Cyber Security News of the Week, May 13, 2012

Cyber Security Commentary — ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA’s 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS’ Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders. Nonprofits can attend for free by taking advantage of ISSA-LA’s special scholarship fund. Email for more information.

The ISSA Summit provides business leaders with a concentrated, thought-provoking, and valuable education in the nature of these threats, and how organizations can and should mitigate their risks from today’s cyber threats.  I highly recommend that executives take advantage of this annual event.

Eric Schwab
General Manager
GFI Software

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Hackers target Twitter spammers in massive account data breach: Summary: A massive breach has led to more than 55,000 Twitter accounts being published on the Web. But it appears the hackers may have targeted spammers over ordinary users. Twitter is investigating after 55,000 account details — including username and password combinations — were published online. ZDNet, May 8, 2012

Hackers breach UMaine servers. Affected students made purchases at computer store: A University of Maine computer server breach by hackers may have exposed personal information, including credit card and Social Security numbers of students, college officials said Thursday. Morning Sentinel, May 12, 2012

Cyber Hacktivists

Activist hackers temporarily block Putin’s website: Hackers temporarily blocked President Vladimir Putin’s web site on Wednesday, carrying out a promise to disrupt government information portals two days after his swearing-in for another six-year term that has drawn street protests. Reuters, May 9, 2012

Cyber Risk

Is Your Cloud Provider Exposing Remnants of Your Data?: CIO – If your organization uses a multi-tenant managed hosting service or Infrastructure as a Service (IaaS) cloud for some or all of your data and you aren’t following best practices by encrypting that data you may be inadvertently exposing it. ComputerWorld, May 10, 2012

FBI: Updates Over Public ‘Net Access = Bad Idea: The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms. KrebsOnSecurity, May 11, 2012

DHS: Hackers Mounting Organized Cyber Attack on U.S. Gas Pipelines: For the past six months, an unidentified group of hackers has been mounting an ongoing, coordinated cyber attack on the control systems of U.S. gas pipelines, prompting the Department of Homeland Security to issue alerts. ABC News, May 8, 2012

At the Crossroads of eThieves and Cyberspies: Lost in the annals of campy commercials from the 1980s is a series of ads that featured improbable scenes between two young people (usually of the opposite sex) who always somehow caused the inadvertent collision of peanut butter and chocolate. After the mishap, one would complain, “Hey you got your chocolate in my peanut butter!,” and the other would shout, “You got your peanut butter in my chocolate!” The youngsters would then sample the product of their happy accident and be amazed to find someone had already combined the two flavors into a sweet and salty treat that is commercially available. KrebsOnSecurity, May 8, 2012

Financial Malware Tricks Users With Claims of Free Credit Card Fraud Insurance: A piece of financial malware called Tatanga attempts to trick online banking users into authorizing rogue money transfers from their accounts as part of the activation procedure for a free credit-card fraud insurance service purportedly provided by their banks, security researchers from Trusteer said Tuesday. IDG News, May 8, 2012

Hackers Gain Access to Homes Through Webcams: Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams. “The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that’s the main issue,” said Feross Aboukhadijeh, a student at Stanford University in California. Information Week, May 9, 2012

Cyber Security Management

HIPAA/HiTECH – Changes on the Way for Covered Providers: The privacy and security landscape for covered providers will soon be changing. A number of rules are finally making their way through the system in relationship to HIPAA, HiTECH and Stage II Meaningful Use. JDSupra, May 9, 2012

Securing the Village

Pentagon to expand cybersecurity program for defense contractors: The Pentagon is expanding and making permanent a trial program that teams the government with Internet service providers to protect defense firms’ computer networks against data theft by foreign adversaries. Washington Post, May 11, 2012

Identity-Theft Victims Given Short Shrift by IRS, Says Watchdog: J. Russell George, the Treasury Inspector General for Tax Administration, or Tigta—an official IRS watchdog—today told a Congressional oversight committee that the Internal Revenue Service gives “confusing and often conflicting instructions” to taxpayers who are victims of identity theft. IRS Deputy Commissioner Steven Miller gave testimony before the committee as well. Wall Street Journal, May 8, 2012

FBI Fears Bitcoin’s Popularity with Criminals: The FBI sees the anonymous Bitcoin payment network as an alarming haven for money laundering and other criminal activity — including as a tool for hackers to rip off fellow Bitcoin users. … That’s according to a new FBI internal report that leaked to the internet this week, which expresses concern about the difficulty of tracking the identify of anonymous Bitcoin users, while also unintentionally providing tips for Bitcoin users to remain more anonymous. Wired, May 9, 2012

Cyber Defenders

Cybersecurity Firms Ditch Defense, Learn To ‘Hunt’: The most challenging cyberattacks these days come from China and target Western firms’ trade secrets and intellectual property. But a problem for some is a business opportunity for others: It’s boom time for cybersecurity firms that specialize in going after Chinese hackers. NPR May 10, 2012

Cyber Research

Cybersecurity Experts Begin Investigation on Self-Adapting Computer Network That Defends Itself Against Hackers: In the online struggle for network security, Kansas State University cybersecurity experts are adding an ally to the security force: the computer network itself. Newswise, May 10, 2012