Sunday, October 04, 2015

Cyber Security News and Education for the Week of October 4, 2015





Cyber Crime

Scottrade Breach Hits 4.6 Million Customers: Welcome to Day 2 of Cybersecurity (Breach) Awareness Month! Today’s awareness lesson is brought to you by retail brokerage firm Scottrade Inc., which just disclosed a breach involving contact information and possibly Social Security numbers on 4.6 million customers. KrebsOnSecurity, October 2, 2015
Banking Group Marks Cybersecurity Month by Disclosing a Hack: The American Bankers Association, the financial-industry lobbying giant that wants laws forcing retailers to improve data protection, made two announcements Thursday: It’s observing National Cybersecurity Awareness Month. And hackers have breached its system. Bloomberg, October 2, 2015
Hackers dump data for 2.3 million Patreon users online: Crowdfunding site Patreon revealed earlier this week that it had recently been hacked, compromising the email addresses, usernames, and shipping addresses of its users. Since then, the hackers have dumped the data online, revealing the personal information of about 2.3 million users in the process. The Verge, October 2, 2015
Experian Hack Slams T-Mobile Customers: Credit services provider Experian says one of its servers, which stored personal information for some 15 million customers of mobile communications provider T-Mobile USA, has been breached. BankInfoSecurity, October 1, 2015
Banks: Card Breach at Hilton Hotel Properties: Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims. KrebsOnSecurity, September 25, 2015

Financial Cyber Security

As Online Data Theft Escalates, Banks Look to Retailers to Bear the Losses: On Sept. 1 last year, the website Rescator, known as the “ of the black market,” alerted its customers that huge quantities of stolen debit and credit card data would go on sale the next day. The New York Times, September 28, 2015

Cyber Threat

Interpol: Cyber Crime from Russia, E. Europe Expands: Cyber crime originating from Russia and Eastern Europe is increasing in both scale and sophistication, according to a senior Italian police investigator. The Washington Free Beacon, October 2, 2015
Insider Threats Responsible for 43% of Data Breaches: Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental. InfoSecurity, September 25, 2015

Cyber Warning

Ghost Push malware evolves in Android app infection spree: Over 20 new variants of the malware in the wild embedded in Android apps are able to root devices and compromise systems. ZDNet, October 1, 2015
Stagefright 2.0 vulnerability is here — your Android device is probably at risk: Holy cow, Google, what the heck is going on here? Android should have been a Utopian-like Linux-based operating system that was secure and available to all. Unfortunately, the only things being made available to the masses are vulnerabilities. Quite frankly, the search giant is giving Linux a bad name. BetaNews, October 1, 2015
How to evade Apple’s anti-malware Gatekeeper in OS X and really ruin a fanboy’s week: The myth that Macs are inherently more secure than Windows PCs has taken another hit. The Register, October 1, 2015

Cyber Update

VeraCrypt Patched Against Two Critical TrueCrypt Flaws: TrueCrypt may be a fond memory for most of its users, but that hasn’t stopped researchers and hackers from poking about the open source encryption software. ThreatPost, September 28, 2015

Cyber Security Management – Governance

The Top 10 Priorities For Your Information Governance Program: The title, of course, begs the question: does your business even have an Information Governance Program? If not, you should get one—quick. Written by Secure The Village Advisory Board Members Pat Fraioli and Harrison Fitch. JDSUPRA, July 9, 2015

Cyber Security Management – Cyber Awareness

Creating a Culture of Information Security: I’ve often said to security teams I’ve led over the years, “You never want to waste a crisis,” and today’s headlines are filled with one security crisis after another. With high-profile breaches occurring in virtually every type of organization — from retail to healthcare to online dating — data security is top-of-mind for even the most casual users of technology. Dell Power More, September 30, 2015

Secure the Village

October is National Cyber Security Awarness Month: National Cyber Security Awareness Month (NCSAM) – celebrated every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. StaySafeOnline, October 2015

National Cyber Security

Steptoe Cyberlaw Podcast, Episode #82: An Interview with Jim Lewis: Cyberlaw negotiations are the theme of episode 82, as the US and China strike a potentially significant agreement on commercial cyberespionage and Europeans focus on tearing up agreements with the US and intruding on US sovereignty. Moderator: Stewart Baker. Lawfare, October 1, 2015

Cyber Underworld

ATM Skimmer Gang Firebombed Antivirus Firm: It’s notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs. KrebsOnSecurity, September 29, 2015
With Stolen Cards, Fraudsters Shop to Drop: A time-honored method of extracting cash from stolen credit cards involves “reshipping” scams, which manage the purchase, reshipment and resale of carded consumer goods from America to Eastern Europe — primarily Russia. A new study suggests that some 1.6 million credit and debit cards are used to commit at least $1.8 billion in reshipping fraud each year, and identifies some choke points for disrupting this lucrative money laundering activity. KrebsOnSecurity, September 28, 2015

Cyber Insurance

Home Depot cyber attack costs could reach into the billions: The September data breach of Home Depot last year is now being used as an example of the astronomical expenses attached to cyber risk, at a time when few insurers are prepared to cover it. Insurance Business, October 1, 2015

Cyber Misc

Intel Security Reveals Armin van Buuren As The Most Dangerous Cyber Celebrity of 2015: SANTA CLARA, Calif. — Sept. 29, 2015 — Electronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates the most dangerous search results. The Intel Security Most Dangerous Celebrities™ study revealed that searches for certain musicians and comedians tend to expose Internet searchers to more possible viruses and malware. McAfee, September 29, 2015
Stop Googling. Let’s Talk: COLLEGE students tell me they know how to look someone in the eye and type on their phones at the same time, their split attention undetected. They say it’s a skill they mastered in middle school when they wanted to text in class without getting caught. Now they use it when they want to be both with their friends and, as some put it, “elsewhere.” The New York Times, September 26, 2015's Security Recruiter Blog