Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cyber Security News of the Week, December 14, 2014

December 14, 2014 by Stan Stahl Ph.D.

Cyber Security News of the Week, December 14, 2014

Cyber Crime

Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year: A new study conducted by the Association of National Advertisers (ANA) and the security firm White Ops tracked online ad traffic patterns for 36 major companies and discovered epic levels of abuse. DarkReading, December 9, 2014

Unencrypted Data Lets Thieves ‘Charge Anywhere’: Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014. KrebsOnSecurity, December 9, 2014

Sony Under Siege: Cyber Crisis Leaves Hollywood Reeling: Hollywood is reeling from the entertainment industry equivalent of WikiLeaks — leaving the entire town on high alert. Variety, December 9, 2014

Donors’ Data Breached But On Smaller Scales: The first thing that might come to mind when you hear the words data breach is the recent hacks of large corporations such as Home Depot, Chase and Target that possibly exposed millions of usernames, passwords and other records. Hacking a nonprofit isn’t likely to breach 76 million records as is estimated with Chase or yield a bounty of credit card information, but who knows the motivation of some people? TheNonProfitTimes, December 9, 2014

Hackers tell Sony to halt the release of The Interview: A new message has been posted on GitHub, purporting to be from the Sony hackers and offering a fresh batch of sensitive corporate data. The message threatens further consequences if the studio continues with its release of “the movie of terrorism,” believed to refer to The Interview, an upcoming comedy starring Seth Rogen and James Franco, which depicts the assassination of North Korean leader Kim Jong-un. It’s the most explicit reference to the film that the attackers have made so far, although many had previously linked the attacks to North Korean retaliation for the film’s release. TheVerge, December 8, 2014

Sony’s Breach Stretched From Thai Hotel to Hollywood: The computer hackers drilled into the network at the elegant St. Regis Bangkok that night and, with a keystroke, laid bare the secrets of Sony Pictures Entertainment. Bloomberg, December 7, 2014

Cyber Privacy

Sony Hackers Flash Disturbing New Warning on Staffers’ Computers (Exclusive): A group claiming to be the #GOP displayed the scary image on Thursday, an insider tells TheWrap. The Wrap, December 11, 2014

As More Documents Appear, Sony Seeks to Calm Nervous Employees: LOS ANGELES – As hackers made public more Sony Pictures Entertainment documents on Monday, Sony sought to calm its jittery employees, announcing in an internal memo that the F.B.I. would visit its Culver City, Calif., lot on Wednesday for security briefings. The New York Times, December 8, 2014

FBI confirms Sony Pictures employees threatened by hackers: Hackers threaten Sony Pictures employees and their familes via email while attack is linked to a hotel in Bangkok, Thailand. The Guardian, December 8, 2014

Financial Cyber Security

‘Poodle’ Bug Returns, Bites Big Bank Sites: Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible. KrebsOnSecurity, December 11, 2014

Senate to Hold Hearing on Cyberattacks Against Finance: The Senate Banking Committee plans to hold a hearing next week on ways to “protect the financial sector” from cyberattacks, but for now there are no plans to have anyone from the financial services industry testify. The New York Times, December 5, 2014

Identity Theft

Toward a Breach Canary for Data Brokers: When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable. KrebsOnSecurity, December 8, 2014

Cyber Warning

Android Malware Installs Pirated Assassin’s Creed App: A pirated version of the Assassin’s Creed application for Android is bundled with malware according to the security-as-as-service from Zscaler. ThreatPost, December 12, 2014

Turla Trojan Unearthed on Linux: Turla, a hard-to-spot Trojan that has for years bedeviled Windows systems, has been discovered to have at least two Linux variants. Linux Turla maintains stealth without requiring elevated privileges while running arbitrary remote commands. The malware cannot be discovered using netstat, a command-line administrative tool, Kaspersky Lab said, and it uses techniques that don’t require root access. LinuxInsider, December 12, 2014

Two stealthy Linux malware samples uncovered, following in Windows variants’ tracks: Security researchers have uncovered two Linux variants of a complex piece of Windows malware, which is known to have previously targeted embassies, the military, and pharmaceutical companies. ZDNet, December 9, 2014

Cyber Security Management – Cyber Defense

The human factor a key challenge to information security, say experts: The lack of awareness and understanding of risks is one of the biggest challenges to information security, according to a panel of experts. ComputerWeekly, December 12, 2014

Sony Is Launching A Counterattack Against Its Hackers: Sony has launched a counterattack against people trying to download leaked files stolen from its servers after a massive hack. Business Insider, December 11, 2014

The Four Horsemen of Cyber Security in 2014: What too many of the year’s high-profile data breaches had in common. DarkReading, December 8, 2014

Cyber Security Management – Cyber Update

Microsoft, Adobe Push Critical Security Fixes: If you use Microsoft or Adobe software products, chances are that software is now dangerously out of date. Microsoft today released seven update bundles to fix two dozen security vulnerabilities in Windows and supported software. Adobe pushed patches to correct critical flaws in Acrobat, Reader and Flash Player, including a bug in Flash that already is being exploited. KrebsOnSecurity, December 9, 2014

Cyber Underworld

Here Are The FBI’s Most Wanted Cyber Criminals: As cybercrime becomes increasingly damaging, the FBI has kept a list of “Cyber’s Most Wanted.” Business Insider, December 8, 2014

Cyber Espionage

Digital Spies Target Diplomats’ iPhones, Androids And PCs With ‘Inception’ Malware: A range of politicians and diplomats have been targeted by stealthy hackers, who have been trying to thrust malware onto dignitaries’ iPhone and Android devices as well as PCs with varying degrees of success since this summer, according to security researchers. Forbes, December 10, 2014

National Cyber Security

Steptoe Cyberlaw Podcast, Episode #46: An Interview with Shane Harris: Our interview focuses on Shane Harris and his new book, @War: The Rise of the Military-Internet Complex. It’s a good read and a good book, marred by the occasional deployment of easy lefty tropes – government contractors are mercenaries, the military sees war as an opportunity to expand turf, cybersecurity is a threat to privacy, anonymity is all about rights, etc. But Harris is first and foremost a storyteller, and his zeal for the story is far more important to him than ideology. When he tells the story of the guys who used cybertactics to break al Qaeda in Iraq during the surge, or of the banks’ cyberbattle with Iran, he lets the reader decide who to root for. Lawfare, December 10, 2014

Critical Infrastructure

Exclusive: Iran hackers may target US energy, defense firms, FBI warns: (Reuters) – The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document. AOL, December 12, 2014

Cyber Law

Rockefeller, Thune Statement on Passage of Commerce Cybersecurity Bill: WASHINGTON, D.C.- Senate Commerce, Science, and Transportation Committee Chairman John D. (Jay) Rockefeller IV (D-WV) and Ranking Member John Thune (R-SD) today applauded the passage of their bipartisan cyber legislation that will help strengthen and protect the nation’s economic and national security. The passage of the Rockefeller-Thune bill last night follows years of work to reach a bipartisan consensus on cybersecurity legislation. National Journal, December 12, 2014

Cyber Insurance

Cyber Security Practices Insurance Underwriters Demand: Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks. DarkReading, December 11, 2014

Cyber Misc

‘Security by Antiquity’ Bricks Payment Terminals: Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves. KrebsOnSecurity, December 12, 2014

Pirate Bay Has Been Raided and Taken Down: Here’s What We Know: The popular file-sharing service Pirate Bay was taken down today following a raid in Sweden by police who seized servers and computers. Wired, December 9, 2014

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy