Cyber Crime
Hackers Compromise 51 UPS Stores Across the United States: A gang of cybercriminals from Eastern Europe, which is believed to be behind this year’s high profile breaches of Target, P.F. Chang’s, Neiman Marcus and other retailers has also compromised 51 UPS Stores across the United States. Mashable, August 21, 2014
Chinese Hackers Hit Community Health System: Hackers who broke into network hospital group Community Health Systems stole non-medical customer data including credit cards, says new report. InformationWeek, August 18, 2014
Community Health says data stolen in cyber attack from China: (Reuters) – Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients. Reuters, August 18, 2014
Hacked: Data breach in Star, Shaw and Jewel-Osco Stores: A massive data breach has been suffered by Jewel-Osco through which information of millions of customers may have been exposed. Wall Street OTC, August 17, 2014
Why So Many Card Breaches? A Q&A: The news wires today are buzzing with stories about another potentially major credit/debit card breach at yet another retail chain: This time, the apparent victim is AB Acquisition, which operates Albertsons stores under a number of brands, including ACME Markets, Jewel-Osco, Shaw’s and Star Markets. Today’s post includes no special insight into this particular retail breach, but rather seeks to offer answers to some common questions regarding why we keep hearing about them. KrebsOnSecurity, August 15, 2014
Cyber Privacy
As governments invade privacy, tools for encryption grow more popular: In the wake of Edward Snowden’s revelations about the NSA collecting massive amounts of user meta-data, many people went in search of safer, more secure ways to use the internet anonymously. Once thought to be something only used by the tech-savvy, increased interest in end-to-end e-mail encryption has prompted both Google and Yahoo to develop user-friendly versions of the protocol that would, in theory, make personal messages exceedingly difficult to intercept. PBS, August 22, 2014
New Search Engine Promises to Keep Your Data Private: Privacy-minded Internet users gained a new search option Tuesday with the debut of Private.me. US News and World Report, August 19, 2014
The Internet’s Original Sin: It’s not too late to ditch the ad-based business model and build a better web. The Atlantic, August 14, 2014
Foursquare Now Tracks Users Even When the App Is Closed: Hiding in Foursquare’s revamped mobile app is a feature some users might find creepy: It tracks your every movement, even when the app is closed. The Wall Street Journal, August 6, 2014
The Internet With a Human Face: Marc [Thiele] emailed me a few weeks ago to ask if I thought my talk would be appropriate to close the conference. “Marc,” I told him, “my talk is perfect for closing the conference! The first half is this incredibly dark rant about how the Internet is alienating and inhuman, how it’s turning us all into lonely monsters.” Maciej Cegłowski Lecture, May 2014
Financial Cyber Security
CRIDEX MALWARE TAKES LESSON FROM GAMEOVER ZEUS: The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day. ThreatPost, August 22, 2014
Cyber Threat
How Hackers Could Mess With 911 Systems and Put You at Risk: The female caller was frantic. Why, she asked 911 dispatchers, hadn’t paramedics arrived to her home? She’d already called once to say her husband was writhing on the floor in pain. “Hurry up!,” she’d pleaded, as she gave the operator her address. And then she hung up and waited for help to arrive, but it never did. By the time she called back, her husband had turned blue. “He’s dying!” she cried helplessly into the phone. Wired, August 21, 2014
Cyber Warning
US warns ‘significant number’ of major businesses hit by Backoff malware: Over a thousand major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff” and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday. PCWorld, August 22, 2014
JPMorgan Chase customers targeted in massive phishing campaign: Customers of JPMorgan Chase are the target of a massive multifaceted phishing campaign impacting mostly people in the U.S., according to security firm Proofpoint. SC Magazine, August 22, 2014
FBI warns healthcare firms they are targeted by hackers: (Reuters) – The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records. Reuters, August 20, 2014
Cyber Security Management
BlackHat 2014: Businesses Look to NIST Risk Management Framework in Bid to Improve Security Posture: The recently released Risk Management Framework from the National Institute for Standards and Technology outlines what organizations need to do to improve their information security posture against serious attacks. The roundtable discussion at Black Hat last week focused on the Framework’s elements, what some of the issues are, and how organizations can apply these guidelines to protect their networks and data. InfoSecurity, August 13, 2014
5 Ways Boards Could Tackle Cybersecurity: A new handbook from National Association of Corporate Directors, titled Cyber-Risk Oversight, offers five principles to guide boards of directors in helping their organizations address IT security threats. HealthCare Info Security, July 29, 2014
The 5 Biggest Cybersecurity Myths, Debunked: “A domain for the nerds.” That is how the Internet used to be viewed back in the early 1990s, until all the rest of us began to use and depend on it. But this quote is from a White House official earlier this year describing how cybersecurity is too often viewed today. And therein lies the problem, and the needed solution. Wired, July 2, 2014
Securing the Village
How to Save the Net: A CDC for Cybercrime: The Internet may be made up of software and hardware, but it is an ecosystem that depends on a key human value: trust. The networks and systems must be able to trust the information we are sending, and in turn we have to be able to trust the information we receive. Wired, August 19, 2014
Critical Infrasturcture
Infographic: 70 Percent of World’s Critical Utilities Breached: New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months. DarkReading, August 15, 2014
Cyber Research
Technology Can Make Lawful Surveillance Both Open and Effective: With cryptography, surveillance processes could be open and preserve privacy without undermining their investigative power. MIT Technology Review, August 18, 2014
Cyber Misc
Worldwide Spending On Information Security To Surpass $70B By End Of 2014: Report: Worldwide spending on information security is estimated to reach $71.1 billion in 2014, representing an increase of 7.9 percent over 2013, as organizations adapt to the growing threat of cyber crime, according to a new report from Gartner. International Business Times, August 22, 2014
If a Self-Driving Car Gets in an Accident, Who—or What—Is Liable?: On first contact with the idea that robots should be extended legal personhood, it sounds crazy. The Atlantic, August 13, 2014