Cyber Attacks, Threats, and Vulnerabilities
Fresh threat to critical infrastructure found in Havex malware (V3) A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware
Havex, It's Down With OPC (FireEye) FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as "Fertger" or "PEACEPIPE"), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors
Funny Facebook video scam leaves unamusing Trojan (Help Net Security) A new funny video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users' computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user's internet browser
The dangers of social media (DVIDS) A Marine is using social media when a female he does not recognize sends him a friend request. He enjoys meeting new people, so he accepts her request. They begin to chat and soon decide to meet. Before they meet, she tells the Marine he must contact, a man who knows the woman. The man tells him he must pay money or the Marine and his family and friends will be in danger
How cyber attacks ran rampant at the 2014 World Cup (AppsTechNews) After a month of fierce competition, exciting matches, and phenomenal goals, the 2014 World Cup in Brazil has finally concluded. While Germany is celebrating another impressive victory and the world looks back on what turned out to be a thrilling tournament, it's also important to look at some of the less than fantastic behind-the-scenes details
Chip and PIN security no panacea against payment card fraud (TechTarget) In June 2011, Alex Gambin had his wallet stolen while on the Spanish island of Mallorca. A few minutes later, unauthorized charges of more than $1,800 were made to his HSBC credit card, despite the fact that his card contained a security chip designed specifically to prevent that kind of theft and that any transactions should have required a personal identification number
Significant Deficiencies Found in Treasury's Computer Security (Nextgov) Weaknesses in Treasury Department computer systems that track federal debt are severe enough to disrupt accounting, according to a government audit
FDIC Made Progress in Securing Key Financial Systems, but Weaknesses Remain (GAO) The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent or deliberate misuse, improper modification, unauthorized disclosure, or destruction
Goodwill Industries probes possible payment card breach (ComputerWorld) Federal authorities and payment card industry fraud units notified Goodwill on Friday
Students hack Tesla Model S, make all its doors pop open IN MOTION (The Register) Toot the horn, too
Bulletin (SB14-202) Vulnerability Summary for the Week of July 14, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
How Apple iOS MAC address spoofing affects location-based services (TechTarget) Apple iOS 8 will add a MAC address spoofing feature to iPhones and iPads for wireless privacy. It could interfere with Wi-Fi location-based services used by many consumer-facing businesses
Cyber Trends
Study examines the problems with metadata and file sharing (CSO) A study by Workshare, a company focused on secure file sharing applications, says that 68 percent of the 800 professionals surveyed failed to remove metadata before sharing documents
Workaholic Brits expose sensitive data by taking their devices with them on holiday (ITProPortal) A survey of 1,000 UK consumers by ESET found that 44 percent of respondents will be taking their work-enabled mobile device abroad this year. While 67 per cent of respondents will carry work-related data on the mobile device they take on holiday; over a third admit to having no security on the device what-so-ever to protect the data
Marketplace
Cybersecurity startups to bank $788 million (CNN Money) Online privacy is on the tips of everyone's tongues these days, and investors are rushing to pour money into cybersecurity startups. Venture capital firms are expected to funnel $788 million into early-stage cybersecurity startups this year
IBM-Apple Deal: Turning Point for Banks? (BankInfoSecurity) Experts weigh pros, cons of broader Apple device use
Activist Investor Pushes EMC to Break Up (Wall Street Journal) Elliott Management says spin-off of VMware would boost stock price
Israeli hi-tech firm to launch Energy Cyber Security Center (Jerusalem Post) Aiming to tackle threats to infrastructure around the globe, the company plans to launch its Energy Cyber Security Center in Hadera on September 15
Vectra Networks Recognized by CRN as a 2014 Emerging Vendor (Digital Journal) Vectra Networks, the leading innovator in real-time detection of in-progress cyber-attacks, today announced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel
Netskope Recognized as a 2014 Emerging Vendor by CRN (Broadway World) Netskope, the leader in cloud app analytics and policy enforcement, todayannounced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel
Prof. Bruce Porter, Chairman of the Dept. of Computer Science at UT Austin, Joins SparkCognition Advisory Board (Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that eminent Artificial Intelligence researcher and Chairman of the Department of Computer Science at the University of Texas at Austin, Prof. Bruce Porter, will be joining the company's Board of Advisors
Products, Services, and Solutions
Townsend Security Brings Two Factor Authentication to Leading IBM i Security Solutions (IT News Online) Townsend Security, a leading authority in data privacy solutions, today announced that their leading IBM i security solutions now support two factor authentication. This major update allows organizations to reduce the security weakness of relying on passwords as their only authentication mechanism
Kiwi business boost as WatchGuard's IT security rules the roost? (TechDay) "If IT is difficult then you're doing it wrong," says Dave Wilson, Business Development Manager at iT360, an outsourced IT department service in New Zealand
Design and Innovation
EFF invites hackers to test, secure its Open Wireless Router (Help Net Security) The Electronic Frontier Foundation (EFF) has released Open Wireless Router, an experimental alpha release of wireless router software that is meant to improve some and add new capabilities to existing routers
Legislation, Policy, and Regulation
White House urged to articulate new standard for vital cybersecurity (Inside Cybersecurity) The White House should vow to prevent cyber risks from undermining the U.S. government's decisions and actions on fundamental national security policy, according to an independent study by a key administration adviser
U.S. Chamber mounts a push for Senate information-sharing bill (Inside Cybersecurity) Seeking to improve the odds for action in the Senate, the U.S. Chamber of Commerce today is urging Majority Leader Harry Reid (D-NV), Minority Leader Mitch McConnell (R-KY) and all other senators to take up the cybersecurity information-sharing bill passed recently by the Intelligence Committee
New York To Bitcoin Startups: Get Permission Or Get Out (TechCrunch) Bitcoin allows people to build financial technology without asking for permission, but if New York state has its way, this won't be the case for long
Can New York's BitLicense Prevent Another Mt. Gox Catastrophe? (BayPayForum) The release of proposed digital currency business regulations by the New York Department of Financial Services (NYDFS) has raised numerous questions, many of which focus on the threat to innovation in the space and the impact on broader adoption. Yet one question that may be worth considering is this: will these regulations stop another Mt. Gox catastrophe?
Iran's Ruling Elite Embrace Facebook, While Ordinary Citizens Are Arrested Over It (Slate) On July 13, Iran's official state news agency reported that eight people had been sentenced to a combined term of 127 years in prison for their activities on Facebook. The eight youths reportedly were charged with "acting against national security, spreading propaganda against the establishment, insulting the sacred, and insulting the heads of the Islamic Republic." The Iranian judiciary has not revealed the identities of those sentenced, or the particulars of this offensive activity. Iranian activists both in and outside the country seem to know almost nothing more about the case
Litigation, Investigation, and Law Enforcement
Identifying cyber-criminals is No. 1 challenge, high-profile lawyer says (Pittsburgh Tribune) Federal investigators in Pittsburgh indicted Russian Evgeniy Bogachev on hacking charges last month, but used only nicknames for four other hackers in a related civil suit
IRS gives full account of lost Lerner emails (Politico) The IRS declared under oath and penalty of perjury on Friday that Lois Lerner's hard drive is irrecoverable after being wiped clean by tech staff and recycled with an outside contractor, according to a court filing
6 questions about the IRS's missing emails, from IT experts (Washington Post) Did the IRS intentionally lose e-mails to cover up potentially incriminating communications relating to the agency's targeting controversy, or did the records go missing because of bad technology management?
Spionage-Angriff auf Siemens in Österreich (Kronen Zeitung) Mitten in die Diskussion um NSA-Agenten und die Wiener US-Botschaft platzt jetzt ein echter Wirtschaftskrimi: Siemens Österreich soll Opfer einer Spionage-Attacke geworden sein. Ein Ex-Manager soll seinem Nachfolger Geld für ein gut gehütetes Betriebsgeheimnis geboten haben. Es geht um einen Riesenauftrag und Hunderte Arbeitsplätze
League of Legends hacker was making over $1,000 per day (Tweaktown) Shane 'Jason' Duffy was making over $1,000 per day as a League of Legends hacker