Cyber Security News of the Week, April 29, 2012

Cyber Security Commentary — ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA’s 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS’ Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders. Nonprofits can attend for free by taking advantage of our special scholarship fund. Email for more information.

After almost two decades of building and managing technology companies, I can attest to two unmistakable and converging facts.  First, the intellectual property, financial data, and other assets of almost every organization are now in electronic format.  And second, we are seeing a skyrocketing volume of espionage, theft, and other malicious activity conducted against those electronic assets.

The ISSA-LA Summit provides business leaders with a concentrated, thought-provoking, and valuable education in the nature of these threats, and how organizations can and should mitigate their risks from today’s cyber threats.  I highly recommend that executives take advantage of this annual event.

Eric Schwab
General Manager
GFI Software

Visit the ISSA-LA Summit Website for more information or to register.


ISSA-LA Offers Free Registration Program For NonProfits: The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) has created a donation fund of up to $20,000 to IT employees and executives of nonprofits to attend, at no charge to the attendees, the fourth annual Information Security Summit on Wednesday, May 16, 2012 at Hilton Universal City Hotel in Los Angeles. The theme of the one-day Summit is The Growing Cyber Threat: Protect Your Business, which includes the business of operating nonprofits. DarkReading, April 27, 2012

Cyber Security Management

Mac Flashback Malware Still Going Strong, Security Experts Say: Security experts looking at the Flashback malware that had infected hundreds of thousands of Apple Macs worldwide are trying to come to an agreement over how many of these systems are still compromised by the exploit. eWeek, April 23, 2012

Infected Computers to Lose Web Access When FBI Band-Aid Falls Off: The safety net that federal authorities set up several months ago as a countermeasure to a massive malware scam will be shut down in July. When that happens, computers that are still infected with the malware, known as “DNSChanger,” may be completely unable to access the Internet. The FBI and other groups have set up tools to diagnose and mend affected computers. TechNewsWorld, April 23, 2012

One in Five Macs Infected With Malware: Sophos: One in every five Apple Macs is infected with malware, according to a survey by security software firm Sophos. eWeek, April 24, 2012

Cyber Risk – HIPAA

OCR settles HIPAA case for $100k: April 26, 2012 — On April 17, 2012, the United States Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement with Phoenix Cardiac Surgery (“PSC”) for alleged violations of the HIPAA Privacy and Security Rules., April 26, 2012

Cyber Crime – HIPAA

Hospitals seeing more patient data breaches: A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents. NetworkWorld, April 13, 2012

Cyber Criminals

Russia’s Million Dollar Hackers: Few nationalities are as good at making money from hacking than the Russians. Their share of the global cyber crime market, an estimated $12.5 billion black market, doubled last year to $4.5 billion, according to Moscow-based Group-IB, a cyber security services firm working mainly with the Russian government and banks to help reduce online fraud. Forbes, April 24, 2012

Refund Tax Fraud, iPhone, Feed Identity Theft By Employees: Last Thursday night, an undercover deputy from the Hillsborough County, Fla. Sheriff’s office, acting on a tip, made a street buy. What makes this noteworthy is he didn’t buy drugs. Instead, he purchased 33 stolen names, birth dates and Social Security numbers. The Sheriff’s office says the seller, Joseph Burden, 29, was found to have 221 names in his book bag and admitted he’d taken them from his employer, Tampa-based ProVest. In an e-mailed statement, ProVest President James Ward says the arrested employee has been placed on leave and that “ProVest takes data security and privacy seriously; numerous precautions are and have been in place to safely guard consumer data.” ProVest ironically, specializes in fraud detection, skip tracing and loss mitigation. Forbes, April 24, 2012

Cyber Legislation

House cybersecurity sponsors respond to privacy concerns: Leaders of the House Permanent Select Committee on Intelligence pledged Tuesday to amend their cybersecurity bill, the Cyber Intelligence Sharing and Protection Act, to address the main concerns raised by civil libertarians and privacy advocates. The revisions are clear improvements, and they show that the committee is trying hard to limit the measure’s scope. Nevertheless, the bill still has a fundamental problem: By encouraging network operators to share information with the government about what their customers do online, it threatens to turn ISPs and online service providers into snoops. LA Times, April 25, 2012

House GOP dares Senate on cybersecurity: The House is sending a message to the White House and Senate Democrats this week by passing a batch of cybersecurity bills aimed at preventing the digital version of a Pearl Harbor: Not on our watch. Politico, April 25, 2012

Cybersecurity bills aim to prevent ‘digital Pearl Harbor’: NEW YORK (CNNMoney) — Cybercrime isn’t just a threat to your bank account or personal computer — it’s an issue of national security.Foreign spies and organized criminals are inside of virtually every U.S. company’s network. The government’s top cybersecurity advisors widely agree that cyber criminals or terrorists have the capability to take down the country’s critical financial, energy or communications infrastructure. CNN, April 23, 2012