Tuesday, September 08, 2015

Cyber Security News and Education for the Week of September 7, 2015


CYBER SECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber-Tip of the Week: Use a Credit Freeze to Protect Your Financial Identity

  1. What it is: A security freeze means that your credit file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without first checking a consumer’s credit history. If your credit files are frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name.
  2. Lifting the Freeze: You will need to lift your credit freeze whenever you want to open up credit such as buying a car or signing a lease.
  3. Costs: The cost of a freeze varies from state to state. It’s often free for identity theft victims with a charge of $10 or less per credit bureau for non-victims. Costs for lifting a freeze also vary by state.
  4. How to get it: Contact each of the 3 credit bureau
    1. http://www.equifax.com
    2. http://www.transunion.com/
    3. http://www.experian.com/
More Information:

Cyber Crime

Wikipedia Editors Uncover Extortion Scam And Extensive Cybercrime Syndicate: Wikipedia, the world’s online trove of collective knowledge, is in the midst of a international extortion scandal, where editors secretly charged businesses and artists a fee to create and “protect” articles. ThinkProgress, September 4, 2015

Cyber Privacy

FTC commissioners call for strong encryption, push back against FBI, NSA: In recent months, we’ve seen calls from multiple government officials to roll back encryption protections and create backdoors in software. At certain points, the debate over these issues has reached a fever pitch, with New York District Attorney Cyrus Vance Jr telling Congress that Apple’s decision to include strong encryption in iOS 8 was basically intended to please criminals, child pornographers, and murderers. Now, two FTC commissioners have weighed in on the topic — and their own views couldn’t be more different. ExtremeTech, September 4, 2015

Financial Cyber Security

With new chip credit cards on way here’s what consumers need to know: Techies are calling the upcoming shift in how we will use our credit cards at the store something like “dip the chip.” USA Today, August 31, 2015

Identity Theft

OPM (Mis)Spends $133M on Credit Monitoring: The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft. KrebsOnSecurity, September 2, 2015
How I Learned to Stop Worrying and Embrace the Security Freeze: If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data. Even if you haven’t noticed (or maybe you just haven’t actually received a breach notice), I’m here to tell you that if you’re an American, your basic personal data is already for sale. What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data (s)pillage. KrebsOnSecurity, June 8, 2015

Cyber Warning

For discerning hackers, malware is so last year: Fraudsters increasingly rely on legitimate administrator tools instead of malware to successfully breach systems and steal data. InfoWorld, September 4, 2015
More ATM “Insert Skimmer” Innovations: Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with. But ATM fraud experts say they continue to see criminal innovations with “insert skimmers,” wafer-thin data theft devices that fit inside the ATM’s card acceptance slot and do not alter the outward appearance of a compromised cash machine. KrebsOnSecurity, September 3, 2015
Baby monitors are vulnerable to hackers: Here’s how to secure your devices: A security report says that many popular Internet-connected baby monitors are susceptible to common hacking attacks. Users of the “Internet of Things” can disable certain features – and beef up their network security – to stay safe. Christian Science Monitor, September 3, 2015
New iPhone malware a problem, but only for jailbroken phones: SAN FRANCISCO — News of scary new iPhone malware dubbed “Key Raider” is trending online, but there’s a caveat — it only hits phones that are jailbroken. USA Today, September 2, 2015
New Web addresses a cybercrime playground: The proliferation of new Web addresses has created a free-for-all as cyber criminals race to spread malware or steal personal information with new sites, researchers say. TheHill, September 1, 2015

Cyber Security Management

Latest security flaw to destroy all business? ‘Sanity check’ your cybercrime statistics: The difficulty telling fact from fiction in cybercrime news has been getting worse over the past few years. For decision makers, this means a “sanity check” on reported stats should be in your everyday toolkit. ZDNet, September 3, 2015
CISOs can beat the infosec skills shortage. Here’s how: The information security skills gap may have become a huge issue for Chief Security Offices (CSOs) and Chief Information Security Officers (CISOs), but there are a number of ways InfoSec teams can work around the shortage so to protect their networks and stay ahead of the attackers. CSO, September 2, 2015
Survey says business leaders probably don’t care as much about cybersecurity as they say they do: There’s no shortage of arguments that cybersecurity needs to be aligned with the needs of the business, or that security is now a “boardroom issue.” And it seems that a new report or study is issued every day that states that boards of directors are more involved with their organizations’ cybersecurity efforts than ever before. CSO, September 1, 2015
CEOs Failing to Grasp Information Security Risk: Despite a continuing string of high-profile information security breaches, many organizations’ leadership teams still have a very poor understanding of their own susceptibility to similar failures, asserts a research note from leading analyst Ovum. InfoSecurtiy, August 28, 2015

Cyber Security Management – Cyber Defense

Ashley Madison Breach: 6 Essential Lessons: The hack attack against infidelity online dating site Ashley Madison, which led to massive data leaks, is grabbing more than its share of headlines. But experts say security professionals worldwide, across all sectors, can use the high-profile case to learn some important lessons about safeguarding sensitive data as well as reacting to a data breach. BankInfoSecurity, August 31, 2015
How Adblock Plus could work as malware protection: Last week I discussed one of the pros of ad blockers – how they could significantly reduce the amount of network traffic consumed by pesky advertising, especially auto-playing videos. NetworkWorld, August 19, 2015
Hunting hackers with honeypots: What would it take to gain an upper hand in our efforts to thwart attackers and limit the damage they can cause? IT ProPortal, April 9, 2015

Secure the Village

What Congress Can Learn from the Military About Cybersecurity: When Senators return to Washington, DC this fall, they will take up work on legislation to make it easier for companies to share cybersecurity information with each other and with the government. The future of the bill, the Cybersecurity Information Sharing Act, is uncertain. Beset with concerns over privacy and civil liberties, many past attempts at addressing this issue have failed to reach the President’s desk. Nextgov, September 3, 2015
Governor creates security center to prevent online attacks: SACRAMENTO — Gov. Jerry Brown ordered the creation of a new security center Monday to help California fend off online attacks that could leave the state and its residents vulnerable. SFGate, August 31, 2015

Cyber Underworld

Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them: Hackers have known about unpublicized and unpatched critical security holes in the Firefox web browser for a year or more – all by invading Mozilla’s systems. TheRegister, September 4, 2015
Intel: We underestimated the rise in cybercrime: The global technology landscape was very different in the summer of 2010: Nokia was the leader in smartphone market share, NASA had just signed on with Rackspace to explore cloud computing, and Intel was ready to acquire McAfee to become a heavy hitter in the cybersecurity world. FedScoop, September 1, 2015
Malware’s Stinging Little Secret: What do successful but separate malware attacks against banking customers around the world, as well as the White House and health insurer Anthem, all have in common? BankInfoSecurity, August 17, 2015

Cyber Misc

Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals: A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company’s eponymous chief executive — Eugene Kaspersky — who called the story “complete BS” and noted that his firm was a victim of such activity. But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms. KrebsOnSecurity, September 1, 2015

Cyber Sunshine

Man who helped code highly destructive financial malware pleads guilty: The Latvian man accused of helping create the Gozi virus, which United States prosecutors dubbed “one of the most financially destructive computer viruses in history,” has pleaded guilty. ars technica, September 4, 2015

SecurityRecruiter.com's Security Recruiter Blog