Securing the Village
ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
- Keynotes from Bruce Schneier and Dave Kennedy
- Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
- Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
- IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
- Secure Coding Boot Camp with Jim Manico
- Build Your Own Cyber Range with Kevin Cardwell
Are Sally Beauty, Harbortouch Breaches Linked?: It’s unlikely that the same hackers that hit Sally Beauty Supply in 2014 struck the retailer a second time this year, several threat intelligence experts now say. BankInfoSecurity, May 7, 2015
Deconstructing the 2014 Sally Beauty Breach: This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 went down. KrebsOnSecurity, May 7, 2015
Sally Beauty Card Breach, Part Deux?: For the second time in a year, nationwide beauty products chain Sally Beauty Holdings Inc. says it is investigating reports of unusual credit and debit card activity at some of its U.S. stores. KrebsOnSecurity, May 4, 2015
White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal: Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says. Dark Reading, May 7, 2015
The Implications of Court’s NSA Ruling: A federal appellate court decision that the National Security Agency’s bulk data collection program is illegal could have sweeping ramifications beyond derailing the initiative to amass the metadata of Americans’ telephone calls. BankInfoSecurity, May 7, 2015
US Appeals Court: NSA Phone Record Collection Is Illegal: NEW YORK — The unprecedented and unwarranted bulk collection of the entire U.S. population’s phone records by the government is illegal because it wasn’t authorized by Congress, a federal appeals court said Thursday as it asked legislators to balance national security and privacy interests. The New York Times, May 7, 2015
RadioShack Is A Reminder That Old Data Don’t Die, Or Fade Away: A Delaware judge just gave RadioShack approval to consider bids for its customer data as part of its bankruptcy proceedings. Texas leads a list of states opposing the auction, citing the retailer’s own privacy policies (which say that personally identifiable information, or “PII,” will never be sold or rented to anyone), just as it is trying to discover the details of the offer (which could involve as many as 117 million customers). The legal case is just a hint of the immense communications issue that haunts every customer relationship, regardless of the specific case’s outcome. Forbes, April 30, 2015
Financial Cyber Security
Wells Fargo customers: Here’s what to look for if you’re concerned: City officials and former Wells Fargo employees are asking consumers to scrutinize their bank statements and pay extra attention to online accounts after a lawsuit Monday accused bank employees of opening unauthorized accounts and moving clients’ money around to meet corporate sales quotas. The LA Times, May 5, 2015
Ex-NSA security bod fanboi: Apple Macs are wide open to malware: A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. TheRegister, May 7, 2015
This terrifying malware destroys your PC if detected: A new type of malware resorts to crippling a computer if it is detected during security checks, a particularly catastrophic blow to its victims. PCWorld, May 5, 2015
Dyre Malware Developers Add Code to Elude Detection by Analysis Tools: As more companies deploy sandbox technology to catch advanced malware, many attackers are adding code to their programs to detect if the attack is running in a virtual machine. eWeek, May 3, 2015
Cyber Security Management – Cyber Defense
Microsoft bangs the cybersecurity drum with Advanced Threat Analytics: Microsoft announced a raft of security and data protection software on the first day of its Ignite conference. The company said that attacks on companies were increasingly using legitimate tools: organizations are being compromised through access made with valid (albeit stolen or otherwise compromised) user credentials, rather than malware, with a Verizon report saying that more than 75 percent of breaches occur this way. ars technica, May 4, 2015
Cyber Security Management – HIPAA
Healthcare Data Breaches From Cyberattacks, Criminals Eclipse Employee Error For The First Time: New Ponemon Report reveals just how hot healthcare data is for hackers. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, published today, found that close to 45% of all data breaches in healthcare are due to criminal activity such as cybercriminal and nation-state hacks, malicious insiders, and physical theft, a 125% increase in such activity over the past five years. DarkReading, May 7, 2015
National Cyber Security
Internal Revenue Service Joins Cybercrime Hunt With New Investigation Team: WASHINGTON—The Internal Revenue Service is getting in on the hunt for cybercrime. The Wall Street Journal, May 5, 2015
Greater Cooperation Among Public, Private Entities Urged to Fight Cybercrime: Attorney General Loretta Lynch urged greater cooperation between the government and private industry to combat computer hackers, a key component of a new cyberattack playbook released by the Justice Department. ClaimsJournal, May 4, 2015
Weak Homegrown Crypto Dooms Open Smart Grid Protocol: In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide. ThreatPost, May 8, 2015
PayIvy Sells Your Online Accounts Via PayPal: Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts. KrebsOnSecurity, May 6, 2015
Legal landscape for cybersecurity risk is changing as federal government and SEC take action: In 2014, many of the most recognizable companies in America fell prey to cyber attacks. The list of victims is a veritable who’s who of corporate America: Target, J.P. Morgan Chase, Home Depot, Staples, AT&T, Sony, eBay, Yahoo and Google. In the face of the clear threat posed by these attacks, the federal government has taken steps to respond. Inside Counsel, May 8, 2015
SEC: CCO Should Have Active Role in Cybersecurity: The chief compliance officer should have an “active role” in discussing a firm’s cybersecurity threats not only with technology personnel but also with management, outside vendors and even fund boards, David Joire, senior counsel in the Securities and Exchange Commission’s Division of Investment Management, said Thursday. ThinkAdvisor, May 7, 2015
A cybersecurity firm is being accused of extorting clients: A bombshell lawsuit is raising eyebrows in the cybersecurity industry. Business Insider, May 7, 2015
Foiling Pump Skimmers With GPS: Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States. But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty. KrebsOnSecurity, May 4, 2015