Sunday, October 02, 2016

Cyber Security News of the Week, October 2, 2016


CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP

 

Individuals at Risk

Cyber Defense

How to pick a password manager: After the Yahoo breach exposed personal data about 500 million users, many people are looking for ways to protect themselves online. That’s where password managers come in. Christian Science Monitor, September 30, 2016

Information Security Management in the Organization

Information Security Management and Governance

10 Things You Need to Do if your Business Gets Hacked: What’s worse than a massive data breach? Not reporting it. Fortune, September 30, 2016
5 things we learned about the state of cybersecurity from Structure Security 2016: The future of cybersecurity is difficult to predict. Attack surfaces change all the time, and attackers are constantly coming up with new ways to steal data and disrupt systems. However, in the chaos of it all, some patterns emerge. TechRepublic, September 30, 2016
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say: SAN FRANCISCO — Six years ago, Yahoo’s computer systems and customer email accounts were penetrated by Chinese military hackers. Google and a number of other technology companies were also hit. The New York Times, September 28, 2016

Cyber Crime

Hackers steal Westpark Capital files, demand ransom for data: A hacking group that claimed responsibility for leaking sensitive documents from a Century City investment bank threatened Tuesday to divulge more data if the firm failed to pay a ransom. LA Times, September 27, 2016

Cyber Warning

Android malware that can infiltrate corporate networks is spreading: An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. PCWorld, September 30, 2016

Cyber Update

CISCO WARNS OF CRITICAL FLAW IN EMAIL SECURITY APPLIANCES: Cisco Systems released a critical security bulletin for a vulnerability that allows remote unauthenticated users to gain complete control of its email security appliances. The vulnerability is tied to Cisco’s IronPort AsyncOS operating system. ThreatPost, September 29, 2016

Information Security Professional

Microsoft launches “fuzzing-as-a-service” to help developers find security bugs: At Microsoft’s Ignite conference in Atlanta yesterday, the company announced the availability of a new cloud-based service for developers that will allow them to test application binaries for security flaws before they’re deployed. Called Project Springfield, the service uses “whitebox fuzzing” (also known as “smart fuzzing”) to test for common software bugs used by attackers to exploit systems. ars technica, September 27, 2016

Cyber Law

Yahoo hack may become test case for SEC data breach disclosure rules: Yahoo’s disclosure that hackers stole user data from at least 500 million accounts in 2014 has highlighted shortcomings in U.S. rules on when cyber attacks must be revealed and their enforcement. Reuters, September 30, 2016

Cyber Security in Society

Cyber Defense

Firefox blocks websites with vulnerable encryption keys: To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. PC World, September 30, 2016

Cyber Attack

Why a massive DDoS attack on a blogger has internet experts worried: Someone on the internet seems very angry with cybersecurity blogger Brian Krebs. On 20 September, Krebs’ website was hit with what experts say is the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. NakedSecurity, September 29, 2016
Cybersecurity expert Brian Krebs was silenced by a huge hacker attack. That should terrify you: About a week ago, the website of journalist and cybersecurity expert Brian Krebs was hit with a crippling hacker assault known as a “distributed denial of service,” or DDoS, which knocked him off the Internet for several days. LA Times, September 29, 2016
The Democratization of Censorship: John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech. KrebsOnSecurity, September 25, 2016

Know Your Enemy

Diversified supply chain helps ‘Vendetta Brothers’ succeed in criminal business: Even smaller criminal groups are using smart business tactics to help insulate them from risk, such as the Vendetta World online shop, which sells credit card numbers. CSO, September 29, 2016
‘Money Mule’ Gangs Turn to Bitcoin ATMs: Fraudsters who hack corporate bank accounts typically launder stolen funds by making deposits from the hacked company into accounts owned by “money mules,” willing or unwitting dupes recruited through work-at-home job scams. The mules usually are then asked to withdraw the funds in cash and wire the money to the scammers. Increasingly, however, the mules are being instructed to remit the stolen money via Bitcoin ATMs. KrebsOnSecurity, September 29, 2016
As volume, scope & cost of cybercrime reach very high levels, Europol identifies cybercrime trends: The volume, scope and cost of cybercrime have reached very high levels – and are set to get even higher, according to a report from Europol – the European Union’s (EU) law enforcement agency. CNBC, September 28, 2016

Cyber Government

GAO Report: FDA fails to meet required agency-wide security program: The Government Accountability Office says the Food and Drug Administration should do more to strengthen the security of its information systems that track industry and public health data. Morning Consult, September 29, 2016

Cyber Politics

More than 20 states have faced major election hacking attempts, DHS says: Hackers have intensely probed state voter registration systems in more than 20 states, a DHS official told POLITICO on Friday. Politico, September 30, 2016

Internet of Things

Inside Arizona’s Pump Skimmer Scourge: Crooks who deploy skimming devices made to steal payment card details from fuel station pumps don’t just target filling stations at random: They tend to focus on those that neglect to deploy various tools designed to minimize such scams, including security cameras, non-standard pump locks and tamper-proof security tape. But don’t take my word for it: Here’s a look at fuel station compromises in 2016 as documented by the state of Arizona, which has seen a dramatic spike in fuel skimming attacks over the past year. KrebsOnSecurity, September 27, 2016

Cyber Research

How Blockchain can bolster interoperability and information security at the same time: Blockchain technology gained international attention as the technology supporting bitcoin, a digital asset and a payment system that relies on peer-to-peer transactions taking place between users directly, without an intermediary. These transactions are verified by network nodes and recorded in a public distributed ledger, or the blockchain. HealthcareITNews, September 30, 2016
Project Abacus: Google Wages War On The Password: We’re reaching a stage where a lost or stolen phone can intuitively shut down all its apps because it knows it’s not the owner tapping away on its screen, and when banks are actively testing these types of systems as alternatives to passwords and PINs. Therefore when it comes to security, one can safely assume that behavioural authentication, already on the rise, will be the next great frontier in device authentication. InformationSecurityBuzz, September 29, 2016

Cyber Event

Secure Coding Class for the Web: The major cause of application insecurity is the lack of secure software development practices. This highly intensive and interactive course provides essential application security training for web application, webservice and mobile software developers and architects. The class is taught by noted security guru, Jim Manico. The class features a combination of lecture, security testing demonstration and code review. Event Date: October 17-21
THIRD ANNUAL LOS ANGELES CYBER SECURITY SUMMIT 2016-SILICON BEACH: Cyber attacks on corporations, governmental agencies and individuals are becoming increasingly widespread and regular, as well as more complex. In honor of National Cyber Security Awareness Month, LMU is once again hosting The Third Annual Cybersecurity Summit that brings together government officials, private business executives and cybersecurity experts to discuss the current and emerging threats that exist in today’s sophisticated cyber environment, and the technological advancements being made to countermeasure and manage these risks. Event Date: October 22, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



SecurityRecruiter.com's Security Recruiter Blog