Citadel Information Group

You are here: Home / Cybersecurity News of the Week / Cyber Security News of the Week, November 30, 2014

by

Cyber Security News of the Week, November 30, 2014

Cyber Crime – Sony Attack

Several Sony Films Leak Online After Hack Attack: Screener copies of at least five new Sony Pictures movies are being traded online after the studio’s computers were hacked. ‘Fury’ and ‘Annie’ are among the pirated titles surging in online downloads. Hollywood Reporter, November 29, 2014

Sony Pictures’ computers are still locked as hackers demand equality (updated): Sony Pictures’ employees around the globe are still locked out of their company computers after they were hacked on the 24th by a group calling itself the “Guardians of Peace.” Now, new details have emerged that shed some light on what they want and how they did it. Someone who claims to be part of the group and identifies himself as “Lena” told Salted Hash and The Verge that it’s not money they’re after: “We Want equality. Sony doesn’t. It’s an upward battle.” Further, he hints that the whole deal was an inside job and that they have physical access to the company’s offices: “Sony left their doors unlocked, and it bit them,” Lena wrote. “They don’t do physical security anymore. Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in.” engadget, November 26, 2014

Sony Pictures hackers say they want ‘equality,’ worked with staff to break in: The hackers who took down Sony Pictures’ computer systems yesterday say that they are working for “equality” and suggest that their attack was assisted or carried out by Sony employees. In an email responding to inquiries from The Verge, a person identifying as one of the hackers writes, “We Want equality [sic]. Sony doesn’t. It’s an upward battle.” The hackers’ goals remain unclear, but they used the attack yesterday to specifically call out Sony Entertainment CEO Michael Lynton, referring to him as a “criminal” in a tweet. The Verge, November 25, 2014

Sony Pictures Targeted by Apparent Hack Attack to Corporate Systems: Sony Pictures Entertainment has told employees companywide to not connect to corporate networks or access email, after the studio was hit Monday by what appeared to be a malicious hacker attack threatening to disclose “secrets,” Variety has confirmed. Variety, November 24, 2014

Cyber Crime

Syrian Hackers Infiltrate Business Site, Affecting Other Websites: LOS ANGELES — Gigya, an American company that helps connect more than 700 businesses with customers through social media, says a Syrian group hacked its web address to upload a message to other sites. The New York Times, November 27, 2014

Home Depot Spends $28 Million on Breach Expenses in Q3: Home Depot $HD reported on its Q3 fiscal earnings, and revealed “pretax net expenses of $28 million” related to its massive data breach. The CEO said on an earnings call that it’s “very difficult” to evaluate if there was any impact. Net earnings for the third quarter were $1.5 billion, and the company confirmed that it expects fiscal 2014 sales growth of approximately 4.8 percent. HackSurfer, November 20, 2014

Cyber Attack

Boston.com among websites attacked by Syrian hacker group: Boston.com and several other news and retail websites could not be accessed for a time Thursday after a third-party service provider used by the sites was hacked. The Boston Globe, November 28, 2014

Anonymous Crashes Cleveland City Website in Retaliation for Police Killing of 12-Year-Old: The hacker collective Anonymous claimed responsibility for shutting down the Cleveland city website early on Monday in retaliation for the police killing of a 12-year-old boy carrying a toy air gun. Vice News, November 24, 2014

Financial Cyber Security

Skimmer Innovation: ‘Wiretapping’ ATMs: Banks in Europe are warning about the emergence of a rare, virtually invisible form of ATM skimmer involving a so-called “wiretapping” device that is inserted through a tiny hole cut in the cash machine’s front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM’s internal card reader. KrebsOnSecurity, November 26, 2014

Identity Theft

Convicted ID Thief, Tax Fraudster Now Fugitive: In April 2014, this blog featured a story about Lance Ealy, an Ohio man arrested last year for buying Social Security numbers and banking information from an underground identity theft service that relied in part on data obtained through a company owned by big-three credit bureau Experian. Earlier this week, Ealy was convicted of using the data to fraudulently claim tax refunds with the IRS in the names of more than 175 U.S. citizens, but not before he snipped his monitoring anklet and skipped town. KrebsOnSecurity, November 21, 2014

Security breach reveals personal data on Prince George’s school employees: The Prince George’s County Public School System notified employees on Friday evening of a possible security breach involving employees’ personal data. The Washington Post, November 21, 2014

Cyber Warning

Malware Targets Password Managers: The Citadel crimeware toolkit, originally designed to steal sensitive information from infected Windows PCs, has been upgraded to grab the master passwords used to unlock password management applications, according to IBM’s Trusteer security division. That creates the risk that usernames and passwords stored in otherwise secure password managers might get stolen by attackers. To date, however, there’s been no evidence of related attacks, or successful exploits. BankInfoSecurity, November 24, 2014

‘Regin’ malware described as ‘groundbreaking and almost peerless’: Experts don’t know where it came from, and aren’t quite sure what it does. But they do know this: a newly-uncovered cybersecurity threat wasn’t your typical credit-card stealing operation. It appears to be a government spying tool, and is “groundbreaking and almost peerless.” CNN, November 23, 2014

‘Naked Woman Eaten by Shark’ Video Scam on Facebook Installs Malware on PC: You can call them hackers or cybercriminals, but fact is that they are genius in an evil way. In a new attempt to earn some bucks and to play with people’s feeling, a new video scam has went viral on Facebook claiming to show a naked woman being attacked and eaten by a giant shark. HackRead, November 20, 2014

Cyber Security Management

The Case for a Global Cybersecurity Strategy: The World Economic Forum looks to raise awareness and improve cybersecurity, one organization at a time. BizTech, November 28, 2014

Cyber Security Management – Cyber Defense

Custom Malware Sneaks Past Advanced Threat Detection Appliances In Lab Experiment: An independent test of advanced threat detection products demonstrates how they could be bypassed by attackers. DarkReading, November 28, 2014

Here are five areas were merchants need to pay attention: With the holiday shopping season coming up, and crooks lining up to take advantage of the stress and confusion, this is a good time for merchants to review their payment security procedures. CSO, November 24, 2014

Cyber Misc

What Cloud Computing Means to Your Job: Technology has been accused of making many a job disappear, like the production line or the accounting office. And it is not done yet. The New York Times, November 23, 2014

The Secret Life of Passwords: We despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts. The New York Times, November 19, 2014

Get in touch

323 428 0441
info@citadel-information.com

 Citadel Information Group

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.