Cyber Security News of the Week, April 15, 2012

Cyber Security Commentary — ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA’s 4th Annual Information Security Summit.  Keynote address by Alan Paller. Special keynote address by Chris Coffey. Perfect for business, technology and information security leaders.

Information security is here. It’s now. And while we see stories in the paper about problems, there is little information about what we as business leaders need to do. I have been impressed with what i have learned from attending the ISSA-LA Summit.   I have gained important knowledge about protecting my business. And about the competitive advantage I achieve when I protect my customers’ sensitive information.

Leading edge Information security requires everyone in your organization to get involved, to work together as a team. This takes leadership. This is what the Summit is all about. By attending yourself and bringing one or two members of your team you will leave with actionable insights.  No group understands information security like ISSA-LA. That’s why I’m going to Summit IV and that’s why I recommend ISSA-LA’s Information Security Summit to my clients. We are fortunate to have this organization gathering so many experts together. It is a not to be missed opportunity.

Tom Drucker
Consultants in Corporate Innovation

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Utah breach 10X worse than originally thought: The scope of a data breach involving a Medicaid server at the Utah Department of Health is much worse than originally thought. State officials now say that close to 280,000 Social Security Numbers may have been exposed in the incident instead of 25,000, as originally believed. ComputerWorld, April 9, 2012

Cyber Threats

Checking for Mac Flashback infestation? There’s an app for that: Our post from Friday about how to check your Mac for a Flashback malware infection has been wildly popular so far. And with good reason, too, since a second security firm has now backed up the numbers indicating that more than half a million Macs have been infected. That’s slightly more than 1 percent of all 45 million Macs in the world—still a relatively small number, but a worrisome one for Mac users, as the tally of infected machines continues to grow. ars technica, April 9, 2012

Criminals Hide Malware in Version of ‘Angry Birds: Space’: A version of the hit game Angry Birds: Space that’s been seeded with malware has been discovered in the wild, although only the adventurous may risk being infected. PC Magazine, April 12, 2012

HP’s Malware-Laden Switches Illustrate Supply Chain Risks: Hewlett-Packard is trying to figure out what happened as the technology giant warned customers that some of the HP ProCurve switches shipped last year contained malware-laden flash cards. PC Magazine, April 12, 2012

Cyber Security Management

Has Security Bloom Fallen off the Rose for Macs?: Dr. Stahl is quoted extensively in this story. For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics. Apple is under increasing pressure to take preventative security measures by cyber experts in the wake of 600,000 malware-infected Macs. The Biz Coach, April 11, 2012

Conversations On Cybersecurity, Part 4: Effective Protection: Alan Paller, Research Director, SANS Institute:  When we last left the attorneys, they had asked what they could do to stop the targeted attacks that the Chinese and other competitors used in industrial espionage. Forbes, March 5, 2012

Data Security: Who’s Winning the Cyber War?: Data security has long been a priority for financial services firms. But a wave of very public cyber attacks by international hacker groups such as Anonymous, combined with an already distrustful public following the financial crisis, has forced financial services firms to step up their network security to prevent data breaches and regain clients’ trust. While victims of some of the more notable attacks and data breaches of 2011 were large consumer companies and government agencies — including Sony, PBS, the U.S. Senate, and even the CIA and FBI — security experts say financial services firms, traditionally a popular target of fraudsters, are increasingly a target of criminal hackers. Wall Street & Technology, April 9, 2012

ISSA-LA – Securing the Village

World renowned executive and leadership coach Chris Coffey will be a featured speaker at the Los Angeles Chapter of the Information Systems Security Association’s (ISSA-LA) fourth annual Information Security Summit on Wednesday, May 16, 2012 at Hilton Universal City Hotel in Los Angeles. The theme of the one-day Summit is The Growing Cyber Threat: Protect Your Business. PRLog, April 12, 2012

Cyber Updates

Adobe, Microsoft Issue Critical Updates: Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. KrebsOnSecurity, April 10, 2012

Apple’s Flashback malware remover now live: Apple this afternoon released an integrated tool to remove Flashback, malware designed to steal user information that was estimated to be present in more than half a million machines just last week. Cnet, April 12, 2012

Cyber Risks

FBI: Smart Meter Hacks Likely to Spread: A series of hacks perpetrated against so-called “smart meter” installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in a cyber intelligence bulletin obtained by KrebsOnSecurity. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology. KrebsOnSecurity, April 11, 2012

Cyber Sabatoge — Stuxnet

Stuxnet Loaded by Iran Double Agents: The Stuxnet virus that damaged Iran’s nuclear program was implanted by an Israeli proxy — an Iranian, who used a corrupt “memory stick.32,” former and serving U.S. intelligence officials said. ISSSource, April 11, 2012

Cyber Law

House to take up cybersecurity bill with revisions: (Reuters) – The U.S. House of Representatives will take up a cybersecurity bill at the end of April that lets the government and corporations share information about hacking attacks on U.S. networks, with amendments intended to ease civil liberties concerns, lawmakers said on Tuesday. Reuters, April 11, 2012