Sunday, November 15, 2015

Cybersecurity News and Education for the Week of November 15, 2015





Identity Theft

10 Ways to Protect Yourself From Identity Theft During the Holidays: With all the extra shopping you’re going to be doing as we approach the holidays, it’s more important than ever to protect your money and your identity. Thieves are prowling for your digits as you make online purchases, connect to your bank over Wi-Fi or share photos over social media. US News and World Report, November 10, 2015

Cyber Warning

Healthcare Apps, WordPress Most Popular Web Attack Targets: No application escaped without a Shellshock attack in 2015, either, report finds. DarkReading, November 12, 2015
Customers are complaining that some tablets for sale on Amazon are loaded with malware: Some tablets being sold on Amazon are apparently coming with pre-installed malware on them, and can delete users’ apps and force them to look at unwanted adverts. Business Insider, November 10, 2015
Apple pulls popular Instagram client ‘InstaAgent’ from iOS App Store after malware discovery: A popular Instagram profile analyzer was on Tuesday pulled from the iOS App Store after being outed as malware by a German developer who found the app harvesting usernames and passwords. Apple Insider, November 10, 2015
Phishing Scam Targets Apple Users: “Good things come to those who bait.” That’s one phishing attack truism, courtesy of the Verizon 2015 Data Breach Investigations Report, released earlier this year, which warns that fake emails continue to be a favorite tool of cybercriminals and nation-state attackers. Despite widespread knowledge of the problem, the median time between a phishing campaign starting and at least one victim clicking an attachment is just 82 seconds. BankInfoSecurity, November 9, 2015
Ransomware Now Gunning for Your Web Sites: One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption. A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom. KrebsOnSecurity, November 9, 2015

Cyber Security Management

5 Secrets to Security Success: If there was a self-help book for the information security community, the title might be: “What Got You Here Won’t Get You There.” BankInfoSecurity, November 12, 2015
Solving Security: If You Want Something New, Stop Doing Something Old: Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite. DarkReading, November 12, 2015
Information security processes and procedures vital to business success: Information has become a vital business asset in the digital age, and companies are taking notice. The trend has dramatically changed how companies approach data protection, and requires cooperation from the entire organization to ensure data security, said Nick Merker, an attorney with Ice Miller LLP.Information security processes and procedures vital to business success. SearchCompliance, November 6, 2015
Mature & Unconfident: The Best Information Security Teams Ever!: Security through maturity and humility is a workable philosophy with proven results for organizations that are willing to give it a try. Here’s why. Dark Reading, November 5, 2015

Cyber Security Management – Cyber Defense

Hackers’ sale of Comcast log-ins reminds us to change our password habits: Hackers offered 200,000 customer passwords for sale online, forcing Comcast to send reset notices to many users. The lesson? We all need to get a lot smarter about Internet security. CNet, November 10, 2015

Cyber Security Management – Cyber Update

Critical Fixes for Windows, Adobe Flash Player: For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software. The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software. KrebsOnSecurity, November 11, 2015

Secure the Village

The Lingering Mess from Default Insecurity: The Internet of Things is fast turning into the Internet-of-Things-We-Can’t-Afford. Almost daily now we are hearing about virtual shakedowns wherein attackers demand payment in Bitcoin virtual currency from a bank, e-retailer or online service. Those who don’t pay the ransom see their sites knocked offline in coordinated cyberattacks. This story examines one contributor to the problem, and asks whether we should demand better security from ISPs, software and hardware makers. KrebsOnSecurity, November 12, 2015

Financial Cyber Security

FFIEC Updates Cybersecurity Expectations for Boards: The Federal Financial Institutions Examination Council’s updated guidance for bank examiners, released this week, stresses that executives and boards of directors must approve IT plans that contain strategies for addressing emerging and ongoing cyber threats. BankInfoSecurity, November 13, 2015

National Cyber Security

Cybersecurity Questions Anderson Cooper And Megyn Kelly Should Ask The Presidential Candidates: Here’s a call out to Cooper and Kelly – two the most popular media figures covering the Republican and Democratic front runners: Get the candidates talking about cybersecurity. Forbes, November 13, 2015
The Cyberthreat Under the Street: Within the last year there have been 16 so-called fiber cuts in the San Francisco Bay Area. According to the F.B.I., someone or some group has been going through manholes to sever fiber optic cables that supply telecommunications to large sections of the region, which is home to technology companies, academic institutions and Lawrence Livermore National Laboratory, overseer of the nation’s nuclear weapons. The New York Times, November 7, 2015

Cyber Underworld

Cherry Picker POS Malware Has Remained Hidden For Four Years: Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave. DarkReading, November 12, 2015

Cyber Career

How to Succeed at Information Security: Developing a successful information security career requires excellent technical acumen as well as the ability to understand the impact that security policies have on people, says Gurdeep Kaur, a chief security architect at financial services heavyweight AIG. BankInfoSecurity, November 4, 2015

Cyber Misc

Despite Record $250 Million Tenable Investment There Is ‘No Cybersecurity Bubble’: Venture capitalists have declared there is no cybersecurity bubble despite some epic investments in industry start-ups this year, peaking with a huge $250 million round raised by Tenable. It’s believed to be a record round for a cybersecurity firm. Forbes, November 10, 2015

Cyber Sunshine

Arrests in JP Morgan, eTrade, Scottrade Hacks: U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation’s biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade. KrebsOnSecurity, November 10, 2015's Security Recruiter Blog