Security in the News – Week of February 17

Information Security

Computerworld

Data Exposed Delta, Facebook, Others Latest to Fall into Mobile App Trap

February 18

Match.com, eHarmony also among those saying we didn’t know our mobile apps did that.

 

Fox News
Iranian Hacking of Navy Computers Reportedly More Extensive Than First Thought

February 18

Hack of Navy’s largest unclassified computer network took four months to resolve, raising concern about security gaps exposed.

 

HelpNet Security

US Businesses Suffered 666K Internal Security Breaches

February 19

666K internal security breaches took place in US businesses in 12 months, average of 2560 per day, research revealed.

 

Epidemic of Cyber Attacks Compromising Healthcare Organizations

February 19

Networks, internet-connected devices of orgs in virtually every healthcare category continue to be compromised.

 

Cost of Target Data Breach Exceeds $200 Million

February 19

Financial institutions continue to respond to massive data breach at Target; costs associated with the breach exceed $200 million.

 

Lessons Learned From Blocking 100M Cyber Attacks

February 19

Report contains a quarter-by-quarter guide to the biggest cybercrime trends and incidents in 2013.

 

800M Exposed Records Make 2013 Record Year for Data Breaches

February 19

Data breaches show risk is much smaller than the one related to attacks coming from the outside.

 

96 Percent of Apps Have Security Vulnerabilities

February 20

Improvements in patch deployment, secure coding practices made impact on incidence of vulnerabilities.

 

First-Rate Phishing Email Claims Your Paypal Transaction Was Declined

February 20

Well-made fake notification claims transaction declined tricking users sharing personal, financial information.

 

Info Security

Syrian Electronic Army Hacked Forbes and Dumped One Million Credentials

February 17

Forbes’ email addresses exposed, passwords stolen.

 

Network World

Tips to Combat Advanced Persistent Threats

February 18

Time, training and collaboration to thwart APTs needed as these best practices can keep defenses high.

 

Zeus Malware-Botnet Variant Spotted Crawling Salesforce.com

February 19

Security vendor warns it’s seeing the Zeus banking malware turned to use to attack in new ways.

 

Why Companies Need to Check Handling of Internal Threats

February 20

Security pros should re-evaluate use of technology, policies to bolster defenses against threats that orgs often downplay.

 

Security Affairs

Detected New Zeus Variant Makes Use of Steganography

February 18

New Zeus banking trojan variant makes use of steganography to hide configuration file.

 

The Register

New Password System Lets Planet Earth Do Hard Work

February 17

Think of a place, any place.

 

We Live Security

QR Codes Pose Hidden Danger to Smartphone Users

February 19

So many are willing to scan this untrusted QR code.

 

Security and Crisis Management

Al Arabiya

Car Bombs Target Iraqi Capital as Violence Continues

February 18

Ten car bombs in central Iraq killed 19 after another series of blasts earlier.

 

Channel News Asia

Thai PM Faces Charges as Clashes Leave Four Dead

February 18

Thailand’s embattled premier charged with neglect of duty, clashes between police, opposition protesters in Bangkok.

 

Reuters

Two Killed in Guinea Protests over Power Cuts

February 18

Two killed, 30 injured in Guinea’s capital Conakry when protests against frequent power cuts turned violent.

 

UN Chief Wants 3K More Troops for Central African Republic

February 20

3K tr

oops, police to Central African Republic to combat worsening sectarian violence until peacekeeping established.

 

UPI Top News

European Union Agrees to Sanctions Against Ukraine

February 20

EU said it would impose sanctions on Ukraine where anti-government protests turned deadly with security forces.

Security in the News – Week of February 10

Information Security

Computerworld

Another Step Toward Eliminating Data Loss

February 10

Combining existing network data loss prevention (DLP) with endpoint DLP will reveal more hidden network recesses.

 

Attackers Use NTP Reflection in Huge DDoS Attack

February 12

Attack peaked at over 400Gbps, according to CloudFlare, the company whose infrastructure was targeted.

 

HelpNet Security

Three US Medical Device Makers Breached

February 10

Networks of three medical device makers breached by unknown attackers after companies’ IP.

 

Account Details of 27K Barclays Customers Stolen, Sold to Brokers

February 10

UK Barclays hit with stolen personal, financial information of 27K customers; sold to city traders.

 

Governments Unprepared for Impact of Big Five IT Trends

February 10

MeriTalk study examines how implementation of data center consolidation, mobility, security, big data, and cloud computing, will affect state and local government IT.

 

Sophisticated Cyber-Espionage Tool Uncovered

February 11

Kaspersky Lab discovered a Spanish-language speaking threat actor involved in global cyber-espionage operations since 2007.

 

Parents Fear Kids are Exposed to Online Threats

February 12

27% parents believe children are exposed to online risks, such as accessing inappropriate content or cyber bullying.

 

Exposing Profitability of Private Data

February 12

Security breaches, cyber criminals, organized attacks made it nearly impossible to keep personal, financial data private.

 

As Crimeware Evolves, Phishing Attacks Increase

February 12

Number of phishing campaigns increased by 20% percent in 3Q 2013, with crimeware attacks evolving and proliferating.

 

Linksys Home Routers Targeted and Compromised in Active Campaign

February 13

Undetermined vulnerability affecting certain Linksys Wi-Fi routers is active to infect devices with a worm dubbed TheMoon.

 

New Global Partnership to Fight Cybercrime

February 13

MSFT announced global partnerships to increase cooperation between international law enforcement, private sector in combatting cybercrime, helping build safer Internet.

 

International Business Times

Japan Faced 12.8 Billion Cyber Attacks in 2013

Febraury 11

Cyber-attacks are believed to have included phishing campaigns, DDoS attacks and hacktivism.

 

Krebs on Security

Email Attack on Vendor Set Up Breach at Target

February 12

Target breach appears to have begun with malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer.

 

Secure Works

Top Banking Botnets of 2013

February 10

Although banks have evolved security measures to protect online transactions, attackers quickly adapt these countermeasures, respond with sophisticated banking botnets.

 

State of Security

Cyber Security Tops Intelligence Community’s 2014 Threat Assessment

February 10

As society becomes dependent on digital technologies, threats to security of govn. functions, industry, commerce, health care, social communication, personal information spikes.

 

We Live Security

Corkow, Lesser-Known Bitcoin-Curious Cousin of Russian Banking Trojan Family

February 11

Little-known banking Trojan has managed to infect thousands of victims’ computers without knowledge of owners.

 

Two-Factor Authentication: What Is It, Why Do I Need It

February 11

Two-factor authentication is an extra security measure which often requires a code from an app, or an SMS message, as well as a password.

 

Half of Children Left Exposed to Online Threats as Parents Fail to Use Built-in Controls

February 11

Only half of patents use parental controls on internet-enabled devices bought for children – leaving millions of youngsters potentially exposed to online threats.

 

Personal Email and Cloud Storage Pose Biggest Threat to Corporate Data

February 12

Employees who use personal email, removable storage devices, cloud storage to move work files pose one of today’s biggest threats to corporate data.

 

White House Unveils Cyber Security Guidelines to Protect Critical Businesses From Attack

February 13

US government released standards built to help companies in industries critical to the nation defend against cyber-attacks.

 

Security and Crisis Management

Al Arabiya

Libya Under Control After Coup Claim

February 14

PM described control in Tripoli after ex-army official announced suspension of government, parliament in foiled coup.

 

BBC

Syrian Troops Bombard Rebel Stronghold of Yabroud

February 13

Syrian government forces resumed bombardment of Yabroud, last rebel stronghold in the Qalamoun mountains.

 

Channel News Asia

Thai Riot Police Retake Government House

February 14

Thousands of riot police deployed in Thai capital to clear areas occupied for weeks by protesters to force PM from office.

 

News 24

Shabaab Claims Heinous Terror Attack

February 14

Car bomb exploded by convoy of UN vehicles near Mogadishu’s airport, killing six. Al-Qaeda-linked militants claimed responsibility.

Security in the News – Week of February 3

Information Security

Beta News

Good News and Bad as Enterprise Threat Landscape Evolves

February 3

HP released their Cyber Risk Report 2013, highlights top enterprise vulnerabilities.

 

Computerworld

Despite Target Data Breach, PCI Security Standard Remains Solid

February 3

Breaches at Target highlight need for multi-layered security effort.

 

How to Use Syrian Electronic Army Attacks to Improve Security Awareness

February 3

To help companies handle attacks from SEA to contain damage, which accounts compromised and clean up.

 

Malware Sophistication Vexes Lawmakers, Retailers and Financial Industry

February 5

Members of Senate Judiciary Committee point to failure of industry to implement stronger measures.

 

UK Spy Agency Attacked Hacktivist Groups

February 5

Leaked documents suggest agency used DoS tactics, assisted law enforcement in identifying Anonymous members.

 

Target Attack Shows Danger of Remotely Accessible HVAC Systems

February 7

Qualys says 55K internet-connected heating systems, including one at Sochi Olympic arena, lack adequate security.

 

CNN

Busting a Credit Card Hacker

Febrauy 5

Ukrainian Yastremsky was most prolific credit card hacker, stealing 40 million cards from US retailers; cost companies $11 million.

 

Identity Fraud Hits New Victim Every Two Seconds

February 6

Number of identity fraud victims jumped to 13.1 million in 2013; increase of 500K from 2012.

 

Detroit Free Press

Did Your Cell Phone Ring Just Once?

February 6

If you missed phone call from unknown number and call back, hold on to wallet before you get taken by a scam.

 

Entrepreneur

Microsoft Takes to Front Lines in War on Cybercrime

February 6

Global cost of cybercrime is upwards of $300 billion; daily one million more individuals become victims of cyber-criminal activity.
Help Net Security

Security Breaches, Data Loss and Outages Cost US Hospitals $1.6B

February 3

Report quantifies organizational cost with security breaches, data loss, unplanned outages for healthcare providers.

 

USA Still Global Spam King

February 4

SophosLabs revealed top spam-relaying nations.

 

Gartner: By 2016, 30% of Organizations Will Use Biometric Authentication on Mobile Devices

February 4

The consumerization of IT and business BYOD programs have resulted in potential security problems for IT leaders.

 

DDoS Attacks Used to Influence Stock Prices

February 5

Analysis of attacks indicate cyber-attacks using DDoS in attempt to influence market values, interfere with exchange platforms.

 

International Business Times

Anonymous Slovenia Claims FBI Hacked

February 3

Hacked FBI, uploading email addresses, personal information relating to current director to online storage site Pastebin.

 

Krebs on Security

Target Hackers Broke in Via HVAC Company

February 5

Target’s vendor in question was a refrigeration, heating, air conditioning subcontractor that worked at Target and top retailers.

 

Modesto Bee

Cards with Microchips Could Become More Common

February 4

Amid relentless revelations of cyber thieves stealing credit card and personal data, renewed push to fortify the credit cards.

 

Network World

11 Sure Signs You’ve Been Hacked

February 3

Signs you’ve been hacked, what to do in the event of compromise.

 

One in Three Victims of Target Card Breach Could Face Fraud

February 5

Survey shows data breach victims are more frequently seeing fraud.

 

State of Security

Syrian Electronic Army Claims eBay and PayPal Servers Hacked

February 3

SEA claims responsibility for defacing eBay, PayPal in France, Israel and UK with its logo, but denies targeting customer data.

 

Major Hotel Franchises Disclose Payment Data Breach

February 3

White Lodging franchise, Hilton, Marriott, Sheraton, Westin, suffered 2013 data breach exposing customer credit, debit information.

 

US Intelligence Agencies Say Healthcare.gov May be Compromised

February 4

Dept of Health Human Services warned Healthcare.gov compromised by Belarus contractors who developed code.

 

A Forensics Tale: Confronting the Insider Threat

February 4

The call can come in middle of night, a holiday or day off. Highly-disruptive, high-paced, and demand high degree of visibility.

 

US-CERT Issues Security Guidance for Sochi 2014 Olympic Games

February 5

Warnings about hacktivist threats, spam, phishing, drive-by-download campaigns, protecting personal information.

 

We Live Security

Weak Passwords and Ancient Software left US Government Data Vulnerable

February 5

DHS report finds weak passwords and rarely updated software are recurring theme behind the 48K cyber incidents reported.

 

Cellphone-Sized $20 Gadget Can Remote-Control Car Electronics

February 6

Gadget can hack into network of cars to receive radio commands from controlling steering, brakes to switching off headlights.

 

Security and Crisis Management

Al Arabiya

Youth Killed in Sectarian Violence in Algeria

February 7

Berber died of wounds  in Algeria’s Ghardaia, bringing to five killed during weeks of violence between two rival communities.

 

Explosion Rocks Area Near Iraq’s Green Zone

February 5

Three explosions in Baghdad, including car bomb by fortified Green Zone, killed 22 people on Wednesday.

 

BBC

Libyan Blast Injures 12 Children at Benghazi School

February 5

Grenade attack on school in Benghazi.

 

Reuters

Six Hurt in Blasts Near Cairo

February 7

Two explosive devices detonated near police checkpoint in outskirts of Cairo.