Cyber Crime
Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year: A new study conducted by the Association of National Advertisers (ANA) and the security firm White Ops tracked online ad traffic patterns for 36 major companies and discovered epic levels of abuse. DarkReading, December 9, 2014
Unencrypted Data Lets Thieves ‘Charge Anywhere’: Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014. KrebsOnSecurity, December 9, 2014
Sony Under Siege: Cyber Crisis Leaves Hollywood Reeling: Hollywood is reeling from the entertainment industry equivalent of WikiLeaks — leaving the entire town on high alert. Variety, December 9, 2014
Donors’ Data Breached But On Smaller Scales: The first thing that might come to mind when you hear the words data breach is the recent hacks of large corporations such as Home Depot, Chase and Target that possibly exposed millions of usernames, passwords and other records. Hacking a nonprofit isn’t likely to breach 76 million records as is estimated with Chase or yield a bounty of credit card information, but who knows the motivation of some people? TheNonProfitTimes, December 9, 2014
Hackers tell Sony to halt the release of The Interview: A new message has been posted on GitHub, purporting to be from the Sony hackers and offering a fresh batch of sensitive corporate data. The message threatens further consequences if the studio continues with its release of “the movie of terrorism,” believed to refer to The Interview, an upcoming comedy starring Seth Rogen and James Franco, which depicts the assassination of North Korean leader Kim Jong-un. It’s the most explicit reference to the film that the attackers have made so far, although many had previously linked the attacks to North Korean retaliation for the film’s release. TheVerge, December 8, 2014
Sony’s Breach Stretched From Thai Hotel to Hollywood: The computer hackers drilled into the network at the elegant St. Regis Bangkok that night and, with a keystroke, laid bare the secrets of Sony Pictures Entertainment. Bloomberg, December 7, 2014
Cyber Privacy
Sony Hackers Flash Disturbing New Warning on Staffers’ Computers (Exclusive): A group claiming to be the #GOP displayed the scary image on Thursday, an insider tells TheWrap. The Wrap, December 11, 2014
As More Documents Appear, Sony Seeks to Calm Nervous Employees: LOS ANGELES – As hackers made public more Sony Pictures Entertainment documents on Monday, Sony sought to calm its jittery employees, announcing in an internal memo that the F.B.I. would visit its Culver City, Calif., lot on Wednesday for security briefings. The New York Times, December 8, 2014
FBI confirms Sony Pictures employees threatened by hackers: Hackers threaten Sony Pictures employees and their familes via email while attack is linked to a hotel in Bangkok, Thailand. The Guardian, December 8, 2014
Financial Cyber Security
‘Poodle’ Bug Returns, Bites Big Bank Sites: Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible. KrebsOnSecurity, December 11, 2014
Senate to Hold Hearing on Cyberattacks Against Finance: The Senate Banking Committee plans to hold a hearing next week on ways to “protect the financial sector” from cyberattacks, but for now there are no plans to have anyone from the financial services industry testify. The New York Times, December 5, 2014
Identity Theft
Toward a Breach Canary for Data Brokers: When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable. KrebsOnSecurity, December 8, 2014
Cyber Warning
Android Malware Installs Pirated Assassin’s Creed App: A pirated version of the Assassin’s Creed application for Android is bundled with malware according to the security-as-as-service from Zscaler. ThreatPost, December 12, 2014
Turla Trojan Unearthed on Linux: Turla, a hard-to-spot Trojan that has for years bedeviled Windows systems, has been discovered to have at least two Linux variants. Linux Turla maintains stealth without requiring elevated privileges while running arbitrary remote commands. The malware cannot be discovered using netstat, a command-line administrative tool, Kaspersky Lab said, and it uses techniques that don’t require root access. LinuxInsider, December 12, 2014
Two stealthy Linux malware samples uncovered, following in Windows variants’ tracks: Security researchers have uncovered two Linux variants of a complex piece of Windows malware, which is known to have previously targeted embassies, the military, and pharmaceutical companies. ZDNet, December 9, 2014
Cyber Security Management – Cyber Defense
The human factor a key challenge to information security, say experts: The lack of awareness and understanding of risks is one of the biggest challenges to information security, according to a panel of experts. ComputerWeekly, December 12, 2014
Sony Is Launching A Counterattack Against Its Hackers: Sony has launched a counterattack against people trying to download leaked files stolen from its servers after a massive hack. Business Insider, December 11, 2014
The Four Horsemen of Cyber Security in 2014: What too many of the year’s high-profile data breaches had in common. DarkReading, December 8, 2014
Cyber Security Management – Cyber Update
Microsoft, Adobe Push Critical Security Fixes: If you use Microsoft or Adobe software products, chances are that software is now dangerously out of date. Microsoft today released seven update bundles to fix two dozen security vulnerabilities in Windows and supported software. Adobe pushed patches to correct critical flaws in Acrobat, Reader and Flash Player, including a bug in Flash that already is being exploited. KrebsOnSecurity, December 9, 2014
Cyber Underworld
Here Are The FBI’s Most Wanted Cyber Criminals: As cybercrime becomes increasingly damaging, the FBI has kept a list of “Cyber’s Most Wanted.” Business Insider, December 8, 2014
Cyber Espionage
Digital Spies Target Diplomats’ iPhones, Androids And PCs With ‘Inception’ Malware: A range of politicians and diplomats have been targeted by stealthy hackers, who have been trying to thrust malware onto dignitaries’ iPhone and Android devices as well as PCs with varying degrees of success since this summer, according to security researchers. Forbes, December 10, 2014
National Cyber Security
Steptoe Cyberlaw Podcast, Episode #46: An Interview with Shane Harris: Our interview focuses on Shane Harris and his new book, @War: The Rise of the Military-Internet Complex. It’s a good read and a good book, marred by the occasional deployment of easy lefty tropes – government contractors are mercenaries, the military sees war as an opportunity to expand turf, cybersecurity is a threat to privacy, anonymity is all about rights, etc. But Harris is first and foremost a storyteller, and his zeal for the story is far more important to him than ideology. When he tells the story of the guys who used cybertactics to break al Qaeda in Iraq during the surge, or of the banks’ cyberbattle with Iran, he lets the reader decide who to root for. Lawfare, December 10, 2014
Critical Infrastructure
Exclusive: Iran hackers may target US energy, defense firms, FBI warns: (Reuters) – The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document. AOL, December 12, 2014
Cyber Law
Rockefeller, Thune Statement on Passage of Commerce Cybersecurity Bill: WASHINGTON, D.C.- Senate Commerce, Science, and Transportation Committee Chairman John D. (Jay) Rockefeller IV (D-WV) and Ranking Member John Thune (R-SD) today applauded the passage of their bipartisan cyber legislation that will help strengthen and protect the nation’s economic and national security. The passage of the Rockefeller-Thune bill last night follows years of work to reach a bipartisan consensus on cybersecurity legislation. National Journal, December 12, 2014
Cyber Insurance
Cyber Security Practices Insurance Underwriters Demand: Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks. DarkReading, December 11, 2014
Cyber Misc
‘Security by Antiquity’ Bricks Payment Terminals: Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves. KrebsOnSecurity, December 12, 2014
Pirate Bay Has Been Raided and Taken Down: Here’s What We Know: The popular file-sharing service Pirate Bay was taken down today following a raid in Sweden by police who seized servers and computers. Wired, December 9, 2014