Tuesday, September 15, 2015

Cyber Security News and Education for the Week of September 14, 2015





Cyber Crime

Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach: Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records. Dark Reading, September 10, 2015

Cyber Privacy

Hacking Victims Deserve Empathy, Not Ridicule: Every day for nearly two weeks, Troy Hunt, an Australian Internet security expert, has opened up his computer to find a plea for help from someone on the edge. The New York Times, September 2, 2015
Windows 10 Privacy Issues Extend To Windows 8.1, 7: How To Stop Microsoft From Collecting More Of Your Data: One of the major concerns of users upgrading to Windows 10 has been Microsoft encroaching on their privacy owing to the default data collection and usage tracking features. Tech Times, August 30, 2015

Financial Cyber Security

Spy Chief Warns About Hackers Disrupting Financial Markets: Hacking attacks designed to alter electronic data, rather than steal it, may grow more common as terrorists and criminals seek to undermine financial markets, the head of U.S. intelligence warned lawmakers. Bloomberg, September 10, 2015

Identity Theft

WHY DO HACKERS WANT YOUR HEALTH DATA?: Yesterday, major health insurance providers Lifetime Healthcare Companies and its subsidiary BlueCross BlueShield announced that they had been hacked, affecting a total of 10.5 million patients. These aren’t the first healthcare companies to be hacked this year, and they certainly won’t be the last; though data breaches have become an unfortunate reality for many companies, health information is especially at risk. Popular Science, September 10, 2015

Cyber Warning

Website hackers hijack Google webmaster tools to prolong infections: Hackers who compromise websites are also increasingly verifying themselves as the owners of those properties in Google’s Search Console. Under certain circumstances this could allow them to remain undetected longer than they otherwise would be, researchers warn. PC World, September 11, 2015
Dumb PIN-reset Android malware found in the wild: Aggressive Lockerpin ransomware seizes admin control and changes PIN code to something that even the attackers don’t know. SC Magazine, September 10, 2015
An Overnight Sensation — CoreBot Returns as a Full-Fledged Financial Malware: Just last month, Security Intelligence warned about a new and modular Trojan called CoreBot, indicating its internal structure suggested a new threat about to evolve. Security Intelligence, September 10, 2015
Android Porn malware takes your photo, demands $500 ransom: Stay away from the Android app named “Adult Player” which is an app promising free pornographic videos. After downloading the app and accepting its permissions, it immediately snaps photos using your phone’s front-facing camera, locks your phone to prevent access from normal use, and demands a $500 ransom be paid through PayPal to restore your access and delete your picture. Phandroid, September 7, 2015
Zero-Day Vulnerabilities Found In Kaspersky, FireEye Anti-Virus Software: Two Researchers Reveal Major Flaws In Security Products: While it may be Labor Day holiday in the United States, two popular anti-virus software companies are doing anything but resting. Over the weekend, researchers revealed zero-day vulnerabilities in the software of both Kaspersky and Fire-Eye – two leading security research and anti-virus software companies. iDigitalTimes, September 7, 2015

Cyber Security Management

MIT, Cambridge, Other Universities Get D’s In Internet Security: Colleges — especially large, high-profile institutions — are facing more cybercrime and nation-state activity. Dark Reading, September 10, 2015
8 Cybersecurity Mistakes Businesses Make-and How to Fix Them: Here are valuable takeaways from a discussion between Joseph Steinberg, CEO of SecureMySocial, and Malcolm Marshall, global head of Cyber Security at KPMG. Inc., September 7, 2015
The Sky Isn’t Falling in IT Security, as Some Might Suggest: Reporting on cyber-security can be a somewhat depressing endeavor—given the seemingly endless onslaught of exploits, breaches and statistics that preach doom and gloom on a daily basis. The truth, however, is that modern cyber-security is not all darkness. eWeek, September 5, 2015
INFORMATION SECURITY TALENT SHORTAGE IS AT THE SENIOR LEVEL, SURVEY FINDS: The real problem with the perceived talent shortage in information security is retention and churn at the higher levels, according to a survey by IT and security executive networking firm T.E.N. and International Data Corporation. Staffing Industry Analysts, August 28, 2015

Cyber Security Management – Cyber Defense

Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked: When the Ashley Madison hackers leaked close to 100 gigabytes’ worth of sensitive documents belonging to the online dating service for people cheating on their romantic partners, there seemed to be one saving grace. User passwords were cryptographically protected using bcrypt, an algorithm so slow and computationally demanding it would literally take centuries to crack all 36 million of them. ars technica, September 10, 2015
Insurance requirements can drive stronger cybersecurity, Treasury official says: The insurance industry has a key role to play in helping U.S. companies strengthen cybersecurity, a senior Treasury Department official said Thursday. The Washington Post, September 10, 2015
Pro tip: Reboot Android into safe mode for easy malware removal: If your Android device is infected with malware that’s preventing you from using your device, Jack Wallen can help you boot into Android’s safe mode. TechRepublic, September 7, 2015

Cyber Security Management – Cyber Update

Microsoft Pushes a Dozen Security Updates: Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system. Five of the patches fix flaws that could get PCs compromised with little to no help from users, and five of the bulletins have vulnerabilities that were publicly disclosed before today (including one that reportedly has been detected in exploits in the wild). Separately, Adobe is pushing a security update for its Shockwave Player – a browser plugin that I’ve long urged readers to junk. KrebsOnSecurity, September 8, 2015

National Cyber Security

FBI, intel chiefs decry “deep cynicism” over cyber spying programs: WASHINGTON, DC – On a stage in a ballroom in the Walter Washington Convention Center on September 10, the heads of the United States’ intelligence community gathered to talk about the work their agencies perform and the challenges they face—or at least as much as they could in an unclassified environment. But the directors of the Federal Bureau of Investigations, the Central Intelligence Agency, and the National Security Agency also had one particular mission in mind as they took the stage at the Intelligence & National Security Summit, an industry event largely attended by government officials and contractors: stopping the poisoning of the public debate around their missions, and especially around the issue of encryption, by unreasonable haters. ars technica, September 11, 2015
Cyber crime: states use hackers to do digital dirty work: A new breed of sophisticated hacker is emerging as one of the most worrisome digital adversaries for western intelligence chiefs: cyber privateers. Financial Times, September 4, 2015

Cyber Law

FireEye takes security firm to court over vulnerability disclosure: A spat between two security companies shows just how sensitive reporting software vulnerabilities can be, particularly when it involves a popular product. CIO, September 10, 2015
Sony Hacking Class Action Lawsuit Reaches Settlement: Ten months after the studio was ripped apart by a massive hack attack and thousands of employees’ personal information ended up exposed online, Sony Pictures has reached a tentative deal to end the lawsuits stemming from the breach. Deadline, September 2, 2015

Cyber Insurance

Cybercrime by wire fraud – what’s covered?: Perhaps the only thing worse than falling victim to a business email compromise or “CEO fraud” that results in millions of dollars in wire fraud theft – is wondering whether your insurance will cover any of the loss. CSO, September 1, 2015

Cyber Misc

GM Took 5 Years to Fix a Full-Takeover Hack in Millions of OnStar Cars: WHEN A PAIR of security researchers showed they could hack a Jeep over the Internet earlier this summer to hijack its brakes and transmission, the impact was swift and explosive: Chrysler issued a software fix before the research was even made public. The National Highway Traffic and Safety Administration launched an investigation. Within days Chrysler issued a 1.4 million vehicle recall. Wired, September 10, 2015
Fiat Chrysler recalls more cars to thwart hackers: Fiat Chrysler Automobiles has ordered the second recall in two months in order to install software that protects against computer hackers. USA Today, September 6, 2015

Cyber Sunshine

Arrests Tied to Citadel, Dridex Malware: Authorities in Europe have arrested alleged key players behind the development and deployment of sophisticated banking malware, including Citadel and Dridex. The arrests involved a Russian national and a Moldovan man, both of whom were traveling or residing outside of their native countries and are now facing extradition to the United States. KrebsOnSecurity, September 7, 2015

SecurityRecruiter.com's Security Recruiter Blog