Tuesday, September 30, 2014

Cyber Security: Experts warn of newest computer threat

Internet security experts are warning that a new programming flaw known as the Bash Bug may pose a serious threat to millions of computers and other devices such as home Internet routers. Even the systems used to run factory floors and power plants could be affected.

So, is it time to panic? Click here to read some common questions and answers about the latest security scare.

Monday, September 29, 2014

Cyber Security: UCSD fights cyber attacks targeting research

UC San Diego has been targeted by a series of cyber attackers seeking access to sensitive research and other data since 2012 and officials say the so-called advanced persistent threat has prompted the campus to take steps to bolster its security. Read the article here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 22

Click the link below to view the summary of cyber security vulnerabilities for the week of September 22 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-272


Friday, September 26, 2014

Cyber Security: N.Y. Financial Regulator Says To Focus On Cyber Security

New York's financial regulator said on Monday his agency will focus on cyber security over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night. "It is impossible to take it seriously enough," said Benjamin Lawsky, superintendent of the Department of Financial Services for the state of New York. Read the article here.

Thursday, September 25, 2014

Cyber Security: Massively Distributed Citadel Malware Targets Middle Eastern Petrochemical Organizations

Recently, IBM Trusteer researchers identified targeted cyber attacks on several Middle Eastern petrochemical companies. They have identified a campaign in which attackers are using a variant of the evasive Citadel malware. Citadel was originally created for the purpose of stealing money from banks and has been massively distributed on users’ PCs around the world. Read the article here.

Wednesday, September 24, 2014

Tuesday, September 23, 2014

Cyber Security: Home Depot malware attack even bigger than Target's, 56m payment cards affected

Home Depot said Thursday a recent cyber attack on its computer network affected a colossal 56 million customer payment cards. Click here to read the article.

Monday, September 22, 2014

Cyber Security: US accuses China of hacking into defense contract firms

Chinese hackers believed to be linked to Beijing conducted dozens of cyber attacks on US defense contractors between 2012 and 2013, potentially compromising military operations, a congressional probe warned last Wednesday. A study by the Senate Armed Services Committee found that hackers gained access to systems run by companies doing contract work for the US Transportation Command at least 50 times in a one-year period ending May 30, 2013. Read the article here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 15

Click the link below to view the summary of cyber security vulnerabilities for the week of September 15 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-265


Friday, September 19, 2014

Cyber Security: Shopping Online May Actually Be Safer Than Shopping In Person

The list of major retailers that have been hacked keeps growing. But while tens of millions of people have seen their credit card numbers fall into the hands of hackers, online shoppers at those stores appear safe. In recent breaches at Target, Neiman Marcus and, most recently, Home Depot, the retailers said online customers were not affected. The hacks raise a curious question at a time when danger seems to lurk on every corner of the Internet: Is it actually safer to shop online than in person? Read the full story here.

Thursday, September 18, 2014

Cyber Security: How Cyber Criminals Attack Small Businesses - and 10 Ways to Stop Them

At a recent "Hacker Lab" event, "white hat" hackers revealed how cyber criminals work - and what businesses can do to protect themselves. The multimedia presentation used a simulated small business system to demonstrate how hackers choose their targets, how they enter the system, and what they do post-infiltration. Click here to read the article.

Wednesday, September 17, 2014

Cyber Security: 3 Ways Your Kids Can Get You Hacked

Last month a story in the Wall Street Journal article sent a shudder down our collective parental spine. Google is planning to open Gmail and YouTube to kids under the age of 13. While the company will restrict this king's ransom of new clicks to kid-friendly content, hackers could well have a field day. Read the article here.

Tuesday, September 16, 2014

Cyber Security: Belden Research Reveals Dragonfly Malware Likely Targets Pharmaceutical Companies

Belden Inc., a global leader in signal transmission solutions for mission-critical applications, today releases new research that shows the recently revealed Dragonfly malware is likely targeting the pharmaceutical sector, not the energy sector as previously believed. Until now, advanced cyber attacks against industry have focused on the critical energy and chemical sectors. Click here to read the article.



Monday, September 15, 2014

Cyber Security: Nigerian bank falls victim to $40 million insider cyber-heist

Nigerian police are on the hunt for an IT staffer at Skye Bank who hacked into the bank's systems and transferred $40 million to a raft of bogus accounts before going on the run. Thirty-eight year old Isoko resident Godswill Oyegwa Uyoyou is alleged to have conspired with a criminal gang to access the bank's computer system and inflate the balances of various accounts. Read the full story here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 8

Click the link below to view the summary of cyber security vulnerabilities for the week of September 8 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-258


Friday, September 12, 2014

Cyber Security: Russian hackers publish nearly 5 million Gmail passwords

Nearly 5 million Gmail passwords were published on a Russian-language bitcoin security forum on Tuesday, according to a report from The Daily Dot. The publisher, known as "tvskit," claimed 60 percent of the 4,930,000 leaked usernames and passwords are valid. Click here to read the article.

Thursday, September 11, 2014

Cyber Security: Hackers Attacking Israeli Think Tank Aren't Interested in State Secrets

The website of a respected Israel-based foreign policy institute -- the Jerusalem Center for Public Affairs -- has been infected with code that is trying to steal bank account information from visitors. The campaign looks like an "advanced persistent threat-style attack" devised to siphon intelligence from government officials browsing the site, but "the threat is ultimately designed to pilfer banking credentials," Kaspersky Lab reports. Read the full story here.

Wednesday, September 10, 2014

Cyber Security: Return on Investment by Bernie Pella, Consultant for Invensys Critical Infrastructure & Security Practice

Bernie Pella, Consultant for Invensys Critical Infrastructure & Security Practice, discusses return on investment when it comes to cyber security for your organization or business.


Cyber Security Return on Investment


In today’s business environment, implementation of a cyber security program is a necessity. Many people correlate cyber security with an insurance policy, which is incorrect. Implementing a cyber security program is better related to risk management. Insurance provides compensation after an incident has happened. The idea of risk management prevents or minimizes the incident occurrence.

 
A cyber security program has many facets. In most cases, adding a firewall to a computer system does not constitute implementation of a cyber security program. The many facets of cyber security include addition of hardware, installation of security software, and training personnel in cyber security policies. Implementing the program may have significant costs. Minimizing the cost and meeting the appropriate cyber security requirements is the challenge.

 
Decisions for many facility or company improvements are based on Return on Investment (ROI) analysis to implement changes. Determining the ROI should be done based on factors associated with the risk of a cyber security incident. The impact of a cyber security incident could have a significant negative perception, impact the reputation, and potentially cause a financial impact to the company or facility. Examples of the negative impact have been seen from recent cyber security attacks on Target, Marshalls, and the Stuxnet attack. If the company or facility is perceived as a risk to personal financial information, environmental contamination of the surrounding area, potential of significant explosion by mixing inappropriate materials, or general safety, the company or facility will sustain a financial impact. This impact may be from fines or penalties and can also be from additional costs associated with a hazardous facility or company. The perception of risk from a cyber security intrusion may affect stock prices, personnel wages, insurance costs, and future potential for plant or company improvements or expansion.
 

When planning to implement or improve a cyber security program, the following criteria needs determined:

· Identify the regulatory requirements, both future and pending

· Establish current system status and planed upgrades

· Assess the risk associated with implementation of various levels of the cyber security program

· Determine current personnel capabilities and any need for external support

 
Cyber security implementation should reduce and minimize the risk of a cyber security attack. A cyber security program should not be thought of as insurance. Insurance compensates after the incident. Once the incident has occurred, damage to the facility or company reputation and perception will continue. The intent of insurance does not provide restoration to a loss of reputation or perception. A determination of the cost to the company or facility’s loss of reputation should be a significant factor in determining the cost of implementing a rigorous cyber security program.

 

Cyber Security: Home Depot confirms months-long hack

Home Depot on Monday confirmed that hackers indeed broke into its payment systems — maybe as far back as April. Home Depot’s hack might be even bigger than Target’s was last year. In Target’s case, hackers slipped in for three weeks and grabbed 40 million debit and credit cards. Hackers remained in Home Depot’s computers — unnoticed — for about five months. Read the article here.


Tuesday, September 9, 2014

Cyber Security: Your Password Laziness Makes Life So Much Easier For Russian Hackers

A gang of Russian hackers recently stole more than 1 billion usernames and passwords, and they likely got help from an unlikely accomplice: you. Click here to read the article.

Monday, September 8, 2014

Cyber Security: Hackers Fire Warning Shot at Healthcare.gov

Hackers breached security at the website of the government’s health insurance marketplace, HealthCare.gov, but did not steal any personal information on consumers, Obama administration officials said. Read the article here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 1

Click the link below to view the summary of cyber security vulnerabilities for the week of September 1 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-251



Friday, September 5, 2014

Cyber Security: Celebrity Hack Aside, Apple Is On The Brink Of A Security Breakthrough

Apple looks bad after the theft of thousands of nude photos of celebrities allegedly taken from its iCloud servers, even if the company denies responsibility. The fiasco is one reason why company shares fell 4.2% on Wednesday, and some have warned that it could spoil the expected September 9 announcement of the iPhone 6 and a smart watch.
 
But Apple is not alone in cyber security vulnerability. Home Depot, Target, UPS, and thousands of other businesses have suffered major data breaches, while more than a billion passwords were recently stolen from around the web by Russian hackers, with untold more taken through the Heartbleed bug. Click here to read the article.
 
 

Thursday, September 4, 2014

Cyber Security: Hackers make drive-by download attacks stealthier with fileless infections

Cybercriminals are increasingly infecting computers with malware that resides only in memory in order to make their attacks harder to detect. Read the article here.

Wednesday, September 3, 2014

Cyber Security: Home Depot's credit cards may have been hacked

A massive batch of credit and debit card information that went on sale on a criminal Internet site Tuesday may be from Home Depot stores and could be linked to hackers responsible for breaches at Target and P.F. Chang's, security experts say. Read the article here.

Tuesday, September 2, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of August 25

Click the link below to view the summary of cyber security vulnerabilities for the week of August 25 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-244



Cyber Security: NIST is Starting Point for Cyber Security

The National Institute of Standards and Technology’s cyber security guidelines for utilities, banks and other crucial industries serve as the baseline for what affected companies should be doing to protect their networks from attacks. Some companies have banded together to come up with additional recommendations that can be taken to enhance security, while some companies created their own policies. Click here to read more.