Cyber Security News of the Week, May 6, 2012

Cyber Security Commentary — ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA’s 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS’ Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders. Nonprofits can attend for free by taking advantage of ISSA-LA’s special scholarship fund. Email for more information

I recommend the Summit to both the CIO and their staff because it’s the one day you can count on to get informed, learn how to stay informed, and build a network of strong security professionals who are passionate about supporting the “neighborhood watch” of information security. 

Jennifer Terrill, CISSP
Vice President Information Technology /  CISO
True Religion Brand Jeans

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Hackers Blackmail Belgian Bank With Threats to Publish Customer Data: Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (US$197,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats. PC World, May 3, 2012

Global Payments Breach Window Expands: A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the length of the breach since Global Payments acknowledged the incident on March 30, 2012. KrebsOnSecurity, May 4, 2012

Cyber Crime – HIPAA

SC inspector general analyzing security processes following theft of Medicaid information: COLUMBIA, S.C. — South Carolina’s inspector general is reviewing the security systems of state agencies following the theft of more than 228,000 Medicaid patients’ personal information, Gov. Nikki Haley said Monday. The Republic, April 30, 2012

Cyber Hacktivists

Hackers plan attack on Russian government sites: The activist hacker group Anonymous said on Friday it planned to attack Russian government websites in order to support opposition protests ahead of Vladimir Putin’s inauguration as president. Reuters, May 4, 2012

Cyber Privacy

How to Muddy Your Tracks on the Internet: Legal and technology researchers estimate that it would take about a month for Internet users to read the privacy policies of all the Web sites they visit in a year. So in the interest of time, here is the deal: You know that dream where you suddenly realize you’re stark naked? You’re living it whenever you open your browser. The New York Times, May 3, 2012

Cyber Risk

Processor Warns of Hacking Trend: Over the past year, First Data, the largest payments processor in the U.S., has seen an uptick in “trolling” – hackers sniffing networks for remote access into point-of-sale systems that are open or loosely protected. BankInfoSecurity, April 30, 2012

Fears of spying hinder U.S. license for China Mobile: WASHINGTON — Concerned about possible cyber spying, U.S. national security officials are debating whether to take the unprecedented step of recommending that a Chinese government-owned mobile phone giant be denied a license to offer international service to American customers. LA Times, May 5, 2012

Malware for Macs Lucrative, Security Researchers Say: Last month, cybercriminals embarked on what quickly became one of the largest-scale malware attacks on Apple computers to date. Their motive was financial: security researchers now estimate that the infected computers made the malware’s creators $10,000 a day. The New York Times, May 1, 2012

Cyber Threat

Android Apps Slurp Excessive Data: More than one-third of Android apps request “excessive permissions,” giving them access to more data than they require. InformationWeek, May 1, 2012

Snow Leopard hit hardest by Flashback malware: Russian security company Dr. Web recently analyzed one of the latest known variants of the Flashback malware for OS X, and in doing so revealed some interesting statistics regarding the infection rates of the malware — which, by some perspectives, counters criticism of Apple’s lapse in attention to security on OS X. Cnet, April 30, 2012

6 Discoveries That Prove Mobile Malware’s Mettle: Mobile malware hasn’t yet grown to the problematic levels that once plagued Windows PCs back in the days before Trustworthy Computing. That doesn’t mean mobile vulnerabilities aren’t exploitable, though: Today’s security researchers are not only creating and discovering proof-of-concept examples with real-world applicability, but they’re finding in-the-wild samples, too. Dark Reading, May 3, 2012

Cyber Vulnerability

The 10 worst Web application-logic flaws that hackers love to abuse: Hackers are always hunting to find business-logic flaws, especially on the Web, in order to exploit weaknesses in online ordering and other processes. NT OBJECTives, which validates Web application security, says these are the top 10 business-logic flaws they see all the time. NetworkWorld, May 3, 2012

Mac Malware Targeting Unpatched Office Running on OS X: Microsoft is reporting that malware is exploiting unpatched versions of its Microsoft Office Word 2000 suite to compromise Apple Macintoshes running Snow Leopard or earlier versions of Mac OS X. eWeek, May 2, 2012

Adobe warns: Flash Player malware hitting IE on Windows users: Adobe has shipped an extremely urgent Flash Player patch to block in-the-wild malware attacks against Windows users. ZDNet, May 4, 2012

Cyber Security Management

8 Reasons Conficker Malware Won’t Die: Obstinate. That’s how Microsoft has labeled Conficker, which, despite being three years old and targeted for eradication, continues to survive–and even thrive–in corporate networks. InformationWeek, April 30, 2012

Vulnerability Management

Hackers’ Favorite Target Last Year Was a Blast From the Past: If you need more proof that users are a weak link in computer security, look no further than today’s report from Symantec, which showed that hackers’ favorite target in 2011 was a security hole fixed about four years ago. Bloomberg, April 30, 2012

Securing the Village

For Stronger IT Security, Build Relationships, Not Walls: Security leaders put up walls. Firewalls, barriers to entry, ways to control the flow of information. It’s what we do. But ironically, to do a better job of protecting our enterprises, we’ve got to become more open and collaborative. Forbes, May 4, 2012

Cyber Career

Hottest IT Skill? Cybersecurity: Embattled by hactivists, cybercriminals and foreign rivals seeking to steal proprietary information, U.S. corporations are ramping up their hiring of cybersecurity experts, with open jobs reaching an all-time high in April. PC World, May 3, 2012

Cyber Crime Busters

Microsoft says raid damaged cybercrime operation: BALTIMORE – Microsoft and the banking industry Monday provided a detailed, behind-the-scenes account of an operation they said disrupted a major cybercrime operation that used malicious software to allegedly steal $100 million from consumers over the last five years. Fox News, April 30, 2012

Cyber Expose

Flashback malware exposes big gaps in Apple security response: A pair of high-profile malware attacks have given Apple a crash course in security response. Based on recent actions, 70 million current Mac owners have a right to expect much more from Apple than they’re getting today. ZDNet, April 29, 2012