 14, 2015
Reuters: EU Drafting New Cyber Law With Security Obligations for Internet Firms: The European Union is crafting a new cybersecurity law that will establish security obligations for Internet companies that provide digital service platforms, Reuters reported Thursday. ExecutiveBiz, August 7, 2015

Cyber Misc

Report claims Kaspersky faked malware to trip up competitors’ products: Two former employees of Kaspersky Lab have accused the malware protection software company of seeding competitors’ products with fake malware signatures intended to make them erroneously label benign files on customers’ computers as malicious. The allegations, made in a report published by Reuters Friday morning, have been strongly denied by a Kaspersky Lab spokesperson. ars technica, August 14, 2015
Cyberheist Victim Trades Smokes for Cash: Earlier this month, KrebsOnSecurity featured the exclusive story of a Russian organized cybercrime gang that stole more than $100 million from small to mid-sized businesses with the help of phantom corporations on the border with China. Today, we’ll look at the stranger-than-fiction true tale of an American firm that lost $197,000 in a remarkably similar 2013 cyberheist, only to later recover most of the money after allegedly plying Chinese authorities with a carton of cigarettes and a hefty bounty for their trouble. KrebsOnSecurity, August 14, 2015
Why ‘Smart’ Objects May Be a Dumb Idea: A FRIDGE that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet. The New York Times, August 10, 2015's Security Recruiter Blog