Sunday, December 27, 2015

Cybersecurity News and Education for the Week of December 27, 2015


CYBERSECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber Crime

The Year’s 11 Biggest Hacks, From Ashley Madison to OPM: EVERY YEAR HACK attacks seem to get worse—whether in their sophistication, breadth, or sheer brazenness. This year was no different. Big hacks hit a range of high-profile targets, from the web’s leading adultery website to the federal Office of Personal Management. We’re also ending 2015 with a doozy of a hack mystery: Juniper Networks discovered two unauthorized backdoors in its NetScreen firewalls, one of which would allow the unknown hackers to decrypt protected traffic passing through the firm’s VPN/firewall. Wired, December 23, 2015
Malware-Driven Card Breach at Hyatt Hotels: Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. KrebsOnSecurity, December 23, 2015
2015 Ransomware Wrap-Up: Here’s a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year. DarkReading, December 12, 2015

Cyber Privacy

Apple Pushes Against British Talk of Softening Encryption: WASHINGTON — With governments threatening crackdowns on encrypted communications after the jihadist-inspired attacks in San Bernardino, Calif., and Paris, Apple on Monday pushed back hard, arguing that lawmakers who talk about gaining court-ordered access to iPhone communications do not understand the technology. The New York Times, December 21, 2015
How to Destroy a Hard Drive—Permanently: This time last week FBI divers were searching Seccombe Lake, a freshwater lake about three kilometers from the Inland Regional Center, the site of December 2 shooting that left 14 dead and 22 injured. Reports indicated that shooters Tashfeen Malik and Syed Rizwan Farook had ditched their laptop hard drive, which may contain e-mails and other evidence, in the murky water around the time of the attack. Scientific American, December 18, 2015

Cyber Threat

A Hidden Insider Threat: Visual Hackers: Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts. DarkReading, December 23, 2015
Survey: When Leaving Company, Most Insiders Take Data They Created: Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door. DarkReading, December 23, 2015

Cyber Warning

THE TOP THREE ONLINE SECURITY MENACES YOU SHOULD WORRY ABOUT IN 2016: It’s hard to know what the future will bring—unless you’re talking about online security. “We rarely see things that just sort of appear out of nowhere,” says Ryan Olson, intelligence director at enterprise security company Palo Alto Networks. FastCompany, December 23, 2015
Security Vendors Report Uptick in Whaling, Phishing Scams: Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs. DarkReading, December 23, 2015

Cyber Security Management

5 information security trends that will dominate 2016: Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2016, information security professionals must understand these five trends. CIO, December 21, 2015

Cyber Security Management – Cyber Defense

Expect Phishers to Up Their Game in 2016: Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it. KrebsOnSecurity, December 23, 2015
Juniper updates list of vulnerable enterprise firewall OS versions: Juniper revised the list of ScreenOS versions that contain a backdoor allowing attackers to bypass authentication and gain administrative access to NetScreen enterprise firewall devices. InfoWorld, December 21, 2015
Two Factor Auth (2FA): List of websites and whether or not they support 2FA. twodactorauth.org

National Cyber Security

Who Backdoored Juniper’s Code?: The U.S. government is reportedly investigating newly discovered “unauthorized code” in the firmware that runs the NetScreen firewalls built by Sunnyvale, Calif.-based technology giant Juniper Networks. The code, which was somehow added to the firmware in 2012, would allow an attacker to remotely gain access to any vulnerable device as well as decrypt VPN traffic flowing across the device, potentially without leaving any trace. BankInfoSecurity, December 21, 2015
2015: The Year That Was in Information Security: We’re wrapping up quite a year in the world of cybersecurity! As we entered 2015, the world was just winding down from the political drama surrounding the Sony Pictures breach, believed by some to be an act of cyberwarfare waged by North Korea. That news set the stage for the ensuing 12 months of high-profile stories, some attracting attention from the mass media and others quietly unfolding within the information security community. Let’s take a look at 10 of the most impactful events that affected information security this year. GoCertify, December 21, 2015

Cyber Law

How does the Cybersecurity Act of 2015 change the Internet surveillance laws?: The Omnibus Appropriations Act that President Obama signed into law last week has a provision called the Cybersecurity Act of 2015. The Cyber Act, as I’ll call it, includes sections about Internet monitoring that modify the Internet surveillance laws. This post details those changes, focusing on how the act broadens powers of network operators to conduct surveillance for cybersecurity purposes. The upshot: The Cyber Act expands those powers in significant ways, although how far isn’t entirely clear. Washington Post, December 24, 2015
Oracle, LifeLock Settle FTC Deception Charges: The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers about security. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle’s legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software. KrebsOnSecurity, December 21, 2015
Obama Signs Cyberthreat Information Sharing Bill: President Obama has signed legislation to incentivize businesses to share cyberthreat information with the federal government. BankInfoSecurity, December 18, 2015

Cyber Misc

ESET predictions and trends for cybercrime in 2016: It’s that time of the year when the information security industry takes part in its annual tradition: coming up with cybercrime predictions and trends for the next 12 months. These lists usually range from the mundane to the bizarre, to the lighthearted and the dire (perhaps depending on the predictors’ consumption of eggnog and/or dystopian sci-fi media). Many have about as much accuracy as one might expect of people who are experts but not psychics. Still, you never know. WeLiveSecurity, December 23, 2015
Steptoe Cyberlaw Podcast – Interview with Mike Daugherty: With Wyndham’s surrender to the FTC after a brutal court of appeals opinion, the last outpost of resistance to the FTC’s cybersecurity agenda is Mike Daugherty, CEO of LabMD. Daugherty refused to take the easy road and enter into a consent decree with the FTC to settle its claim that the company’s security was insufficient because of a file-sharing program installed on the corporate network. That decision has cost Daugherty his company. LabMD has ceased operations. And it took him on an extraordinary odyssey through Washington that he has described in his book, The Devil Inside the Beltway, and speeches. I caught up with Mike at the Black Hat Executive Summit where we were both speakers, and he kindly agreed to a short interview describing some of that odyssey. Steptoe Cyberblog, December 21, 2015
Steptoe Cyberlaw Podcast – Interview with Rod Beckstrom: Our guest for episode 93 is cybersecurity’s Renaissance Man. Rod Beckstrom started DHS’s National Cybersecurity Center, then headed ICANN; before and after those gigs, he was a Silicon Valley investor and officer in security startups as early as the 1990s and as recently as this year. Our interview spans Rod’s career and what it has taught him about security, privacy, law, and government. Steptoe Cyberblog, December 15, 2015

Cyber Sunshine

U.S. Says Hacker Stole IDs and Unreleased Scripts From Host of Celebrities: An email popped into the inbox of a famous radio host this month, sent by a young man from the Bahamas, with an offer he hoped would turn the head of even an industry veteran: scripts for the first six episodes of a coming season of a hit television drama, the last of which was currently being filmed. The New York Times, December 22, 2015

SecurityRecruiter.com's Security Recruiter Blog