Security in the News – Week of April 21

Information Security

Computerworld

SEC Seeks Data on Cyber Security Policies at Wall Street Firms

April 21

Cyber defenses at 50 broker-dealers, investment advisers will be assessed by federal examiners.

 

Mystery Malware Infecting Jailbroken iPhones, iPads

April 23

iOS users found malicious library of unknown origin that can steal Apple credentials from iOS devices.

 

How to Keep Your Smartphone (and Data) Secure

April 24

Tips, tools can help keep your smartphone close, protect data if it strays.

 

Help Net Security

CyberRX: Healthcare Industry’s First Cyber-Attack Simulation

April 22

Results from healthcare industry’s first cyber-attack simulation.

 

Nine Patterns Make up 92 Percent of Security Incidents

April 23

92 percent of 100K security incidents analyzed over 10 years traced to nine basic attack patterns that vary from industry to industry.

 

Network World

Web Apps Security Punching Bag of Internet

April 22

Verizon’s 2014 Data Breach reports show web apps are fraudster’s best friend.

 

Security Vendor Blames Amazon for Customer Malware

April 24

Security vendor claims Amazon Web Services provided cloud-computing customer with unpatched version of Windows resulted in malware infection.

 

Ride the Lightning

Where Do You Go if You Are the Victim of a Cybercrime?

April 21

If you have been victim of cybercrime, you can visit the National White Collar Crime Center.

 

ThreatPost

Iowa State Hacked–To Mine Bitcoins

April 23

Attackers looking at college networks for another reason: computing power for Bitcoin mining.

 

Wired

It’s Insanely Easy to Hack Hospital Equipment

April 25

Many hospitals are unaware of high risk associated with devices.

 

Security and Crisis Management

BBC

Ukraine Move in Slavyansk Draws Stern Putin Warning

April 24

Ukrainian commandos moved on separatist stronghold of Slavyansk, prompting a warning of consequences from Russia’s President.

 

The Telegraph

Ukraine Helicopter Hit by Grenade Taking Off

April 25

Ukraine helicopter crippled in grenade attack as EU, US leaders conferred on final list of new sanctions.

 

Washington Post

Air Strikes Kill Dozens in Syria’s Aleppo: Monitor Group

April 21

Dozens killed in air strikes on northern Syrian city of Aleppo, including at least 29 people in single neighborhood.

 

Militants Attack Balloting Center in Iraq, Kill 10

April 23

Militants wearing military uniforms carried out attack against balloting center in remote area of country’s north, killed 10 guards.

 

Nigerian Leaders Unite Against Boko Haram

April 24

Leaders from across Nigeria appealed for united front against Boko Haram, saying Islamist insurgents were waging war on Christian and Muslim Nigerians alike.

 

3 Americans Killed in Attack on Kabul Hospital

April 24

Three American medical staff members died when Afghan security official opened fire at American-run Christian hospital in Kabul in latest violence targeting foreigners in Afghanistan.

 

Protesters Occupy Remote Oilfield in Peru

>

April 25

Indigenous protesters occupied Peru’s biggest oilfield in Amazon jungle near Ecuador to demand  cleanup of decades of contamination from spilled crude.

 

Yahoo News

Bomb Kills 4, Wounds 25 in Southern Pakistan

April 25

Powerful bomb exploded in upscale residential area of southern Pakistan, killing four people, wounding 25.

Security in the News – Week of April 14

Information Security

Krebs on Security

Crimeware Helps File Fraudulent Tax Returns

April 15

Cybercriminals targeting HR departments at compromised organizations, rapidly filing fraudulent federal tax returns on employees.

 

Hacker News

German Aerospace Center Targeted by Self Destructing Malware

April 14

It’s not so far when Germany confirmed its biggest Data theft in the country’s history with the usernames and passwords of 18 million email accounts stolen, compromised.

 

Help Net Security

Businesses Take Little Action to Mitigate Insider Threat

April 15

While businesses are growing increasingly aware of the insider threat, they still lack enforceable controls to stop and punish perpetrators.

Heartbleed Should Jumpstart Important Security Changes

April 15

With impacts on an estimated 60-70% of websites, Heartbleed is easily the security vulnerability with highest degree of potential impact ever.

 

Security of Most Popular Programming Languages

April 15

WhiteHat Security report takes deeper look into security of most popular programming languages including .Net, Java, ColdFusion, ASP and more.

 

Lateline

Australia Rates Second in Cyber-Capability

April 14

Australia is second only to the United States in cyber-capabilities in the Asia Pacific region, according to a landmark report.

 

Network World

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

April 15

Flawed OpenSSL Heartbleed problem is putting security firms in the hot seat.

 

State of Security

Data Breaches at Federal Agencies Doubled Over Three Years

April 15

Number of IS incidents involving exposure of personally identifiable information has more than doubled over last three years.

 

Security and Crisis Management

Aljazeera

Injuries as Blast Hits Central Cairo

April 15

Two policemen wounded in attack that targeted security checkpoint in Dokki neighborhood.

 

BBC

Nigeria Unrest: Gunmen Abduct 100 Schoolgirls

April 15

100 girls are thought to been abducted in attack on school in north-east Nigeria.

 

Belgian Emmanuel de Merode Shot in DR Congo Ambush

April 16

Belgian director of Africa’s oldest national park, Virunga in Democratic Republic of Congo, shot and wounded in ambush.

 

Latin American Tribune

Police Kill 4 Gunmen in Shootouts in Eastern Mexico

April 16

Four suspected criminals died in separate shootouts with police in port city of Veracruz.

 

Angeles Times

Nigeria Bus Station Bombing Kills 71; Boko Haram Blamed

April 14

Nigerian President blamed Boko Haram for explosion that killed scores at bus station outside capital, calling Islamic militant group an unnecessary distraction, temporary problem.

 

Reuters

Israeli Motorist Killed in West Bank Shooting: Army

April 14

An Israeli man was killed in a shooting attack on a civilian car near the city of Hebron in the occupied West Bank on Monday, the eve of the Jewish holiday of Passover.

Security in the News – Week of April 7

Information Security

Computerworld

Social Media Endangers Corporate Secrets

April 8

Employees can unintentionally share more than their employers want anyone to know.

 

Defense System

Three Ways to Deal with Insider Threats

April 7

For DOD IT teams, reality of insider threat may be far more mundane, though no less critical.

 

Forbes

Willis Insurance Predicts Energy Cyber-Attack Catastrophe Ahead

April 8

Major cyber-attack on energy industry is only a matter of time.

 

Three Effective Approaches To Corporate Security

April 9

IT security threats lurking are greater, more varied, far more insidious than ever before.

 

Fox Business

Hackers Unleash Mafia-Style Extortion Tactics

April 7

CEO received disturbing email one recent morning that would have ripple effects for his company’s 16 million users.

 

Help Net Security

CISO Challenges and Security ROI

April 7

EY Director of IS offers guidance for CISOs, discusses technical competence of company leaders, tackles security ROI, and more.

 

Emerging Trends in Cyber-Attack Methodology

April 7

Shift in complex attack trends, evolution in threat ecosystem and motivation of cyber-attacks.

 

Does IP Convergence Open You Up to Hackers?

April 7

Take steps to assure access you provide for vendors is not be abused or misused.

 

Public WiFi Users Regularly Access Sensitive Info

April 7

A considerable portion of US adults using free public WiFi say they accessed sensitive information while using it.

 

Breaches Expose 552 Million Identities in 2013

April 10

After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history.

 

Homeland Security News

Feds Struggle to Plug Power Grid Security Holes

April 10

Many vulnerabilities in power grid are attributable to newly adopted smart-grid technology, allows operators to transmit energy from diverse pool of resources.

 

Kai Roer

How to Build and Maintain Security Culture

April 7

Findings on security culture, slides.

 

Krebs on Security

Heartbleed Bug: What You Can Do

April 10

Many are understandably anxious to know what they can do to protect themselves; short primer.

 

Network World

Worst Data Breaches of 2014…So Far

April 8

204 through March for loss of 4,238,983 records related to sensitive information exposed through hacker cyber-attacks, stolen laptops, dumb mistakes.

 

PC Magazine

Why You Should Ditch Windows XP Now

April 1

First and foremost, this is a security issue.

 

Security Affairs

Extortion is Common Practice in Cyber Criminal Ecosystem

April 10

Extortion, ransom, blackmail are pillars of illicit activities, cyber criminals are adapting to cyber context.

 

State of Security

Russian Crime Syndicate Hacked Neiman Marcus, Many More

April 7

Russian crime syndicate identified as perpetrator of dozens of high profile attacks over seven years, lack of cooperation from authorities made dismantling group impossible.

 

Mobile Point-of-Sale Devices Easily Hacked

April 7

Banks, small and medium retailers, customers who use devices vulnerable to loss of payment card information and fraud.

 

Heartbleed Should Give You Cardiac Arrest

April 8

Of grave concern in security community on the Heartbleed vulnerability.

 

Security and Crisis Management

BBC

Pakistan Market Bomb Kills 20 in Islamabad

April 9

Deadly bomb blast struck market o outskirts of Pakistan’s capital, Islamabad, killing at least 20.

 

Los Angeles Times

Car Bomb Explodes Outside Bank of Greece

April 10

Suspected domestic terrorists exploded car bomb outside Bank of Greece building in heart of Athens.

 

Novinite.com

Anti-Terrorist Operation Under Way in Ukraine’s Kharkiv

April 8

Ukrainian security forces detained 70 in anti-terrorist organization in Kharkiv.

Customer-Focused vs Competition-Focused

If you’ve been fortunate enough to sit in on lectures and training from visionary cloud services companies like Amazon Web Services (AWS), throughout the training, the Amazon/AWS leadership principle of “customer obsession” will be referenced. The principle states that “Leaders start with the customer and work backwards. They work vigorously to earn and keep customer trust. Although leaders pay attention to competitors, they obsess over customers.”  It is the principle’s last sentence – being customer-focused versus competition-focused – that truly distinguishes Amazon within the industry.

When you are competitor-focused, where is your energy directed? It is directed toward beating the competition, not on serving customers. When you are customer-focused, where is your energy directed? It is directed toward making customers say, “wow.” In fact, Amazon’s mission statement is to be “earth’s most customer-centric company.” Customers are never truly satisfied. They always want higher quality products and services delivered faster, cheaper and better. Relentless focus on continually satisfying customers is where energy should be directed. Other thoughts:

  • Always ask customers for feedback. Feedback helps develop and shape strategy to better serve them. Feedback helps companies evolve from thinking about customers to thinking like customers.
  • Being customer-focused is easy to say, but difficult to do. Companies must institutionalize the customer being at the center of everything that they do.
  • Bring an empty chair into meetings to represent the most important person in the room – the customer. The empty chair will ensure that everyone remains conscious about how their decisions impact customers.
  • Make taking care of customers your personal obsession. Treat them the way that you would want to be treated. If you do not take care of customers, someone else will (remember: customers pay the bills).
  • What should business leaders bet on? They should bet on what customers are telling them. They should listen to customers. They should invest where the customer is going, not where the customer has been.

Security in the News – Week of March 31

Information Security

BetaNews

Millions of Home Routers Expose ISPs to DDoS Attacks

April 2

DNS-based DDoS amplification attacks have significantly increased in recent months, targeting vulnerable home routers worldwide.

 

Computer Weekly

Business Counts Cost of Cyber Attackers’ Secret Weapon

March 31

Global businesses are counting cost of failing to defend against advanced evasion techniques.

 

Computerworld

Untraceable Device Allows Hacker to Control Car From Miles Away

March 31

$20 untraceable device allows attacker to remotely take control of cars that are CAN-enabled vehicles.

 

Financial Firms, Social Media Remain Top Phishing Targets

April 3

Kaspersky Labs says nearly 30 percent of phishing attacks last year targeted financial institutions, second only to social networking Phishing attack campaigns.

 

CSO

Zeus Malware Found with Valid Digital Certificate

April 3

New version of notorious banking Trojan could avoid detection by browsers and anti-malware software.

 

FireEye

APT1: The State of the Hack One Year Later

April 1

FireEye COO took stage at RSA to share perspective on activities that led to release of APT1 report, aftermath.

 

Forbes

Will Pentagon’s Plan For Defeating Insider Attacks Work?

March 31

In a curious omission, there’s no mention of plans for dealing with kind of insider attacks perpetrated by Snowden.

 

Help Net Security

European Cybercrime Centre Warns About Windows XP Security Risks

March 31

European Cybercrime Centre warns security risks related to end of Windows XP support.

 

CIOs Moving More Information to Cloud

March 31

CIOs, senior-level IT leaders moving increasing percentage of organizational information into cloud, growing use of private cloud, SaaS delivery models.

 

Simple Steps to Prevent Data Theft

March 31

Tips for protecting organizations against the types of data breaches that recently occurred at major retailers.

 

Dangers of Using Outdated Software

April 2

Survey shows  many businesses are risking company assets by using outdated software.

 

Information Week

Cyber Criminals Operate On A Budget, Too

April 1

Report on how attacks have gotten more advanced, but use same old tools.

 

Krebs on Security

US States Investigating Breach at Experian

April 3

Credit bureau Experian ended up selling consumer records to identity theft service in cybercrime underground, prompted a multi-state investigations.

 

Network World

Mass Malware on Mobile Devices

March 31

Are mobile phones en masse more or less vulnerable than other systems? Or just different?

 

Whose Fault That Users are Weakest Link?

April 2

Users are weakest link when it comes to network, computer security, survey reveals users themselves aren’t entirely to blame.

 

Users Face Serious Threat as Hackers Take Aim at Routers, Embedded Devices

April 3

Attacks are likely to continue and manufacturers are largely unprepared to respond.

 

Want to Lower Risk? Lower the ROI of Hackers

April 3

Hacking is no longer a game for tech-savvy teens looking for bragging rights. It is a for-profit business, a very big business.

 

New Cybersecurity Reality: The Whole is Greater Than Sum of Parts

April 3

Integration, architecture, collective action are new reality, demand behavioral changes across industry.

 

PC Mag

Ex-Microsoft Employee Pleads Guilty to Stealing Trade Secrets

April 2

Former employee accused of leaking early copies of Windows 8 to French blogger in 2012.

 

The Tribune

Cyber-Attacks Hit Oil, Gas, Just as Much as Retail

April 1

New gen of malware is causing havoc with US businesses as hackers seek to steal private financial information.

 

TrendMicro

Looking Into The Cybercrime Underground

April 1

Key part of cybercrime research focuses on the communities that cybercriminals form.

 

Tripwire

DDoS Trends Report Reveals Spike in Botnet Activity

March 31

DDoS trend found average of 12M unique botnet-driven attacks occurring weekly in last 90 days, 240% increase over same period 2013.

 

We Live Security

NSA Revelations Impact Online Shopping, Banking, More

April 2

Online banking and shopping in America are being negatively impacted by ongoing revelations about NSAs digital surveillance activities.

 

ZD Net

Top Security Worry Keeping Businesses Awake at Night

April 3

One worry tops the rest: possibility of insider threats.

 

Security and Crisis Management

Bangkok Post

Protester Killed in Ambush, Four Wounded

April 1
Security guard shot dead, four other anti-government protesters wounded when gunmen ambushed convoy as it left Chaeng Wattana protest site.

 

BBC

Police Chief Dies in Cairo Bombings

April 2

Police brigadier-general killed, five injured when three bombs went off near Cairo University.

 

Herald Tribune

Colombian Military Operations Result in Six Rebels Killed, Four Captured

April 3

Colombian army operations in central, SW part of country, resulted in six FARC guerrillas killed, four captured, four laid down arms voluntarily.

Should I Get A Lawn Service?

If you’re an outdoor, do-it-yourself, love the serenity, green thumb kind of person, then don’t bother reading this post.  More than likely, you’re maintaining your own lawn and you love every minute of it…

But, if you’re like me, and could “take it or leave it” when it comes to the satisfaction of cutting your own lawn or having it serviced, maybe this article will help you decide.

Have a quick look at the quick ROI XLS I created below.  Assume you would like to purchase a ‘better than average’ riding lawn mower – including attachments (to get the job done right). Without including the cost of the weed whacker and edging equipment and associated fuel costs, the payback is over EIGHT YEARS!

lawn-mower-roi

Let me know where you land on this topic!