Monday, December 21, 2015

Cybersecurity News and Education for the Week of December 20, 2015





Cyber Crime

Password Thieves Target E-Giftcard Firm Gyft: Digital gift card retailer Gyft has forced a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. KrebsOnSecurity, December 18, 2015
Banks: Card Breach at Landry’s Restaurants: Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s. KrebsOnSecurity, December 17, 2015
Skimmers Found at Some Calif., Colo. Safeways: Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores. KrebsOnSecurity, December 16, 2015

Financial Cyber Security

Banks told to get tough on cybersecurity in 2016: 2016 New York state cybersecurity requirements for banks, expected to be applied country-wide, include multi-factor auth, regular audits and pentests, and exacting third-party vendor cybersecurity scrutiny. ZDNet, December 18, 2015
New York Prepares Cybersecurity Guidance for Banks: Banks should be closely watching pending New York state cybersecurity requirements for banks, which may soon get adapted and applied country-wide. BankInfoSecurity, December 16, 2015

Cyber Privacy

Apple CEO Cook keeps support for unbreakable encryption: SAN FRANCISCO – Apple Chief Executive Officer Tim Cook repeated his strong support for unbreakable encryption technology, despite criticism from global law enforcement agencies that believe the digital tools impede criminal and terrorism investigations. ChicagoTribune, December 18, 2015
BlackBerry CEO rips Apple’s stance on privacy and encryption: BlackBerry, a company whose smartphones most people haven’t bought for years, posted an unusual missive on user privacy and security earlier this week penned by CEO John Chen. What’s particularly strange about Chen’s message is that it seems like he’s both slamming and supporting Apple’s stance on privacy and encryption. BRG, December 17, 2015

Identity Theft

Don’t Be a Victim of Tax Refund Fraud in ’16: With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect you and your family. KrebsOnSecurity, December 14, 2015

Cyber Warning

Juniper Vulnerability, NSA Allegations Raise Broader VPN Security Concerns: Juniper Networks Thursday said it had discovered a major vulnerability in its firewall operating system that could allow hackers to decrypt VPN connections, news that solution providers and security experts said raises broader concerns around VPN security. CRN, December 18, 2015
Outlook “letterbomb” exploit could auto-open attacks in e-mail: Fixed by Microsoft’s latest patches, bug could be “enterprise killer,” says researcher. One of a heaping collection of critical bug fixes pushed out by Microsoft on December 8 as part of the company’s monthly “Patch Tuesday” was an update to the Microsoft Office suite designed to close a vulnerability that would allow an attacker to sneak past Outlook’s security features. While the patch addressed multiple vulnerabilities in the way Office manages objects in memory, the most severe of them allows for remote code execution through a “specially crafted Microsoft Office file,” Microsoft reported. Ars Technica, December 17, 2015

Cyber Security Management

Star Wars: A New Hope – 5 information security lessons: Unless you have literally been living on a remote, desert-like planet in a galaxy, far far away, spending your days looking out over the horizon as two suns start to set, then you might have missed a ridiculous level of buzz about a certain new Star Wars movie. WeLiveSecurity, December 17, 2015
Insider Lessons from Morgan Stanley Breach: New details emerging about a breach involving a former Morgan Stanley employee illustrate how a case of inappropriate access to data can blossom into something much more serious. The case shines a spotlight on the urgent need to mitigate insider threats. BankInfoSecurity, December 14, 2015

Cyber Security Management – Cyber Defense

Machine learning: Cybersecurity dream-come-true or pipe dream?: IT experts agree that machine learning has demonstrated enormous value in enhancing search engine capabilities or in spotting patterns in everything from finance to medicine. But the debate continues about its value in cybersecurity. CSO, December 18, 2015

Secure the Village

Obama Signs Cyberthreat Information Sharing Bill: President Obama has signed legislation to incentivize businesses to share cyberthreat information with the federal government. BankInfoSecurity, December 18, 2015
ISSA Los Angeles Announces the 8th Annual Information Security Summit: LOS ANGELES, CA — (Marketwired) — 12/18/15 — The Eighth Annual Information Security Summit, hosted by ISSA Los Angeles (ISSA-LA), is scheduled to take place on May 19th – May 20th at the Universal City Hilton in California. This elite event, comprised of 2 keynote speakers, several tracks and forums, and four training sessions, will attract an audience of 1,000 of the country’s top public and private sector leaders. Virtual Strategy Magazine, December 18, 2015

National Cyber Security

Former NSA Director Hayden Backs Encryption, Advocates Military Force Against ISIS: Banning encryption is not the solution to defeating the Islamic State group or preventing so-called lone wolf attacks inside the United States, Gen. Michael Hayden, former director of the U.S. National Security Agency and the CIA, said Friday at a conference. The kind of legislation advocated by top U.S. law enforcement officials and various lawmakers would only make Americans’ data less secure, while doing little to stop terrorist communications. IBTimes, December 18, 2015
Restricting encryption is a short-term solution to a long-term problem: The Paris and San Bernardino, Calif., attacks confirm that countries on both sides of the Atlantic are facing — indeed, have been facing for some time — an insidious form of terrorism, largely homegrown. They should spur a serious examination of our approaches to fighting terrorism. The Washington Post, December 18, 2015

Cyber Law

LifeLock Settles FTC Case for $100 Million: In the largest monetary award obtained by the Federal Trade Commission in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers’ personally identifiable information. BankInfoSecurity, December 18, 2015
Wyndham Agrees to Settle FTC Breach Case: Wyndham Worldwide Corp. has agreed to a settlement with the Federal Trade Commission over charges stemming from the hotel chain’s three security breaches in 2008 and 2009 that exposed 619,000 payment cards and other personal information (see FTC Sues Hotel Chain for Card Breaches). BankInfoSecurity, December 9, 2015

Cyber Career

Technology Information Security Field Expanding Rapidly In Los Angeles: Heightened by the frequency and sophistication of cyber-attacks, the number of job opportunities in the field of information security (InfoSec), especially for security analysts, is projected to skyrocket in the coming years. The Bureau of Labor Statistics expects to see more than 27,000 additional specialists nationwide to have already secured employment by 2022. This represents a 37 percent spike in the number of InfoSec workers employed in 2012. Most organizations in Los Angeles depend on skilled professionals to protect their computer networks and systems. Features an interview with David Lam, Citadel VP Technology Management Services. CBS, December 13, 2015

Cyber Politics

Cybersecurity Enters Presidential Debate: Cybersecurity is becoming an issue in the U.S. presidential campaign, finally. That’s good news because IT security, online privacy and Internet availability are critical in our day-to-day lives, and the next president will play a key role in how the nation will secure its digital assets. BankInfoSecurity, December 18, 2015
Hackers are entering the political realm, security expert Bruce Schneier says: A major cyberattack next year will target a U.S. election, security expert Bruce Schneier predicts. CSO, December 18, 2015
DNC Data Breach: What Happened and What It Means for Bernie Sanders’ Campaign: A Bernie Sanders campaign staffer was fired on Wednesday after allegedly accessing data from the Hillary Clinton campaign, and it has created quite a problem for the Sanders campaign. ABC News, December 18, 2015

Cyber Misc

LAUSD Threat Not Immediately Recognizable As Hoax: Cyber Security Expert Michael Zweiback talked to Suzie Suh and Jeff Vaughn about the threat that prompted the unprecedented closure of LAUSD schools. Zweiback is a Member of the Secure the Village Advisory Board, a Partner in the law firm Arent Fox and a former US prosecutor. KCAL, CBS Los Angeles, December 15, 2015.
13 Million MacKeeper Users Exposed: The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even own a Mac, and discovered the data trove merely by browsing Shodan — a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet. KrebsOnSecurity, December 14, 2015

Cyber Sunshine

VTech: Man arrested by cyber crime cops in connection with children’s electronic toy hacks: The suspect, 21, has been detained in Bracknell, Berkshire, this morning by police officers. Miror, December 15, 2015's Security Recruiter Blog