Monday, February 01, 2016

Cybersecurity News and Cybersecurity Education for the Week of January 31, 2016





Cyber Crime

Wendy’s Probes Reports of Credit Card Breach: Wendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. The acknowledgment comes in response to questions from KrebsOnSecurity about banking industry sources who discovered a pattern of fraud on cards that were all recently used at various Wendy’s locations. KrebsOnSecurity, January 27, 2016

Cyber Attack

‘Critical’ Israel power grid attack was just boring ransomware: The SANS Institute has moved to quell reports that Israel’s energy grid has been hit by malware, revealing instead that the attacks were ransomware infecting the nation’s utility regulatory authority. The Register, January 28, 2016

Financial Cyber Security

DDoS Attack Slams HSBC: Britain’s HSBC, which is one of the world’s largest banks, is warning customers that it’s been targeted by distributed denial-of-service attacks that continue to disrupt customers’ access to online banking services. BankInfoSecurity, January 29, 2016

Cyber Privacy

Why Proposed State Bans on Phone Encryption Are Moronic: American politics has long accepted the strange notion that just a pair of states—namely Iowa and New Hampshire—get an outsize vote in choosing America’s next president. The idea of letting just two states choose whether we all get to have secure encryption on our smartphones, on the other hand, has no such track record. And it’s not a plan that seems to make much sense for anyone: phone manufacturers, consumers, or even the law enforcement officials it’s meant to empower. Slate, January 29, 2016
US police contracts and private forum posts dumped online: A data dump covering hundreds of police contracts and thousands of private forum posts by US law enforcement officers has been posted online. TheRegister, January 29, 2016
Consumers are increasingly concerned about privacy and they’re acting on it: More Americans are concerned about not knowing how the personal information collected about them online is used than losing their principal source of income. HelpNetSecurity, January 29, 2016
Skype Now Hides Your Internet Address: Ne’er-do-wells have long abused a feature in Skype to glean the Internet address of other users. Indeed, many shady online services that can be hired to launch attacks aimed at knocking users offline bundle so-called “Skype resolvers” that let customers find a target’s last known location online. At long last, Microsoft says its latest version of Skype will hide user Internet addresses by default. KrebsOnSecurity, January 25, 2016

Identity Theft

Report identity theft and get a recovery plan: can help you report and recover from identity theft., January 29, 2016
FTC: Tax Fraud Behind 47% Spike in ID Theft: The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud. The announcement coincided with the debut of a beefed up FTC Web site aimed at making it easier for consumers to report and recover from all forms of ID theft. KrebsOnSecurity, January 28, 2016

Cyber Warning — Consumer

Two-thirds of Android users vulnerable to web history sniff ransomware: Miscreants have put together an especially pernicious strain of Android ransomware that threatens to bare your browsing history. TheRegister, January 29, 2016
60+ Trojanized Android games lurking on Google Play: Dr. Web researchers have discovered over 60 Trojanized game apps being offered on Google Play through more than 30 different game developer accounts. HelpNetSecurity, January 29, 2016

 Cyber Update — Consumer

Data Theft Hole Identified in LG G3 Smartphones: A group of researchers are encouraging any smartphone users who own an L3 G3 to upgrade their devices after coming across a serious security vulnerability. ThreatPost, January 29, 2016
Oracle Pushes Java Fix: Patch It or Pitch It: Oracle has shipped an update for its Java software that fixes at least eight critical security holes. If you have an affirmative use for Java, please update to the latest version; if you’re not sure why you have Java installed, it’s high time to remove the program once and for all. KrebsOnSecurity, January 26, 2016

Cyber Threat

27% of all malware variants in history were created in 2015: Last year was a record year for malware, according to a report from Panda Security, with more than 84 million new malware samples collected over the course of the year. CSO, January 29, 2016

Cyber Security Management

British Businesses ‘still na├»ve to the risks of cybercrime’: Close to half (44%) of all businesses in the UK are of the opinion that they are safe from cybercrime, according to new research. WeLiveSecurity, January 29, 2016

Cyber Security Management – Cyber Defense

Compromised enterprise networks fuel 236 percent increase in viruses and worms: Solutionary performed a broad analysis of the threat landscape, which uncovered several key findings. One of the most compelling finding links the rapid growth (236 percent) in viruses and worms from Q3-Q4 – which often indicates successfully compromised enterprise networks – to the free fall (88 percent decrease) in reconnaissance activity between Q2 and Q4 of 2015. HelpNetSecurity, January 29, 2016
ORACLE TO KILL JAVA BROWSER PLUGIN: It’s the end of an era. Oracle has announced its intent to nail the coffin shut on the Java browser plugin. ThreatPost, January 28, 2016

Cyber Security Management – Cyber Update For IT

Cisco patches authentication, denial-of-service, NTP flaws in many products: Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. PCWorld, January 29, 2016
OpenSSL bug that could allow traffic decryption has been fixed: The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of the protection against the infamous Logjam vulnerability. Help Net Security, January 29, 2016

Cyber Awareness

The computer virus that blackmails you: Ransomware is the fastest growing form of computer malware, experts warn. BBC, December 14, 2015

Cyber Politics

Presidential hopeful John Kasich: Work out encryption backdoors in backroom deals: Presidential candidate Gov. John Kasich thinks granting encryption backdoors is something that ought to be worked out in private by the president. NetworkWorld, January 29, 2016

National Cyber Security

NSA faces congressional probe over Juniper back door vulnerability: US lawmakers have launched an investigation following the discovery of unauthorized code in firewall software from Juniper Networks. The probe will examine the possibility that the software was altered by the National Security Agency. RT, January 29, 2016

Internet of Things

FDA releases draft guidelines to improve cybersecurity in medical devices: There’s no doubt that the global Internet of Things (IoT) healthcare market is growing. NakedSecurity, January 29, 2016's Security Recruiter Blog