Securing the Village
ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
- Keynotes from Bruce Schneier and Dave Kennedy
- Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
- Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
- IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
- Secure Coding Boot Camp with Jim Manico
- Build Your Own Cyber Range with Kevin Cardwell
Hackers break into Lufthansa customer database: Cyber-attackers have obtained info on a number of passengers using the Lufthansa website. The hackers used frequent-flyers miles to obtain vouchers and redeem rewards. DW, April 10, 2015
Hackers black out French TV5, hijack websites to back Islamic State: Hackers acting in support of Islamic State extremists knocked out the global broadcast network of France’s TV5 early Thursday, then hijacked its website and social media to post warnings against French participation in air strikes against the militants in Iraq and Syria. Los Angeles Times, April 9, 2015
As encryption spreads, U.S. grapples with clash between privacy, security: For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers? The Washington Post, April 10, 2015
Financial Cyber Security
Sneaky ‘Dyre’ Malware Bilks Corporate Bank Accounts: Fraudsters are using a clever piece of malicious software called Dyre to steal from corporate bank accounts, security experts say. American Banker, April 6, 2015
BOOM: Along the western coast of England, under a half-moon hidden by clouds, a dark Audi sports car with fabricated plates followed an empty road toward a Barclays bank. Inside were five men, dressed all in black, and their gear: crowbars, power tools, coils of flexible tubing, and two large tanks of explosive gas. It was 1:51 a.m. The job would take just under seven minutes. Bloomberg, January 27, 2015
Why Identity Theft Victims Wait 9 Months for Their Tax Refund: Hundreds of thousands of taxpayers experience significantly delayed refunds every year because of tax-related identity theft. That delay lasted an average of 278 days — more than nine months — according to a new audit of tax accounts resolved in fiscal year 2013 (Oct. 1, 2012 through Sept. 30, 2013) by the Treasury Inspector General for Tax Administration. The audit was intended as a follow-up on a previous review to see if the IRS had improved its dealings with identity theft victims. Credit.com. April 10, 2015
Don’t Be Fodder for China’s ‘Great Cannon’: China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week. KrebsOnSecurity, April 10, 2015
FBI Warns of Fake Govt Sites, ISIS Defacements: The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers. KrebsOnSecurity, April 7, 2015
Popular mobile security app uses worthless encryption method: New information has shown that one of the more popular security suites available for Android and iOS is so fundamentally compromised, its claims constitute false advertising. That software suite, NQ Vault, promises, “All files will be encrypted into a private place and can only be viewed in Vault after entering the correct password (iOS version).” The Android version, available in the Google Play Store, states, “Vault hides and encrypts all incoming message alerts and text messages from those contacts for maximum privacy.” ExtremeTech, April 6, 2015
Cyber Security Management
Insider Threats: Focus On The User, Not The Data: Global cybersecurity spending will hit almost $77 billion in 2015, so why are there more high-profile leaks than ever? DarkReading, April 10, 2015
Utilities And Education The Most Bot-Infested Sectors: The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds. DarkReading, April 9, 2015
Cyber Security Management – Cyber Defense
Another Reason For Ubiquitous Web Encryption: To Neuter China’s ‘Great Cannon’: China’s web censorship machine, the Great Firewall, has a more offensive brother, researchers have declared today. Called the Great Cannon by Citizen Lab, a research body based at the University of Toronto, it can intercept traffic and manipulate it to do evil things. Forbes, April 10, 2015
Podcast: Yahoo’s Alex Stamos on e-mail encryption and keeping 1 billion customers secure: Yahoo’s chief information security officer joins Passcode and New America for their monthly podcast about cybersecurity. Christian Science Monitor, April 10, 2015
Bad news everyone: Cybercrime is getting even easier: The volume of malware threats is actually on the decline despite the increase in breaches, according to a study from Websense Security Labs. The Register, April 9, 2015
Cyber Security Management – Cyber Update
Apple Fixes Proxy Manipulating Phantom Attack in iOS 8.3: If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted. ThreatPost, April 10, 2015
Apple Patches ‘Darwin Nuke,’ Other Security Flaws With New OS Releases: Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users’ corporate networks. DarkReading, April 10, 2015
National Cyber Security
How the U.S. thinks Russians hacked the White House: Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation. CNN, April 8, 2015
White House Email Hacked: A top aide to President Barack Obama says the White House’s classified computer systems are secure while acknowledging vulnerabilities in its unclassified system. The comments come in response to a CNN report that Russian hackers got access to sensitive White House information such as the president’s private schedule. The White House says suspicious activity was detected in October on its unclassified network. NBC4 News, April 7, 2015
Data breach: The new normal – Mitigating risk and how government policy makers approach this critical issue: Featuring Citadel’s Stan Stahl and Kimberly Pease – Once a rarity and major news event, corporate data breaches are becoming a dime a dozen. Yet, the rules of the road governing data breaches and consumer notification are anything but clear. Join our highly regarded panel of experts for the latest on how to navigate the murky federal and state regulatory landscapes and listen to what the future holds with regards to potential new legislative reforms. Event Date: April 14, 2015
Hackers Leak Messages ‘Between Kremlin and France’s Front National’: French media site Mediapart has reported that hackers have leaked thousands of texts and emails sent between the Kremlin and the French far-right party, the National Front. NewsWeek, April 3, 2015
US, European Law Enforcement Carry Out Beebone Botnet Takedown: A relatively small yet troublesome botnet has been shut down in a joint operation between U.S. and European law enforcement and a number of private security companies, including Kaspersky Lab. ThreatPost, April 10, 2015