Monday, July 11, 2016

Cybersecurity News for the Week of July 10, 2016



Individuals at Risk

Identity Theft

Facebook, Twitter and LinkedIn become ‘hunting grounds’ as identity theft surges by 57%: The number of people falling victim to identity theft in the UK has risen by 57% during 2015, according to new figures released by fraud prevention service Cifas. Based on data gathered from 261 companies in the UK, Cifas has found that social media sites such as Facebook, Twitter, LinkedIn and other online platforms have become “hunting grounds” for identity fraudsters looking to steal someone’s personal information and money, particularly that of youngsters. IBTimes, July 5, 2016

Cyber Privacy

Hacker publishes Baton Rouge database of personal police information over killing of Alton Sterling: @0x2Taylor, somebody who describes himself as a “Security Researcher,” is claiming responsibility for having published a database listing names and contact information for 50,000 police in Baton Rouge, just days after the fatal shooting of a black man in that city sparked more #BlackLivesMatter rage and a civil rights investigation from the Justice Department. NakedSecurity, July 8, 2016
Facebook is chipping away at privacy – and my profile has been exposed: Quietly, over the last year, Facebook has killed the concept of a private account. The Guardian, June 29, 2016

Cyber Danger

User diligence required as malware masquarades as legitimate Firefox update: Click-ad-fraud Kovter malware, packaged as a legitimate Firefox browser update, is being delivered to unsuspecting victims via drive-by-download attacks. HelpNetSecurity, July 8, 2016
Three Mac Trojans discovered; Target webcams, passwords, encryption keys: After taking a hiatus, Mac malware is suddenly back, with three newly discovered strains that have access to Web cameras, password keychains, and pretty much every other resource on an infected machine. ars technica, July 6, 2016
HummingBad malware infects 10m Android devices, steals information, installs bad apps & clicks on ads: Over 10m Android devices have been infected with a new piece of malware called HummingBad, according to security firm Check Point. TheGuardian, July 6, 2016
2016 Dell Security Report shows cyber-thieves creating an increasing volume of malware for Android: The explosive growth of mobile endpoints in the workplace has caused concern for IT teams since day one. After all, mobile devices are easily lost or stolen, and it’s difficult to keep employees from logging into unsecure networks once they’re off your campus. InfoSecurity Magazine, July 4, 2016
Study: Half of Live-Streaming Ads are Malicious: Next time you look to live-stream sports, a concert or pretty much anything online, you better proceed with caution: according to a giant study of web sites offering free live-streaming, as many as 50% of video overlay ads on those sites carry malware, or otherwise open viewers up to personal data theft and scams. MESA, June 19, 2016

Cyber Update

Google fixes over 100 flaws in Android, many in chipset drivers: Google released a new batch of Android patches on Wednesday, fixing more than 100 flaws in Android’s own components and in chipset-specific drivers from different manufacturers. ComputerWorld, July 6, 2016
Symantec & Norton Security Products Contain Extremely Critical Vulnerabilities; Update Now: Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT, July 5, 2016

Cyber Defense

How to set up two-step verification on Twitter: We’ve been reviewing why two-factor authentication (2FA) is so important, and how to set it up on various websites and services you might commonly use. When 2FA is available, it’s a great feature to enable to help secure your account, and thankfully it’s becoming more and more common on a number of popular sites. NakedSecurity, July 8, 2016

Information Security Management in the Organization

Information Security Management & Governance

KPMG reports business unprepared as cybercrime kingpins winning online security arms race: Cybercrime is getting bigger and more organized. It’s time to throw out the idea of the lone-wolf attacker. ZDNet, July 5, 2016
The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges: “If you always do what you’ve always done, you’ll always get what you’ve always got.” This kernel of wisdom comes from a certain high-tech headhunter in the late 1980s, who passed it on as she was helping her candidates prepare for their next job. Twenty years later, it showed up again in “What Got You Here Won’t Get You There,” a best-selling business book by Marshall Goldsmith. SecurityIntellegence, July 5, 2016
Are Cyber Experts on Boards Inevitable?: Fifteen years ago the legislation known as Sarbanes-Oxley (SOX) forced American corporate boards to diversify their skills by adding financial expertise to their director ranks. Are we now at a similar point for IT and cybersecurity governance skills? The ConferenceBoard, June 16, 2016

Cyber Crime

1,025 Wendy’s Locations Hit in Card Breach: At least 1,025 Wendy’s locations were hit by a malware-driven credit card breach that began in the fall of 2015, the nationwide fast-food chain said Thursday. The announcement marks a significant expansion in a data breach that is costing banks and credit unions plenty: Previously, Wendy’s had said the breach impacted fewer than 300 locations. KrebsOnSecurity, July 8, 2016

Cyber Warning

CryptXXX, Cryptobit Ransomware Spreading Through Realstatistics Campaign Infecting Websites: Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. ThreatPost, July 8, 2016

Cyber Defense

Review: Linux Server Security: Chris Binnie is a Technical Consultant with 20 years of experience working with Linux systems, and a writer for Linux Magazine and Admin Magazine. He built an Autonomous System Network in 2005, and served HD video to 77 countries via a media streaming platform. Over the course of his career, he has deployed many servers in the cloud and on banking and government server estates. HelpNetSecurity, July 8, 2016

Cyber Security in Society

Cyber Privacy

Google Tests New Crypto in Chrome to Fend Off Quantum Attacks: FOR ANYONE WHO cares about Internet security and encryption, the advent of practical quantum computing looms like the Y2K bug in the 1990s, a countdown to an unpredictable event that might just break everything. The concern: hackers and intelligence agencies could use advanced quantum attacks to crack current encryption techniques and learn, well, anything they want. Now Google is starting the slow, hard work of preparing for that future, beginning with a web browser designed to keep your secrets even when they’re attacked by a quantum computer more powerful than any the world has seen. Wired, July 7, 2016

Cyber Underworld

Cisco Eyes Ties Between Angler and Lurk Malware: Cisco’s Talos research unit says it has found evidence of ties between operators of the Angler exploit kit and a group of Russians that used the Lurk malware to loot banks in the country. BankInfoSecurity, July 8, 2016

National Cyber Security

Comey Indicts the State Department Information Security Culture: FBI Director Jim Comey announced that the FBI has concluded its investigation into Hillary Clinton’s use of a private email server and is recommending that the Department of Justice not pursue any charges. Ben has already shared some thoughts on the statement and decision to not pursue charges. However, there is one additional element worth noting. Within the more politically consequential parts of his statement, Comey takes a notable swipe at the information security culture of the State Department: LawFare, July 5, 2016
A Closer Look At Microsoft’s Proposed Norms For Cybersecurity: Microsoft last month outlined steps companies can take to collaborate on cybersecurity, following its proposed norms for nation-states. DarkReading, July 5, 2016
New film blames Israel for failure of Iran malware: A new documentary argues that the failure of the Stuxnet malware used against Iran was primarily Israel’s. Director Alex Gibney’s “Zero Days,” out July 8, attempts to fills in gaps in the story of what happened with the malware program. TheHill, July 4, 2016

Cyber Gov

Fired IRS Employees Don’t Always Have Access Revoked: The Internal Revenue Service can’t always be sure that former employees’ access to systems and buildings has been revoked, according to a recent report. AccountingToday, July 7, 2016

Cyber Law

European Union’s First Cybersecurity Law Gets Green Light; New security, reporting rules: The European Union approved its first rules on cybersecurity, forcing businesses to strengthen defenses and companies such as Google Inc. and Inc. to report attacks. Bloomberg, July 6, 2016
When Should Hacking Be Legal? The ACLU Challenges the Computer Fraud & Abuse Act : A group of academics and journalists say a federal computer-fraud law criminalizes their work. The Atlantic, July 1 2016


11 million patient record breaches make June worst information security month in 2016: The high number of breaches span payers, providers and an NFL team and prove just how vulnerable the industry is, the new Healthcare Breach Barometer from Protenus and said. HealthCareITNews, July 7, 2016

Internet of Things

Serious vulnerabilities found in BMW’s ConnectedDrive web portal: Two unpatched vulnerabilities in BMW’s ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns. TheRegister, July 8, 2016
Surveillance video of thieves using laptop to hack into and steal car: Say you’re planning to hot-wire a car. You’d likely bring some tools: maybe a screwdriver, or a drill. You sure wouldn’t bring your laptop, says Senior Officer James Woods, who’s logged 23 years in the Houston Police Department’s auto antitheft unit. After all, laptops aren’t particularly useful for stripping wire. NakedSecurity, July 8, 2016

Cyber Research

First Experimental Demonstration of a Quantum Enigma Machine Uses Key Shorter than Message: Quantum physicists have long thought it possible to send a perfectly secure message using a key that is shorter than the message itself. Now they’ve done it. MIT Technology Review, June 4, 2016
Encryption is less secure than we thought: For 65 years, most information-theoretic analyses of cryptographic systems have made a mathematical assumption that turns out to be wrong. MIT News, August 14, 2013

Cyber Sunshine

Malaysia-based credit card fraud ring broken, 105 arrested: A total of 105 credit card fraud suspects have been arrested in Asia and Europe following a complex months-long investigation across two continents. TheRegister, July 8, 2016

Secure the Village — Events

CyberSecurity Roundtable. Host Grandpoint Bank, Citadel, LBW & FBI; 7/12; 7:30-9:30; Orange, CA: On Tuesday, July 12, we are hosting a cyber security seminar that will feature experts in law enforcement, information security, and insurance. We hope you can join us for an informative panel discussion and Q&A about emerging cyber crime risks and ways you can help protect your business against the growing threat of cyber fraud. GrandPoint Bank, Event Date: July 12, 2016
CyberSecurity Roundtable. Host Grandpoint Bank, Citadel, LBW & FBI; 7/13; 7:30-9:30; Studio City: On Wednesday, July 13, we are hosting a cyber security seminar that will feature experts in law enforcement, information security, and insurance. We hope you can join us for an informative panel discussion and Q&A about emerging cyber crime risks and ways you can help protect your business against the growing threat of cyber fraud. GrandPoint Bank, Event Date: July 13, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810's Security Recruiter Blog