-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Cyber Security News of the Week, April 22, 2011
Internet Badlands
Scammers take advantage of Epsilon data breach: Scammers are currently taking advantage of the data breach that affected email security provider Epsilon recently, by creating a copy of Epsilon‘s website and claiming that people can download a ‘security tool’ that tells them whether they have been affected. Virus Bulletin, April 18, 2011 [Read Citadel's analysis of Epsilon here.]
Cybercriminals Target Consumers Looking to Give Disaster Relief: The emails read: “I’m Mrs. Mariam Ellis, a devoted humanitarian, with your assistance I want to set up a foundation (worth millions of dollars) to help the victims of Tsunami in Japan and other environments around the world. The funds are available. Please contact me for more details…”. Fox News
Scam may target Texans after personal data leak. Telephone scammers may be targeting the nearly 3.5 million Texans who had their Social Security numbers and other vital personal information inadvertently exposed to the public, the state attorney general’s office warned Tuesday. Bloomberg BusinessWeek, April 19, 2011
‘Naked pic’ scam spreads across Internet: A new email scam is hoping to catch eager Web surfers with their pants down. MSNBC, Security News Daily
Android Skype Users Had Personal Info Exposed to Malicious Apps: Android users of Skype may have had their personal sensitive information stolen due to malicious applications stealing user data from their phones due to file permissions that were incorrectly assigned due to a vulnerability in the method Skye’s Android application stored their data. TopTechReviews.net, April 18, 2011
The Cloud
Amazon Cloud Failure Takes Down Web Sites. A widespread failure in Amazon.com’s Web services business was still affecting many Internet sites on Friday morning, highlighting the risks involved when companies rely on so-called cloud computing. New York Times, April 21, 2011
Rays of Sunshine
ISSA of Los Angeles Announces Carl Terzian Distinguished Keynote Speaker at 3rd Annual Information Security Summit. The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) announces Carl Terzian, chairman of Carl Terzian Associates, as Distinguished Keynote Speaker at its third annual Information Security Summit on Protecting Businesses from Cyber Attacks. The theme of this year’s Summit is The Growing Cyber Threat: Protect Your Business. The Summit will be held Wednesday, June 15, 2011 at 7:30 AM on the UCLA Campus and will be hosted by UCLA Extension. PRLog.org, April 22, 2011 [Visit ISSA-LA for more information or to register]
U.S. Government Targets Ring Infecting 2.3 Million Computers: The FBI and the Justice Department on Wednesday began dismantling a ring of international computer thieves who stole hundreds of millions of dollars worldwide by infecting over 2.3 million computers with malicious software. It was the biggest such enforcement action U.S. authorities have ever taken against cyber criminals. Fox News, April 13, 2011
U.S. Government Takes Down Coreflood Botnet: The U.S. Justice Department and the FBI were granted unprecedented authority this week to seize control over a criminal botnet that enslaved millions of computers and to use that power to disable the malicious software on infected PCs. KrebsOnSecurity, April 14, 2011
Surveys and Reports
Verizon Security Report: Data Breaches At New Highs In 2010: According to a new report by Verizon and the U.S. Secret Service, a record number of data breaches were reported in 2010, though the number of compromised records dropped dramatically to 4 million in 2010 from 144 million in 2009. Huffington Post, April 19, 2011
Are Megabreaches Out? E-Thefts Downsized in 2010: The number of financial and confidential records compromised as a result of data breaches in 2010 fell dramatically compared to previous years, a decrease that cybercrime investigators attribute to a sea-change in the motives and tactics used by criminals to steal information. At the same time, organizations of all sizes are dealing with more frequent and smaller breaches than ever before, and most data thefts continue to result from security weaknesses that are relatively unsophisticated and easy to prevent. Krebs On Security, April 19, 2011
Security lags cyberattack threats in critical industries, report finds: The world’s water treatment plants, power grids, and other vital industries are seeing escalating cyberattacks, but are not ramping up security fast enough, says a new global report. Christian Science Monitor, April 20, 2011
Sharp Rise in Cyber Attacks on Grids Is Reported: McAfee, a network security firm in Santa Clara, Calif., and Georgetown University’s Center for Strategic and International Studies (CSIS) have issued a report documenting a high rate of cyber attacks against the electric power grids in 14 countries surveyed. Of 200 IT executives questioned, 40 percent thought vulnerabilities had increased, 30 percent thought their companies were not adequately prepared, and 40 percent expected a major attack in the next year. Energy Wise, April 20, 2011
National lab lax in securing nuclear stockpile information, says audit. Lawrence Livermore National Laboratory has fallen short in securing information about the US nuclear stockpile, according to a Department of Energy (DOE) audit. infosecurity, April 20, 2011
Securing the Future
Obama Calls for Secure Online-Identity System. President Barack Obama unveiled an ambitious proposal Friday urging the private sector to create a trusted-identity system to boost consumer security in cyberspace.Digital rights groups cautiously welcomed the first-of-its-kind government proposal, calling it a blueprint for increased internet security and privacy, as the nation drifts to the virtual world to take care of basic needs from grocery shopping to paying taxes and dating. Wired, April 15, 2011
The Web’s Trust Issues: THE most dubious phrase in English after “act natural” is “trust me”. A party asking for trust without offering a reason why is probably untrustworthy. And yet the internet’s entire security ecosystem relies on precisely that reasoning. Browsers believe in the integrity of secured websites based on other unknown parties’ word. In these complicated times such implicit trust may be misplaced. Thankfully, work is afoot to change how trust is assigned, and it cannot come too quickly. The Economist, April 18, 2011
Privacy Matters
Tracking File Found in iPhones: Apple faced questions on Wednesday about the security of its iPhone and iPad after a report that the devices regularly record their locations in a hidden file. New York Times, April 20, 2011
Dumb and Dumberer
French Hacker Cuffed After Bragging on Telly:A French hacker who boasted of breaking into the systems of a government security contractor on national television has suffered some unsurprising consequences. The Register, April 14, 2011
