Identity Theft
How Was Your Credit Card Stolen?: Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I’ve never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that. KrebsOnSecurity, January 19, 2015
Cyber Warning
Password Re-use Fuels Starwood Fraud Spike: Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the Web site for the popular travel rewards program. KrebsOnSecurity, January 22, 2015
How to avoid the Android Jellybean Webview vulnerability: Android 4.3 and earlier suffers from a vulnerability Google doesn’t plan on patching itself. Jack Wallen tells you what you can do to avoid possible exploits on your aging Android device. TechRepublic, January 19, 2015
Cyber Security Management
OAIC updates information security guide: The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings. ComputerWorld, January 20, 2015
Cyber Security Management – Cyber Update
Flash Patch Targets Zero-Day Exploit: Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks. Compounding the threat, the company said it is investigating reports that crooks may have developed a separate exploit that gets around the protections in this latest update. KrebsOnSecurity, January 22, 2015
Java Patch Plugs 19 Security Holes: Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. If you have Java installed and require it for some application or Web site, it’s time to update it. If you’re not sure you have Java on your computer or are unsure why you still have it, read on for advice that could save you some security headaches down the road. KrebsOnSecurity, January 21, 2015
Securing the Village
Seventh Annual ISSA-LA Information Security Summit Special Early Bird Registration Starts January 15: Starting January 15 the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is offering a special early bird price to its Seventh Annual Information Security Summit on June 4, 2015, at the Los Angeles Convention Center. This special offer will be available through February 15, 2015. The Summit’s theme is The Growing Cyber Threat: Protect Your Business, reflecting the growing need organizations have for information systems security solutions in the battle against cybercrime. Virtual-Strategy, January 16, 2015
National Cyber Security
The Flaws in Obama’s Cybersecurity Initiative: President Obama’s new raft of proposals aim to address the growing concern that America is not taking tough-enough action against the increasing cybersecurity problem of nation-states and criminals (usually criminal gangs) attacking U.S. consumers and organizations. The evildoers’ motivation for doing so is most often money, but intellectual property is also being filched, and the internet is also being used for anything from identity theft to illicit political objectives. HBR, January 20, 2015
Report: NSA not only creates, but also hijacks, malware: In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware. PCWorld, January 19, 2015
OBAMA’S CYBER PROPOSALS SOUND GOOD, BUT ERODE INFORMATION SECURITY: The State of the Union address President Obama delivers tonight will include a slate of cyber proposals crafted to sound like timely government protections in an era beset by villainous hackers. The Intercept, January 19, 2015
N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say: WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth. The New York Times, January 18, 2015
Securing Our Cyberspace: President Obama’s New Steps to Strengthen America’s Cybersecurity: We live in a digitally connected world. Almost all business transactions, public utilities, or security measures rely on networks that are connected to the Internet. That is why cyber threats pose an enormous challenge to our country. Whether it’s rogue hackers, organized criminals, or state actors, our public and private networks are facing an unprecedented level of cybersecurity threats. The White House, January 20, 2015
Cyber Survey
Rule of law on internet cracks down on cybercrime: Cisco: The Cisco 2015 annual security report has revealed that as attackers have become more proficient in taking advantage of security gaps and concealing malicious activity, governments worldwide are getting better at enforcing the rule of law on the internet. ZDNet, January 20, 2015
Cyber Misc
Marriott removes ban on personal Wi-Fi networks in hotels: The “Windows Phone” OS will be no more, as the version of Windows 10 tailored for smaller devices will be called simply Windows 10. Will that help improve Microsoft’s lot in the smartphone market? CNet, January 22, 2015