Securing the Village
ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
- Keynotes from Bruce Schneier and Dave Kennedy
- Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
- Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
- IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
- Secure Coding Boot Camp with Jim Manico
- Build Your Own Cyber Range with Kevin Cardwell
GitHub may have been targeted by Chinese hackers in DDoS attack: Code management platform GitHub has been fending off a distributed denial of service (DDoS) attack since last Thursday. Security experts say the attack may have originated in China, reports The Wall Street Journal. TheNextWeb, March 30, 2015
Financial Cyber Security
‘Revolution’ Crimeware & EMV Replay Attacks: In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today’s post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud. KrebsOnSecurity, April 1, 2015
2014 UK ONLINE BANKING FRAUD HIT $89M: Online banking fraud in the U.K. continues to be on the rise, and at a sharp rate, according to a new report from the Financial Fraud Action UK (FFA). PYMNTS.com, March 30, 2015
Sign Up at irs.gov Before Crooks Do It For You: If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. KrebsOnSecurity, March 30, 2015
Puush calls for password change after malware hit: Users of the Puush screenshot-sharing platform are being told to change any passwords stored on their PCs or browsers after the service was hit by malware. ZDNet, March 30, 2015
Cyber Security Management
Sustainable Cybersecurity: The environmental situation facing many nations in the mid-to-late 20th century was bleak. Industrial waste caused the Cuyahoga River in Cleveland to catch fire in 1969. The Rhine River was long one of the most polluted waterways in Europe, similarly catching fire in 1986. School children in Japan were dying from Mercury poisoning. Problems associated with drought and desertification were already underway in China; a process that has only quickened in the early 21st century. Into this world stepped seminal figures including the marine biologist Rachel Carson whose 1962 book, Silent Spring, documented the effects of widespread pesticide use in the United States and is credited with jumpstarting the modern environmental movement. Much like that time, the 21st century cybersecurity landscape is littered with failed attempts to manage the various facets of cyber attacks, from cybercrime and espionage, to nascent threats introduced below including cyber war and terrorism. But we are still waiting for our cyber Silent Spring. HuffingtonPost, April 2, 2015
Security crashes the boardroom party: Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk. CIO, March 30, 2015
Citigroup Report Chides Law Firms for Silence on Hackings: Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach. The New York Times, March 26, 2015
Security Rises to a CEO-Level Priority: The State of the CIO research shows that cybersecurity and enterprise risk are zooming up the charts as high-profile topics on the CIO and CEO agendas, says CIO Publisher Adam Dennison. CIO, February 19, 2015
Cyber Security Management – Cyber Defense
Firefox 37 supports easier encryption option than HTTPS: The latest version of Firefox has a new security feature that aims to put a band-aid over unencrypted website connections. Firefox 37 rolled out earlier this week with support for opportunistic encryption, or OE. You can consider OE sort of halfway point between no encryption (known as clear text) and full HTTPS encryption that’s simpler to implement. PCWorld, April 2, 2015
Google says it cut Android malware in half in 2014: Google has been cracking down on Android malware, and according to a new Android State of the Union report, it’s starting to see real progress in the fight against harmful software. The new report says that the global rate of harmful software installs fell by 50 percent over the course of 2014. By Google’s accounting, only 1 percent of Android devices had a harmful application installed in 2014, and for when devices only installed applications from the Google Play store, that number fell to .15 percent. TheVerge, April 2, 2015
National Cyber Security
New Obama Order Allows Sanctions Against Foreign Hackers: IN AN EFFORT to deter and punish hackers and cyberspies who have until now been outside the reach of U.S. law enforcement, President Barack Obama signed an executive order today allowing the government to levy economic sanctions against individuals overseas who engage in destructive cyberattacks or commercial espionage. Wired, March 30, 2015
Hackers attack the energy industry with malware designed for snooping: A malware attack against oil and gas companies aims to get sensitive corporate information, according to software security firm Symantec. Fortune, March 31, 2015
Smart home hacking is easier than you think: Scary stories of hacking Internet of Things devices are emerging, but how realistic is the threat? NetworkWorld, April 2, 2015
Like Google, Mozilla set to punish Chinese agency for certificate debacle: The Mozilla Foundation plans to reject new digital certificates issued by the China Internet Network Information Center (CNNIC) in its products, but will continue to trust certificates that already exist. PCWorld, April 2, 2015
Google fixed a vulnerability that allowed any YouTube user to delete any video: Everybody makes mistakes. Google caught a big one before it was too late. The tech giant fixed a giant vulnerability in YouTube that allowed any user to delete any video from the site by making the right request to the right URL. And yes, that really means any clip on YouTube—from viral-pop music videos to internet legends like “Charlie bit my finger.” Quartz, April 2, 2015
Secrecy on the Set: Hollywood Embraces Digital Security: SAN FRANCISCO — For years, Lulu Zezza has played one of the toughest roles in Hollywood. Ms. Zezza, who has managed physical production on movies like “The Reader” and “Nine,” also oversees the digital security of everything that goes into the making of a film on set, including budgets, casting, shooting schedules and scripts. The New York Times, March 30, 2015
Inquiry of Silk Road Website Spurred Agents’ Own Illegal Acts, Officials Say: On the so-called dark web, drug dealing and other illicit sales have thrived in recent years, the authorities have said, through hidden websites like Silk Road and hard-to-trace digital currencies like Bitcoins. The New York Times, March 30, 2015