Cyber Crime
Breach At Bit.ly Blamed On Offsite Backup Storage Provider: URL shortening service says user database may have been compromised through backup data. DarkReading, May 13, 2014
Cyber Attack
Iranian Hackers Targeted Defense Workers and Political Dissidents: There’s a new politically motivated hacker gang to keep track of, one that started out defacing websites but which has progressed more recently into conducting full-blown campaigns of cyber espionage abroad and political oppression at home. And it is based in Iran. Re/code, May 13, 2014
Cyber Privacy
NSA reform: lawmakers aim to bar agency from weakening encryption: Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment. The Guardian, May 13, 2014
Is the EU compelling Google to become about.me?: Today the EU’s highest court interpreted the EU’s 1995 Data Protection Directive to mean that individuals should have a shot at insisting that Google and other search engines remove certain search results found upon a search for their names, not because they are false, or infringe copyright, but because they violate a “respect for private life” or a “right to protection of personal data.” What does that mean specifically? Not easy to say. Neither the opinion nor the Court’s press release is clear on that. Among the many cases pending about it, the one that the Court heard involved a Spanish citizen who did not like that people could find the public records of a foreclosure sale of one of his properties. So that’s not personal, secret information that was somehow uncovered; it’s a public record or fact made more searchable. And it’s not in the narrow category of things like social security numbers that might be in public documents, but for which Google and other search engines have taken some steps to make them not work as search terms. (Same with credit card numbers.) Jonathan Zittrain, May 13, 2014
Europe’s Top Court Orders Google to Forget: Google and other search engine providers can be ordered to delete links to outdated information about a person published on the Internet, the Court of Justice of the European Union ruled Tuesday. CIO, May 13, 2014
Identity Theft
Here’s How You Protect Your Kids From Identity Theft: Child identity theft cases sometimes continue for years before they’re discovered. Adam Levin, of Identity Theft 911, explains how this happens, and what to do about it. NPR, May 13, 2014
Cyber Warning
Windows users warned over spammed-out gadget malware attack: Windows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out. Graham Cluley, May 16, 2014
Hackers ramp up computer attacks, demand ‘ransom’: On a bitter cold Friday in January, an ominous warning popped up on a computer screen at the Chamber of Commerce in Bennington, Vt. Detroit Free Press, May 15, 2014
Postal Service: Beware Stamp Kiosk Skimmers: The United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at Post Office locations across the United States, KrebsOnSecurity has learned. KrebsOnSecurity, May 13, 2014
Cyber Security Management
Infographic: The Story Of A Phish: Are your employees like Troy, blissfully unaware of the dangers of spear phishing? DarkReading, May 13, 2014
Cybersecurity options lag behind hackers’ abilities: A computer hacker once told a congressional committee that he could take out the entire Internet in a half-hour. That was back when the World Wide Web was in its infancy and Google didn’t even exist yet. Stars and Stripes, May 13, 2014
Your Cybersecurity: Don’t Count On The Government: Last week I attended the United States Cybercrime conference outside of Washington, D.C. For the past eleven of twelve years, the Department of Defense organized this gathering, but this year it was privately funded due to budget constraints. This was a five-day event with six hundred cybersecurity experts, government agents, intelligence officers, and private sector IT professionals. There were more than 170 speakers, sixty exhibitors, and in-depth hands-on training courses in digital forensic investigations, decryption techniques, malware smartphone analysis, and covert exploration of digital services. Forbes, May 12, 2014
Cyber Security Management – Cyber Update
Adobe, Microsoft Issue Critical Security Fixes: Adobe and Microsoft today each released software updates to plug dangerous security holes in their products. Adobe pushed patches to fix holes in Adobe Acrobat/Reader as well as Flash Player. Microsoft issued eight update bundles to nix at least 13 security vulnerabilities in Windows and software that runs on top of the operating system. KrebsOnSecurity, May 13, 2014
Cyber Security Management – Cyber Defense
Rush to defend against Heartbleed leads to mistakes with certificates, patches: Despite taking prompt action to defend against the Heartbleed attack, some sites are no better off than before — and in some cases, they are much worse off. NetworkWorld, May 9, 2014