FOR IMMEDIATE RELEASE
Jim Goyjer: (310) 207-3361
Email: jim.goyjer@carlterzianpr.com
Information and Registration: www.issa-la.org .
ISSA of Los Angeles Holding Third Annual Information Security Summit on Protecting Businesses from Cyber Attacks
Los Angeles – March 25, 2011 — The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is holding its third annual Information Security Summit. The theme of this year’s Summit is The Growing Cyber Threat: Protect Your Business. The Summit will be held Wednesday, June 15, 2011 at 7:30 AM on the UCLA Campus and will be hosted by UCLA Extension.
“There has been an explosive growth in cybercrime in the two years since our first Summit, including the brazen theft of millions from corporate bank accounts,” says ISSA-LA President Stan Stahl, Ph.D. “Yesterday’s defenses don’t work against the worst of today’s cyber-attacks. The Summit is the perfect place for our community to come together and learn what they must do to stay ahead of the cybercriminals. Those attending will learn how to meet the latest cyber challenges from industry leaders and get to talk to more than 25 information security vendors.”
“We’re excited by the quality of speakers participating in this year’s Summit,” Dr. Stahl announced. “They include some of our most popular speakers, information security thought leaders like Steve Lipner of Microsoft, Gene Schultz of Emagined Security, Marc Maiffret of eEye Digital Security and Jeremiah Grossman of White Hat. We’re particularly excited to have Carl Terzian as a special keynote speaker.”
The Summit is the only educational forum in Los Angeles specifically designed to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisors; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information.
Registration is open to anyone interested in learning more about information security but is particularly recommended for business executives and senior managers; business professionals in law, accounting, insurance and banking; technical IT personnel; and information security practitioners.
The Information Security Summit is part of ISSA-LA’s important community outreach program. The goal of the program is to help our community stay safe from cybercrime by enabling the necessary collaboration between business and community leaders, technical IT professionals and the information security community.
- ###-
About Information Systems Security Association (ISSA)
The Information Systems Security Association is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. The primary goal of ISSA is to promote management practices that will ensure availability, integrity and confidentiality of information resources. For more information or to register, please visit: www.issa-la.org .
About Stan Stahl, Ph.D.
Dr. Stahl is the founder and president of Citadel Information Group, Inc., an information security management firm. He is a pioneer in the field of information security, entering the field in 1980. He began his career securing teleconferencing at the White House, databases inside Cheyenne Mountain and the communications network controlling our nuclear weapons arsenal. Dr. Stahl earned his Ph.D. in mathematics from The University of Michigan and spent nearly 15 years teaching university mathematics. Once an active researcher, Dr. Stahl has published more than a dozen papers in advanced mathematics and computer science. He has taught courses in information security, software engineering, project management and computer programming at several universities and colleges. He recently served on the faculty at the University of Southern California in the School of Engineering’s Information Technology Program. For More information, visit www.citadel-information.com .
The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.
Adobe Flash 10.2.153.1: Adobe has updated Flash to fix the highly critical security vulnerability that we wrote about last week. The vulnerability—already being exploited—would allow an attacker to to take remote control of a user’s system. The update is available here.
Adobe Reader & Acrobat: Adobe has updated both Reader and Acrobat to fix the highly critical security vulnerability that we wrote about last week. The vulnerability—already being exploited—would allow an attacker to to take remote control of a user’s system. The update is available from inside the program under “Help/Check for Updates.”
Apple iOS 4.3.1: Apple has updated iOS 4.3 for the iPhone, iPad and iTouch to address a vulnerability attackers can exploit to run arbitrary code on an un-updated device. The update can be installed from iTunes or downloaded here.
Apple Mac OS X 10.6.7: Apple has updated OS X to address more than 40 security vulnerabilities. Many of these are critical and would allow an attacker to to take remote control of a user’s system. The update is available here.
Google Chrome 10.0.648.204: Google has released another upgrade following the two it released last week. The upgrade fixes critical security vulnerabilities that would allow an attacker to take remote control of a user’s system. The update is available here.
Google Picasa 3.8: Google has updated Picasa to correct a highly critical security vulnerability that would allow an attacker to to take remote control of a user’s system. The update is available here.
VLC Media Player 1.1.8: VLC has updated its popular free media player that fixes a highly critical security vulnerability that would allow an attacker to take remote control of a user’s system. The update is available here.
Special Cyber Security Warnings
Tax Season Phishing Scams: US-CERT is warning users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These phishing scams and malware campaigns often include:
These messages may appear to be from the IRS. They may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code. Such messages should be considered fraudulent and should be deleted without opening.
Newly Announced Unpatched Vulnerabilities
RealPlayer 14.x: A critical zero-day vulnerability has been found in RealPlayer that allows an attacker to take remote control of a user’s system. No patch is available at this time. Readers are advised to disable the RealPlayer plugin in any browsers and refrain from opening Internet Video Recording (IVR) files from untrusted sources.
Important Unpatched Vulnerabilities.
Apple Safari 5.x: The critical zero-day vulnerability in Safari 5.x first identified last June continues unpatched. We continue to consider Safari unsafe for browsing.
AOL: The zero-day vulnerability in the way AOL handles Rich Text Files remains unpatched.
BlackBerry: The zero-day vulnerability affecting the browser in BlackBerry Software versions 6.0 and later remains unpatched
CA Internet Security Suite: The highly critical zero-day vulnerabilities in versions 6.x and 7.x of this popular all-in-one security program remain unpatched.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched.
Internet Explorer 8.x: We continue to consider Internet Explorer 8.x unsafe for browsing. IE8 has been on our vulnerability list since January 28 and has not yet been patched. We advise upgrading to IE9 if you’re running Vista or Windows 7.
PDF-Pro: Several highly critical zero-day vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.
Google Chrome 10.0.648.134: Google has released two upgrades to Chrome this week. The upgrades fix critical security vulnerabilities, including an updated integrated version of the Adobe Flash player. The update is available here.
Internet Explorer 9: Microsoft has released Internet Explorer 9 (IE9). Unfortunately it runs only on Vista and Windows 7.IE 9 is available here.
Special Cyber Security Warnings
Phishing Attacks: US-CERT is warning Internet users of an ongoing phishing attack targeting PayPal, Bank of America, Lloyds and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment. We remind users to be extremely suspicious of email correspondence appearing to come from your bank, brokerage account, PayPal or other financial institution. These organizations typically limit their customer emails to providing information. They NEVER ask for personal information.
Tsunami Scam Warning: US-CERT continues to warn Internet Users to be cautious of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.
Newly Announced Unpatched Vulnerabilities
Adobe: Adobe has released a security advisory to alert users of a critical vulnerability that may allow a cyber criminal to take control of a user’s computer. The vulnerability affects the following products:
Adobe has stated that they expect to release a fix for this vulnerability during the coming week.
BlackBerry: Research In Motion has released a security notice (KB26132) to alert users of a vulnerability affecting the browser in BlackBerry Software versions 6.0 and later. A cyber criminal exploiting this vulnerability may gain access to user data stored on the media card and the built-in media storage. Users can do the following to help mitigate the risks:
Important Unpatched Vulnerabilities.
Apple Safari 5.x: A vulnerability in Safari 5.x first identified last June continues unpatched. We continue to consider Safari unsafe for browsing.
AOL: The zero-day vulnerability in the way AOL handles Rich Text Files remains unpatched.
CA Internet Security Suite: Highly critical security vulnerabilities have been found in versions 6.x and 7.x of this popular all-in-one security program. These vulnerabilities can be exploited remotely by malicious people to take remote control of a user’s system. CA has not announced a patch for this program. CA did release an upgrade to version 8.x of its corporate Host-Based Intrusion Prevention System—which suffered from similar vulnerabilities—leading one to suspect that CA will soon have an upgrade to its Internet Security Suite.
HTC Mobile Devices: The security issues in the default Twitter application (Peep) in HTC products remain unpatched.
Internet Explorer 8.x: We continue to consider Internet Explorer 8.x unsafe for browsing. IE8 has been on our vulnerability list since January 28 and has not yet been patched. We advise upgrading to IE9 if you’re running Vista or Windows 7.
PDF-Pro: Several highly critical vulnerabilities have been found in PDF-Pro, a popular alternative to Adobe Acrobat. These vulnerabilities would allow a cyber criminal to take control of a user’s computer.The vulnerabilities are confirmed in version 4.0.1.758. Most are also confirmed in version 4.5.2.1321 . Other versions may also be affected. We urge readers to refrain from opening untrusted PDF files using PDF-Pro.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.
Apple iOS 4.3: Apple has released iOS 4.3 for the iPhone and iPad. While primarily designed to support the iPad 2, the update also fixes several security vulnerabilities. The update is available through iTunes.
Apple Java Updates for Mac OS X 10.5 and OS X 10.6: Apple Java Update for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 address multiple critical security vulnerabilities. These vulnerabilities allow a cyber criminal to take control of a victim’s computer. Updates can be downloaded here.
Apple Safari 5.0.4: Apple has released an update to Safari that addresses more than40 vulnerabilities, many of them critical. The update is available from Apple here. However, a review of Apple’s description of the update gives no indication that the update patches the specific vulnerability that causes us to describe Safari as “unsafe for browsing” (see below).
Apple TV 4.2: Apple has released version 4.2 to correct multiple vulnerabilities in Apple TV. Information on the update is available here. Update instructions are available here.
Google Chrome 10.0.648.127: Google has updated its Chrome browser. The new release fixes 23 identified security vulnerabilities, 15 of which are critical. Information about the update is available here. The update is available from Google here.
Microsoft Patch Tuesday Updates: Microsoft has released updates to fix at least four security vulnerabilities in Windows, Office and other products, including a critical vulnerability in its Media Player / Media Center. Microsoft did not patch the critical vulnerability in Internet Explorer 8 (see below). Readers can check that updates have been installed through the Security Center which can be accessed through the Control Panel.
Special Cyber Security Warnings
Tsunami Scam Warning: US-CERT is warning Internet Users to be cautious of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.
Rogue AntiVirus through Skype: Brian Krebs writes on his blog, KrebsOnSecurity.com, that “a few of his readers have written, saying that they recently received Skype phone calls urging them to download and install a system update for Microsoft Windows. Users who visit the recommended site are bombarded with the same old scareware prompts that try to frighten them into purchasing worthless security software. Scareware scams are nothing new to Skype: They have spread for some time now over the instant message client built into Skype, but this is the first I’ve heard of rogue anti-virus peddlers resorting to robocalls via Skype to spread their junk software.”
Important Unpatched Vulnerabilities.
PDF-Pro: Several highly critical vulnerabilities have been found in PDF-Pro, a popular alternative to Adobe Acrobat. These vulnerabilities would allow a cyber criminal to take control of a user’s computer.The vulnerabilities are confirmed in version 4.0.1.758. Most are also confirmed in version 4.5.2.1321 . Other versions may also be affected. We urge readers to refrain from opening untrusted PDF files using PDF-Pro.
CA Internet Security Suite: Highly critical security vulnerabilities have been found in versions 6.x and 7.x of this popular all-in-one security program. These vulnerabilities can be exploited remotely by malicious people to take remote control of a user’s system. CA has not announced a patch for this program. CA did release an upgrade to version 8.x of its corporate Host-Based Intrusion Prevention System—which suffered from similar vulnerabilities—leading one to suspect that CA will soon have an upgrade to its Internet Security Suite.
Internet Explorer 8.x: We continue to consider Internet Explorer 8.x unsafe for browsing. IE8 has been on our vulnerability list since January 28 and was not patched in this week’s Patch Tuesday.
Apple Safari 5.x: A vulnerability in Safari 5.x first identified last June continues unpatched. We continue to consider Safari unsafe for browsing.
AOL: The zero-day vulnerability in the way AOL handles Rich Text Files remains unpatched.
HTC Mobile Devices: The security issues in the default Twitter application (Peep) in HTC products remain unpatched.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
• Use Only for On-Line Banking
• Don’t Connect It to Corporate Network
• Use a Separate Internet Connection
• Keep It Fully Patched
• Keep Anti-Malware Up-to-Date
• Be On Guard for Social Engineering Attacks
• Don’t Click on Email Links or Open Email Attachments Unless You Know They Are Safe; When in Doubt, Don’t
• Limit Workplace Information Posted on Social Networks
• It’s Not Paranoia If They Are Out To Get You
Disclaimer: While the above tips can help protect you against online bank fraud, they are not silver bullets. Following these tips can lower your risk; they cannot reduce your risk to 0.
© Copyright 2011. Citadel Information Group. All Rights Reserved.