Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cyber Security News of the Week, June 14, 2015

June 14, 2015 by Stan Stahl Ph.D.

Cyber Security News of the Week, June 14, 2015

Cyber Crime

Breach at Winery Card Processor Missing Link: Missing Link Networks Inc., a credit card processor and point-of-sale vendor that serves a number of wineries in Northern California and elsewhere, disclosed today that a breach of its networks exposed card data for transactions it processed in the month of April 2015. KrebsOnSecurity, June 10, 2015

Cybercrime Can Give Attackers 1,425% Return on Investment: Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain. DarkReading, June 9, 2015

Cyber Attack

German parliament cyber-attack still ‘live’: A cyber attack on the German parliament uncovered a month ago is still stealing data from Bundestag computers, report German media. BBC, June 11, 2015

Kaspersky Lab cybersecurity firm is hacked: One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers. BBC, June 10, 2015

Cyber Privacy

U.S. Tech Industry Appeals to Obama to Keep Hands Off Encryption: Top U.S. tech companies are warning the Obama administration against imposing new policies that the companies say would weaken increasingly sophisticated encryption systems designed to protect consumers’ privacy. recode, June 9, 2015

Identity Theft

Why The OPM Breach Is Such a Security and Privacy Debacle: IF IT’S NOT already a maxim, it should be: Every big hack discovered will eventually prove to be more serious than first believed. That’s holding to be especially true with the recently disclosed hack of the federal Office of Personnel Management, the government’s human resources division. Wired, June 11, 2015

I.R.S. Adds New Safeguards to Thwart Identity Theft and Fraud: Reeling from an online attack that allowed criminals to steal personal information and divert tax refunds from tens of thousands of taxpayers, the Internal Revenue Service announced on Thursday a sweeping effort to step up protections against identity theft and fraud. The actions are expected to be completed by early next year, well before the April 15 filing deadline. The New York Times, June 11, 2015

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government: WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation. The New York Times, June 10, 2015

How I Learned to Stop Worrying and Embrace the Security Freeze: If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data. Even if you haven’t noticed (or maybe you just haven’t actually received a breach notice), I’m here to tell you that if you’re an American, your basic personal data is already for sale. What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data (s)pillage. KrebsOnSecurity, June 8, 2015

Cyber Threat

Hackers Go After Little Fish, Too, While Trawling for Credit Cards: Hackers are going local in their efforts to steal credit card information from United States customers, hitting small businesses with as much frequency as retail giants. The New York Times, June 11, 2015

Cyber Warning

Beware authentication popups in iOS Mail: bug allows convincing-looking phishing attacks: If you are reading mail on your iPhone and iPad and a popup appears asking you to re-login to iCloud (or anything else), beware. Security researcher Jan Soucek discovered a bug in the iOS Mail app that allowed an attacker to run remote HTML code when an email is opened. That code could easily imitate an iCloud login prompt, fooling users into giving away their Apple ID credentials. 9to5mac, June 10, 2015

Scam warning over fake bank texts: Fraudsters send messages to people saying there has been a fraud on their accounts aimed at trying to steal security information. GetReading, June 9, 2015

Outdated Flash Player Editions Attacked in Latest Cyber-Crime: According to FireEye the security company, cyber-crooks by using attack tools aimed at Adobe Flash Player’s obsolete editions have created one exploit to abuse a security flaw which Adobe patched on May 12, 2015, a development that gives rise to certain severe security problems. SpamFighter, June 8, 2015

Memory scraping malware targets Oracle Micros point-of-sale customers: A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products. CIO, June 8, 2015

Cyber Security Management

RAND study: Cyber-defense must change course, or else: RAND today released the results of its multiphased study on cybersecurity’s future, The Defender’s Dilemma, delivering a frightening snapshot of defenders lost at sea. ZDNet, June 10, 2015

The Defender’s Dilemma: Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations’ attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. Rand Corporation, June 2015

Infosecurity Europe 2015: Check your supply chain security to reduce breach risk: Organisations should include supply chain security as part of their strategy to reduce the risk of data breaches, an expert panel told attendees of Infosecurity Europe 2015 in London. ComputerWeekly, June 8, 2015

Securing the Village

HackerOne Connects Hackers With Companies, and Hopes for a Win-Win: SAN FRANCISCO — In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems. The New York Times, June 8, 2015

Dan Geer’s 10 Cybersecurity Best Practices: In his keynote last year at the Black Hat USA conference, Dan Geer proposed 10 policy recommendations he thinks will make the digital world a much safer one. Here’s a much-condensed version of his ideas. Wired, June 2015

National Cyber Security

US Army website hacked as Obama demands cyber law: A hacker group backing the Syrian government claimed responsibility for hacking the official website of the US Army, just hours after President Obama called for new cybersecurity laws at the G-7 summit in Germany. RT, June 8, 2015

Obama: US Needs More Aggressive Cybersecurity: President Barack Obama says the United States is going to have to be much more aggressive when it comes to cybersecurity, but he refused to say who he believes is behind the massive hacking of U.S. government computers revealed last week. Voice of America, June 8, 2015

Here’s What a Cyber Warfare Arsenal Might Look Like: The Pentagon has made clear in recent weeks that cyber warfare is no longer just a futuristic threat—it is now a real one. U.S. government agency and industry computer systems are already embroiled in a number of nasty cyber warfare campaigns against attackers based in China, North Korea, Russia and elsewhere. As a counterpoint, hackers with ties to Russia have been accused of stealing a number of Pres. Barack Obama’s e-mails, although the White House has not formally blamed placed any blame at the Kremlin’s doorstep. The Obama administration did, however, call out North Korea for ordering last year’s cyber attack on Sony Pictures Entertainment. Scientific America, May 6, 2015

Cyber Career

The Horizon For Information Security Jobs: With graduation season upon us, many graduates entering the workforce are understandably anxious about their future employment. However, at least one group is poised to take advantage of a market suffering from a massive skills shortage: cybersecurity professionals. TechCrunch, June 7, 2015

Cyber Misc

Firms Could Be Forced to Disgorge Profits from Tax Refund Fraud: Last week, KrebsOnSecurity ran an interview with Julie Magee, Alabama’s chief tax administrator, to examine what the states are doing in tandem with the IRS and others to make it harder for ID thieves to commit tax refund fraud — a $6 billion a year problem. Today we’ll hear from John Valentine, chair of Utah’s State Tax Commission, about the challenges his state faced this year, as well as the prospect that tax preparation firms could be forced return to the U.S. Treasury any profits they make from processing fraudulent tax refunds. KrebsOnSecurity, June 9, 2015

This Hacked Kids’ Toy Opens Garage Doors in Seconds: AMERICANS’ GARAGES, THOSE sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts. But some garages are only protected by a code whose security is equivalent to a two-character password. And security researcher Samy Kamkar can crack that laughable safeguard in seconds, with little more than a hacked child’s toy. Wired, June 4, 2015

Cyber Sunshine

Europol shuts down cybercrime ring with 49 arrests: Europol’s European Cybercrime Centre has arrested 49 suspects in a joint international operation targeting the takedown of a major cybercrime ring, reports Tripwire. WeLiveSecurity, June 11, 2015

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy