Sunday, November 08, 2015

Cybersecurity News and Education for the Week of November 8, 2015





Cyber Attack

MOST IRONIC ATTACK EVER PLANTS MALWARE ON WEBSITES USING PAGEFAIR AD SERVICE: If you visited any of about 500 websites on Saturday, and also downloaded what looked like an update to Adobe Flash, you may have inadvertently installed malware that makes your Windows PC into a zombie computer on a hacker’s botnet. Even if you did visit the sites, you’re probably safe if you didn’t take the bait and install the malware masquerading as an Adobe Flash update. If you have a Mac, Chromebook, or Android, iOS or Linux machine, you are also probably safe, as the malware seems to have focused on Windows. Just the same, you should follow the standard drill of updating and running your antivirus/anti-malware software. (You do have AV, right?) FastCompany, November 2, 2015

Financial Cyber Security

FFIEC Issues Extortion Attack Alert: The Federal Financial Institutions Examination Council has issued an alert calling on financial institutions to take specific risk mitigation steps in light of an increase in the frequency and severity of cyberattacks involving extortion. BankInfoSecurity, November 4, 2015
Mobile Malware Makes Mobile Banking Treacherous: Kaspersky Lab report shows rate of mobile malware occurrence exploding in Q3. DarkReading, November 2, 2015

Cyber Privacy

Vulnerability Identified in Genomic Data Sharing Network: A vulnerability in a network that processes genomic data could pave the way to some global genetic databases being hacked, and open the door to some serious privacy issues. ThreatPost, November 6, 2015
Anonymous’s KKK ‘leak’ targets the elusive online world of white nationalism: After days of inaccuracies, confusing reports, and false starts, Anonymous’s much-hyped “Operation KKK” finally released a list of — if not the promised 1,000 — hundreds of names and social media accounts, many of which appear to have clear connections to the Ku Klux Klan, or other white supremacy groups. The Washington Post, November 5, 2015

Cyber Fraud

How Carders Can Use eBay as a Virtual ATM: How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder. KrebsOnSecurity, November 3, 2015

Identity Theft

FCC Fines Cox $595K Over Lizard Squad Hack: In September 2014, I penned a column called “We Take Your Privacy and Security. Seriously.” It recounted my experience receiving notice from my former Internet service provider — Cox Communications — that a customer service employee had been tricked into giving away my personal information to hackers. This week, the Federal Communications Commission (FCC) fined Cox $595,000 for the incident that affected me and 60 other customers. KrebsOnSecurity, November 6, 2015
LifeLock Tentatively Settles with FTC: LifeLock says it has reached a tentative agreement on a settlement with the Federal Trade Commission regarding a number of issues, including alleged information security shortcomings. It says it’s also reached agreement on a proposed settlement of a related consumer class action lawsuit. BankInfoSecurity, October 29, 2015

Cyber Warning

A prominent ad-blocker-blocker served malware to Economist readers: One of the web’s most prominent anti-ad-blocking tools has been serving malware to Economist readers. In a message to subscribers, The Economist warned that anyone who visited the site between 11:52PM and 12:15AM GMT on Halloween night may have been exposed to malware. The malware was served as a result of a breach at Pagefair, a tool used to circumvent ad blockers. TheVerge, November 6, 2015
Refined Ransomware Streamlines Extortion: Notably, the gang behind notorious CryptoWall ransomware, which has been tied to at least $325 million in criminal proceeds, has released an updated and more streamlined version of their data-encrypting malware, and more than doubled the ransom they demand to decrypt infected PCs. BankInfoSecurity, November 6, 2015
New Wave of Pay-at-Pump Skimming Attacks: U.S. gas stations should brace for upticks in pay-at-the-pump skimming attacks, experts say. These attacks are expected to surge between now and the end of 2016, as fraudsters shift their attacks away from physical points of sale and more toward unattended self-service terminals, such as self-serve gas pumps and ATMs. BankInfoSecurity, November 3, 2015

Cyber Security Management

Information security processes and procedures vital to business success: Information has become a vital business asset in the digital age, and companies are taking notice. The trend has dramatically changed how companies approach data protection, and requires cooperation from the entire organization to ensure data security, said Nick Merker, an attorney with Ice Miller LLP. SearchCompliance, November 6, 2015
States’ Cyber Security Readiness Presents “Grim Picture” Pell Study Finds: Just eight states of 50 fared decently in a Pell study on their preparedness to deal with current and emerging cyberthreats. DarkReading, November 6, 2015
What The Boardroom Thinks About Data Breach Liability: Most public companies subscribe to cybersecurity insurance of some sort, and 90% say third-party software vendors should be held liable for vulnerabilities in their code. DarkReading, November 6, 2015
What Flu Season Can Teach Us About Fighting Cyberattacks: Cybersecurity doesn’t have to be an arms race towards complexity if we put people front and center of the solution. DarkReading, November 6, 2015
5 Lessons from the TalkTalk Hack: Organizations worldwide can learn some valuable lessons from the most recent hack attack against British telecom company TalkTalk. BankInfoSecurity, November 5, 2015
Drowning in a sea of cybersecurity tools?: Here’s how to conquer the steady stream of new technologies and find the best security tools beyond point solutions. SearchSecurity, November 6, 2015

Cyber Security Management – Cyber Defense

2015 worst year in history for Mac malware: While Mac users have enjoyed a computing experience largely free of viruses and trojans, the last year has seen a turning point in fortunes. SC Magazine, November 2, 2015
There have been more malware attacks on Macs this year than the last five years combined: It’s no secret that Mac owners have historically enjoyed fewer viruses and malware attacks than their PC counterparts. Business Insider, November 1, 2015

Cyber Education

Local Kids Learn How To Prevent Cyber Crime: More than half of adolescents and teens have been bullied online. October marks National Bullying Prevention month, and L.A.-based experts are teaching kids tips to stay safe from cyberbullying and other cybercrimes. ATVN, October 29, 2015

National Cyber Security

Cybersecurity: Tech, tools and training to safeguard the future: Cybersecurity is one of the defining issues of our time. Can we keep our networks, devices and critical systems open, safe, and secure while maintaining personal privacy? Cutting-edge, NSF-supported social and technical research — as well as education and workforce development programs — are helping protect our national, and personal, security. National Science Foundation

Cyber Law

Steptoe Cyberlaw Podcast, Episode #87: An Interview with Ari Schwartz: What good is CISA, anyway? Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good. But what are those changes, and how much difference will they make to network defenders? Lawfare, November 4, 2015

Cyber Misc

TalkTalk, Script Kids & The Quest for ‘OG’: So you’ve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inbox’s recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity. KrebsOnsecurity, November 5, 2015
Hackers Claim Million-Dollar Bounty for iOS Zero Day Attack: HACKING APPLE’S IOS isn’t easy. But in the world of cybersecurity, even the hardest target isn’t impossible—only expensive. And the price of a working attack that can compromise the latest iPhone is apparently somewhere around $1 million. Wired, November 2, 2015's Security Recruiter Blog