Security in the News – Week of January 27

Information Security

CNBC

China Originates 35% of Nuclear Bomb Cyber Attacks

January 29

Over a third of cyber-attacks come from China, with nation topping global charts for hacking.

 

Computerworld

Yahoo Resets Passwords After Email Hack

January 30

Yahoo suspects usernames and passwords were stolen from an unidentified third-party database.

 

CSO

CSO’s Guide to Advanced Persistent Threats

January 27

Series of articles examine processes, tools and methods used by criminals during a targeted attack.

 

HelpNet Security

Hasbro’s Website Compromised, Serves Malware

January 27

Toy maker compromised, found serving malware to unsuspecting visitors on number of occasions during last few weeks.

 

Retailer Michaels has Likely Been Breached

January 27

Latest to announce it was targeted by cyber crooks after customers’ payment card data.

 

Which Ecommerce Sites Do More to Protect Your Password?

January 27

Keys that protect consumer personal data are passwords used, and weak passwords could prove disastrous for personal data security.

 

Microsoft Reveals Law Enforcement Documents Were Stolen in Hack

January 27

Unknown hackers accessed, exfiltrated law enforcement information requests from compromised employee email accounts.

 

DDoS Attacks Become Smarter, Faster and More Severe

January 28

Attacks will continue to be serious issue in 2014 as attackers become more agile and their tools become more sophisticated.

 

Who Should be Responsible for Protecting Your Online Privacy?

January 28

Microsoft released results of survey that shows privacy attitudes of technology savvy individuals in US and European countries.

 

Empowering Users to Make Informed Decisions on Value of Sensitive Data

January 28

Data Privacy encourages everyone to make protecting privacy and data a greater priority.

 

Krebs on Security

New Clues in the Target Breach

January 29

Malware used suggests attackers may have had help from poorly secured feature built into a widely-used IT management software product running on retailer’s internal network.

 

MS-ISAC

2014 Cyber Security Outlook

January 29

A look at cyber threats this year, and key challenges from advancements in technology that are becoming part of daily lives.

 

Reuters

SEC Examiners to Review How Asset Managers Fend Off Cyber Attacks

January 30

Regulators plan to scrutinize asset managers to have policies to prevent, detect cyber-attacks, properly safeguarding against risks that arise from vendors having access to systems.

 

State of Security

Data Privacy, Information Security and Cyber Insurance 2014 Trends Report

January 28

Data Privacy, IS industry experts for businesses and organizations.

 

Wall Street Journal

Alcatel-Lucent Reports Surge in Mobile Network Infections Affects 11.6 Million Devices

January 29

Home network infections rates for year remain flat as “traditional” PC malware makes jump to mobile devices

 

We Live Security

Blackberry Rolls out Picture Passwords for Handsets, Bolsters Enterprise Security System

January 29

Blackberry 10 operating system was updated to include photo password mechanism, stronger message filtering capabilities.

 

Security and Crisis Management

Al Arabiya

Egypt Militants Blow Up Sinai Gas

January 28

Pipeline in Egypt’s Sinai that transports gas to Jordan blown up by suspected militants.

 

BBC

Philippines Military Offensive Kills 37 Rebels

January 29

At least 37 Philippine rebels were killed in a two-day offensive in south.

 

News 24

Dea

th Toll Hits 52 in Nigeria Market Attack

January 29

Number of people killed in deadly market attack blamed on Boko Haram militants in Nigeria has risen to 52.

 

Reuters

Suicide Bombers Storm Iraq Ministry

January 30

Suicide bombers burst into Iraqi ministry building, took hostages, killed 18 including themselves before security forces regained control.

Security in the News – Week of January 20

Information Security

CNN

Did You Get an Email from Target? What You Need to Know

January 20

Target sent blast to customers for one year of free credit monitoring, problem is scammers are on prowl sending similar emails.

 

Computer Weekly

South Korean Data Breach Linked to Insider

January 21

Employee at credit rating firm in S. Korea alleged to have sold personal details of 20 million to marketing firms in insider threat.

 

Computerworld

Coding Target-Related Malware Side Job for Man Living in Russia

January 21

Program he helped develop has a defensive purpose as well.

 

Syrian Electronic Army Hacks Microsoft’s Office Blogs Site

January 21

Syrian Electronic Army claim they got access to the blogs.office.com admin panel.

 

Take Security Program to Next Level

January 21

Key elements for CSO 2.0s for success in 2014, beyond.

 

As Target Breach Unfolds, Information Vanishes from Web

January 22

Did security companies publish too much, too soon on the Target breach?

 

Digital Strategy Consulting

Massive German Hack Sees One Fifth of Population’s Passwords Stolen

January 23

Passwords of 16 million email users in Germany were stolen, equivalent of a fifth of German population. More than half of hacked accounts ended in .de, country code for Germany.

 

Help Net Security

Cyber Security Predictions for 2014

January 21

Chief Security Strategist at Bitdefender draws on expertise to predict key security threats.

 

Companies Must Improve Incident Response Plans

January 21

Ponemon Institute report on cyber security incident response.

 

Apple Users Hit with Update Using New SSL Servers Phish Email

January 21

Accounts targeted with legitimate-looking phishing emails that are after account credentials, personal, financial information.

 

Card Data Stolen in Target Breach Starts Getting Misused

Janaury 21

Information swiped in massive breach has been spotted being misused in Texas, and two Mexican citizens are facing federal charges.

 

Motivation, Techniques of World’s Most Sophisticated Cyber Attackers

Janaury 22

CrowdStrike Global Threats Report: 2013 Year in Review – product of year-long study of more than 50 groups of cyber threat actors.

 

New Snapchat CAPTCHA System Hacked in Record Time

January 23

Revelation that usernames and phone numbers of 4.6 million Snapchat users were compromised marked bad start of the year for company.

 

Penetration Testing: Accurate or Abused?

January 23

Ponemon study says since 2010 cybercrime costs climbed 78%, time required to recover from breach increased 130%.

 

Top 10 DDoS Attack Trends

January 23

Prolexic Technologies, provider of DDoS protection services, published top 10 attack trends for 2013.

 

Best Practices to Help Prevent Online Data Breaches

January 23

Online Trust Alliance recommended a series of best practices to help prevent online data breaches and other exploits.

 

Krebs on Security

DHS Alerts Contractors to Bank Data Theft

January 21

Breach at DHS web portal exposed private documents, financial details belonging 114 organizations that bid on contracts.

 

Gang Rigged Pumps With Bluetooth Skimmers

January 22

Indictment of 13 accused of running a multi-million dollar fraud ring that allegedly installed Bluetooth-enabled wireless gas pump skimmers at filling stations throughout S. US.

 

Bug Exposes IP Cameras, Baby Monitors

January 23

Bug in software that powers Webcams, IP surveillance cameras, baby monitors made allows access to device’s internet address to view live, recorded video footage.

 

South Florida Business Journal

Russian Teenager Could be Culprit in Target’s Cyber Attack

Janaury 21

Breach, possibly compromising 40 million users, linked to Russian teen.

 

We Live Security

How to Cleanse Your PC of Unwanted Adware and Badware

January 21

100K new variants of malware detected daily, globally.

 

‘Password’ No Longer Weakest Choice as ‘123456’ Surges to First Place

January 21

Password security co. released annual list of world’s worst passwords – ‘password’ has been unseated by ‘123456’.

 

Security and Crisis Management

BBC

Ukraine Protests: Two Protesters Killed in Kiev Clashes

January 22

Protesters killed in clashes with police in Ukrainian capital Kiev.

 

Egypt Police Killed at Checkpoint

January 23

Five policemen killed in Egypt in armed attack on checkpoint in S. Cairo.

 

Reuters

Seven Dead in Killings in Central African Republic

January 22

Several die in inter-religious attacks, reprisal killings in Central African Republic’s capital Bangui, underlining challenge new interim president faces in restoring peace.

 

Working Knowledge of Data Science

Judge what questions to ask
Understand what data tells you
Know how to link cause and effect

Adjust Processes
Share Information
Use data in new ways
Start bite-sized
Then scale

Empower Yourself
Obtain working knowledge of data science
Start to question
Hire data scientists

Developing a Culture of Innovation

High Performance IT Organizations:
– Understand Change at a granular level
– Drive change versus Resist Change

Next Age IT Heroes will be “Masters of Change”

De-Synchronization is the story every executive must understand – The pace of change for various piece-parts of the world we live in is not uniform.  The un-even acceleration of key piece-parts (i.e., institutions, skill sets, practices & mind sets)

General Shape of the Future – SMAC Stack: Social Media, Mobility, Analytics/Big Data, Cloud

 

Moving Fast in the Enterprise

Success in today’s marketplace requires us to move faster, to get closer to customers, and to increase the probability that what we build is fundamentally what they want.  Moving Fast in the Enterprise must be done with a concise set of tools and principles, but also a new way of thinking that can help us do that better.

These principles can be applied throughout the enterprise, regardless of organizations implementing a new version of a product, taking a product into a new market, or building something fundamentally new like the world has never seen.  End results include process change to simplify internal productivity, interacting with customers better enabling quicker sales cycles, reducing the cost of sales, resulting in more value added customer solutions.

These are all changes with a high degree of uncertainty, where calculating ROI can be difficult.  By treating process changes as controlled experiments to test validity can ultimately drive an organization wide roll-out.

Do traditional enterprise processes take the idea of growth based on customer need seriously?  Is the customer completely engaged throughout the build process?  How often do we get the voice of the customer right the first time?  What if market conditions change through the life of the project which may change the scope of the project?  Getting customers engaged early and continually through the project serves to constantly test to ensure the current version of the product fundamentally is going to drive growth and delight customers.  This develops a process of continued learning where a measurable business outcome is achieved.

Organizations must focus on ‘Build, Measure, Learn’ cycle times – How much time has elapsed before we’ve validated the idea as correct or incorrect?

Every team member can be entrepreneurial about their job.  Do you have ideas about how you can serve customers better?  How can you get the ideas tested?  We should be empowered to propose experiments.  Every project must have accountability and defined metrics.  While driving process change, are you learning something important?  How are you learning about what customers want?

 

The End of the Industrial Age

Work Design
From Hierarchies to Networks
Twentieth Century Icons: Mastery of Scale, Quality, and Cost

  • Organizations that mastered these capabilities dominated the twentieth-century economy
  • Bureaucratic systems optimized core processes
  • Division of responsibility – needing only top leaders to worry about the overall goals
  • each worker freed to develop a component skill

The Primary Function Today: Orchestrating Intelligence

  • Using one’s particular knowledge and capacities in ways that contribute to the success of the whole
  • Combining different types of knowledge and expertise to come up with something better
  • Harnessing the smallest units of knowledge
  • Continually improving processes and routines
  • Customizing relationships with customers, suppliers and others
  • Detecting and responding to market and environmental shifts
  • Learning

Drivers for Change

  • The Technology Revolution
  • The Economic Revolution
  • The Net Generation
  • The Social Revolution

Collaboration and the Changing Nature of Work
Ronald Coase
The Economics of Collaboration

  1. Peer Pioneers
  2. Ideagoras
  3. Prosumers
  4. New Alexandrians
  5. Platforms for Participation
  6. The Global Plant Floor
  7. The Wiki Workplace
    Personal Profiles (based on people)
    Industrial Strength Social Networks
    Blogging and Microblogging
    Wikis and Document Co-creation
    Ideastorms
    Team Project Tools
    Deliberation-Decision Making
    New Generation Knowledge Management

Knowledge Management 2.0
Old: Finite Resource, Internal, Containerization
New: Infinite Resource, Internal and External, Collaboration

Collaborative Decision Making
Collaborative Decision Management
From Command and Control to Ideation and Decision Making Ecosystems:
– Brainstorming / Storyboarding
– Criticism forbidden
Beyond quantity of ideas, nothing discourage
– Objective is alternative ideas for further analysis
– Voting on ideas
Ranking ideas
– Throwing some ideas off the island

Dicisionally
From Command and Control to Interactive Group Decisioning
Nominal Group Technique
– Personality Tree
– Not Verbal
– Ideas documented, circulated, discussed non judgmentally
– Then eventual ranking
Delphi Method
– Asynchronous
– Iterative questions and answers
– Convergence towards actionable insights
Combinations of the Above

From Command and Control to Sense and Respond
From Meeting Domination to approaches like Delphi
From Decisions as Events to Decisions as Reusable Assets
From Knowledge Management to Social Knowledge

 

 

Security in the News – Week of January 13

Information Security

Business Day Live

South Africa Neglects Alarming Effect of Cybercrime

January 14

Cyber-attacks are growing risk to business in South Africa, but neither government nor business are doing enough to combat it.

 

CNN

Starbucks App Leaves Passwords Vulnerable

January 15

App allows customers to purchase from smartphones, saves usernames, passwords, other personal information in plain text.

 

Computerworld

Target’s Point-of-Sale Terminals Were Infected with Malware

January 13

Attackers used malware to steal credit and debit card data from PoS systems.

 

Target Hackers Have More Data to Sell as Demand Wanes

January 14

Those who stole data appear to be keeping low profile on underground forums.

 

Target to Invest $5M in Cyber Security Ed Program

January 14

Launch of plan to educate public on dangers of scams follows major theft of Target customer data.

 

Kaspersky Lab: Beware of Neverquest Trojan Banker
January 14

Recorded attempts to infect computers used for online banking with malicious program creators claim can attack any bank, any country.

 

Hackers Exploit SCADA Holes to Take Full Control of Critical Infrastructure

January 15

Review of reports on hacking critical infrastructure, from dish satellite systems to taking full control of industrial control systems.

 

Spammers Target Snapchat, Bitly, Kik Messenger

January 16

Companies working with Symantec to clean up malicious links, result of API keys left visible on web.

 

Help Net Security

Top Security Concerns for 2014

January 14

AhnLab, immersed in the cyber trenches and the cloud, announced top security concerns for 2014.

 

Understanding Mobile Security Pressure Points and Vulnerabilities

January 14

41 percent of government employees who used assessment tool are putting themselves, agencies at risk with existing mobile habits.

 

Amazon and GoDaddy are Biggest Malware Hosters

January 15

US leading malware hosting nation, 44 percent of malware hosted domestically.

 

Security Concerns Still holding Back Cloud Adoption

January 15

With significant differences in public cloud infrastructure concerns between cloud-wise, cloud-wary, organizations not using cloud services have no near-term plans.

 

Krebs on Security

First Look at Target Intrusion, Malware

January 15

Target disclosed malicious software infected point-of-sale systems at checkout counters.

 

Closer Look at Target Malware, Part II

January 16

Previous story prompted flood of analysis and reporting from antivirus and security vendors about related malware.

 

PC Magazine

Syrian Hackers Hijack Saudi Sites, Target Microsoft Again

January 15

SEA seized control of Saudi Arabian govn. websites, tweeting names, links of 16 Saudi domains as they infiltrated each one.

 

The Register

Banking Apps – Insecure and Badly Written

January 13

Security researchers IO Active are warning that many smartphone banking apps are leaky and need to be fixed.

 

We Live Security

Less Than Half of Consumers Take Steps to Stay Safe Online

January 13

Survey conducted by British gov. found less than half took basic steps online, part of new cyber campaign.

 

Luxury Store Neiman Marcus Admits to Cyber-Intrusion, Theft from Customer Cards

January 13

Thieves accessed systems, made unauthorized charges on customers’ credit cards over holiday period.

 

Major Cyber-Attacks Can be Predicted Using Computer Model

January 14

Major international cyber-attacks follow pattern can be predicted by mathematical model, researchers claim.

 

Tips for Defending Accounts Against Card Fraud

January 14

If you used credit, debit card in store last three months, check accounts for fraudulent charges.

 

Borrowing Tricks from Cybercriminals Scare Web Users Into Safe Browsing

January 15

Direct threats against users are more effective, such as vague warnings about systems or impact on others.

 

Security and Crisis Management

CBS News

Deaths in Shootout During Pre-Olympics Security Sweep in Russia

January 15

Russian security forces and gunmen were killed in shootout during a sweep for militants before the Sochi Winter Olympics.

 

Channel News Asia

24 Wounded in Philippine School Blast

January 13

Suspected improvised bomb attack at university campus in Philippines left 24 student and teachers people wounded.

 

News 24

31 Killed in Tribal Clashes in Southern Libya

January 13

Days of fighting between tribes in S. Libya kill 31, gunmen assassinated country’s deputy minister of electricity in separate attack.

Security in the News – Week of January 6

Information Security

BetaNews

Malware Introduced by Employees Major Concern for Business

January 9

Study finds malware security concern for businesses, finds employees were main reason when it comes to introducing malware to enterprise systems.

 

Computerworld

Target Breach Unleashes Fresh Scams

January 6

Scammers are nothing if not innovative, goes to show best defense is an educated workforce.

 

Help Net Security

Growing Hacking Threat to Ecommerce Websites

January 6

How websites get hacked, how to prevent it and what to do in a website compromise.

 

Unauthorized Activity on Your Amazon Account Phishing Email Doing Rounds

January 6

Spam campaign that aims for login credentials claims unauthorized activity on recipient’s Amazon account.

 

Deadly New Ransomware To Be Released?

January 7

As disruptive as Cryptolocker is, there’s a possibility that a deadlier type of ransomware will soon target unsuspecting users.

 

Senior Managers Worst Information Security Offenders

January 8

As companies look for solutions to protect integrity of networks, data centers and computer systems, unexpected threat is lurking under surface, senior management.

 

Top Priorities for Organizations to Counter Digital Criminality

January 8

Highlights biggest issue to hit organizations in 2014 will be rise of digital criminality as fraud becomes increasingly cyber enabled.

 

What Healthcare Security and Privacy Pros Wish For

January 9

2013 proved to be a dizzying year for healthcare compliance, privacy, and information security.

 

Krebs on Security

Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen

January 10

Target’s ongoing forensic investigation also determined guest information, separate from payment card data, was taken during breach.

 

Naked Security

Follow Up Phish Targets Possible Victims of JP Morgan Chase Card Breach

January 8

How cybercriminals use real security disasters to cause follow-up disasters of their own.

 

Network World

Talk of Cyberwarfare Meaningless to Many Companies

January 7

While government leaders often use attention-grabbing buzzwords, such expressions do not have much impact on security budgets within private industries.

 

Worst Data Breach Incidents of 2013

January 8

Businesses and government agencies lost most personal, financial records due to hackers or security mishaps.

 

Seven Best Habits of Effective Security Pros

January 8

IS professionals need to learn more swiftly, communicate more effectively, know more about business, and match capabilities of an ever-improving set of adversaries.

 

State of Security

Security and Risk Management in Healthcare

January 6

Study reveals industries lag behind other sectors in implementation of critical security controls.

 

Skipfish Scanner Used in Financial Sector Attacks

January 8

Cloud platform provider reports discovery of ongoing attacks targeting  financial sector in which systems are being scanned for vulnerabilities with security reconnaissance tool.

 

Remote Network Satellite Links Vulnerable to Attacks

January 8

Researchers have warned that terminals that allow Internet access for remote networks by sending data to satellites may be a “soft target” for attackers.

 

ThreatPost

PrisonLocker Ransomware Emerges From Criminal Forums

January 6

Researchers uncovered new ransomware, malware author, legitimate security researcher or posing as one via a personal blog and Twitter handle.

 

We Live Security

2013: A View to a Scam

January 6

Plenty of scams effective to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use.

 

Security and Crisis Management

BBC News Africa

DR Congo’s Lubumbashi Hit by Fighting

January 7

26 killed in 8 hour battle between government, rebel forces in DRC city Lubumbashi.

 

Nigeria Gunmen Kill 30 in Plateau State Raid

January 7

Gunmen stormed village in Nigeria’s central Plateau state, leaving 30 people dead.

 

BBC News Europe

Russia Security Swoop after Bodies Found in Stavropol

January 9

Russian security forces deployed in anti-terror operation 186 miles east of Sochi, venue for Winter Olympics.

 

News 24

Mozambique Clash Leaves at Least 2 Dead

January 8

At least two gunmen linked to main opposition party killed in exchange of fire with government forces in town of Pembe.