A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
Read more ...
Wednesday, December 30, 2009
Tuesday, December 29, 2009
Apple issues security updates for Mac OS X
What's happening: Apple this week pushed an update for Leopard and Snow Leopard systems that plugs a large number of security holes in Apple's version of Java, a package installed by default on those Mac OS X systems that enables a number of multimedia Web applications.
The new Java version fixes at least 14 vulnerabilities in the version designed for OS X 10.6 systems; the package put together for 10.5 Macs corrects more than two dozen security flaws. Mac users can grab the patches via Software Update or from Apple Downloads.
What to do: Patch your Mac.
**********************************
Apple issues security updates for Mac OS X
The new Java version fixes at least 14 vulnerabilities in the version designed for OS X 10.6 systems; the package put together for 10.5 Macs corrects more than two dozen security flaws. Mac users can grab the patches via Software Update or from Apple Downloads.
What to do: Patch your Mac.
**********************************
Apple issues security updates for Mac OS X
Monday, December 28, 2009
GSM Cell Phone Encryption Broken
What's happening: At a conference in Berlin, German security researcher Karsten Nohl demonstrated a way to break system encryption to listen to conversations on GSM-based mobile phones. The encryption algorithm and variants of it are used to ensure the privacy of 80% of mobile calls.
What it means: Expect cell phone providers to strengthen GSM encryption algorithms.
What to do: While the fallout from this demonstration is not likely to put you at special risk, it is always a good idea to be circumspect in what you say on a mobile phone call.
**********************************
Cellphone Encryption Code Is Divulged
What it means: Expect cell phone providers to strengthen GSM encryption algorithms.
What to do: While the fallout from this demonstration is not likely to put you at special risk, it is always a good idea to be circumspect in what you say on a mobile phone call.
**********************************
Cellphone Encryption Code Is Divulged
Thursday, December 24, 2009
Cloud Computing Security
What's happening: Cloud computing is fast becoming the next great computer event. Why manage your own PCs, servers and programs when you can rent them online. And while cloud computing promises improved bang for scarce IT bucks, it is not without information security challenges. The linked article from MIT Technology Review explores some of the security challenges of cloud computing.
What to do: Look before you leap. Sort out the answers to critical security questions: How is your information being secured? What security is the cloud vendor responsible for and what are you responsible for? Does the cloud vendor meet your regulatory and legal security obligations, such as HIPAA or PCI DSS? Is your information available to move should you want or need to do so, or if you are required to produce it under subpoena? Don't settle for vague 'salesman' type answers. Ask to see documentation. As this article from MIT Technology Review writes: "Information technology's next grand challenge will be to secure the cloud--and prove we can trust it."
**********************************
From MIT Technology Review ... Security in the Ether
What to do: Look before you leap. Sort out the answers to critical security questions: How is your information being secured? What security is the cloud vendor responsible for and what are you responsible for? Does the cloud vendor meet your regulatory and legal security obligations, such as HIPAA or PCI DSS? Is your information available to move should you want or need to do so, or if you are required to produce it under subpoena? Don't settle for vague 'salesman' type answers. Ask to see documentation. As this article from MIT Technology Review writes: "Information technology's next grand challenge will be to secure the cloud--and prove we can trust it."
**********************************
From MIT Technology Review ... Security in the Ether
Tuesday, December 22, 2009
Howard Schmidt - Information Systems Security Association (ISSA) Board President - becomes US cybersecurity coordinator
What's happening: Howard Schmidt, president and CEO of the Information Security Forum (ISF) has been appointed White House Cybersecurity Coordinator by President Obama. As the new cybersecurity czar, he will have regular access to President Obama and serve as a key member of the National Security Staff. Schmidt has over 40 years of experience in government, business and law enforcement. He is in his second term as President of the Board of the not-for-profit Information Systems Security Association (ISSA), the world's foremost association for information systems security professionals.
What it means: President Obama last May became the first head-of-state of a major industrial nation to make a strong commitment to winning the battle to secure cyberspace. By appointing Schmidt as his Cybersecurity Coordinator, the President has given the job to a proven leader able to work with both government and industry. Schmidt helped develop the "National Strategy to Secure Cyberspace" which promotes "a comprehensive national awareness program to empower all Americans - businesses, the general workforce, and the general population - to secure their own parts of cyberspace." The plan recognizes that everyone must take responsibility for securing their own systems, that it takes the village to protect the village, that an unprotected computer puts even protected computers at risk.
What to do: Read our paper from the ISSA Journal "Creating the Information Security Village." Look for opportunities to do your part to "secure the village" including encouraging your IT and information security staff to become active in ISSA and other information security organizations.
**********************************
White House Picks New Cyber Coordinator
What it means: President Obama last May became the first head-of-state of a major industrial nation to make a strong commitment to winning the battle to secure cyberspace. By appointing Schmidt as his Cybersecurity Coordinator, the President has given the job to a proven leader able to work with both government and industry. Schmidt helped develop the "National Strategy to Secure Cyberspace" which promotes "a comprehensive national awareness program to empower all Americans - businesses, the general workforce, and the general population - to secure their own parts of cyberspace." The plan recognizes that everyone must take responsibility for securing their own systems, that it takes the village to protect the village, that an unprotected computer puts even protected computers at risk.
What to do: Read our paper from the ISSA Journal "Creating the Information Security Village." Look for opportunities to do your part to "secure the village" including encouraging your IT and information security staff to become active in ISSA and other information security organizations.
**********************************
White House Picks New Cyber Coordinator
Friday, December 18, 2009
Hackers exploit Adobe Reader flaw via comic strip syndicate
What's happening: Cybercriminals broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat.
What it means: Visitors to websites serving comics from King Features are at risk of having their PCs taken over by malware on the websites designed to exploit the recently discovered flaw in Acrobat Reader. Most antivirus programs will fail to detect the malware attack.
More strategically, the story illustrates the imagination and creativity that cybercriminals bring to their work. Like lions in the jungle, cybercriminals are on the prowl, looking for any sign of weakness they can exploit.
What to Do: Tactically: disable Javascript as described in our previous blog post. Be on the alert for a patch from Adobe. Implement an intrusion detection and prevention system.
Strategically: Make sure you're staying ahead of the cybercriminals as the risk of falling behind continues to grow.
**********************************
Hackers exploit Adobe Reader flaw via comic strip syndicate
What it means: Visitors to websites serving comics from King Features are at risk of having their PCs taken over by malware on the websites designed to exploit the recently discovered flaw in Acrobat Reader. Most antivirus programs will fail to detect the malware attack.
More strategically, the story illustrates the imagination and creativity that cybercriminals bring to their work. Like lions in the jungle, cybercriminals are on the prowl, looking for any sign of weakness they can exploit.
What to Do: Tactically: disable Javascript as described in our previous blog post. Be on the alert for a patch from Adobe. Implement an intrusion detection and prevention system.
Strategically: Make sure you're staying ahead of the cybercriminals as the risk of falling behind continues to grow.
**********************************
Hackers exploit Adobe Reader flaw via comic strip syndicate
Web Attack on Twitter Demonstrates Deep Internet Risk
What's happening: Users going to Twitter Friday morning arrived instead at a site for the “Iranian Cyber Army.” The online attack was the result of the most basic of security breaches: someone got the password to enter the master directory of Twitter’s Internet addresses (Twitter's master DNS or Domain Name Server) and redirected users to the “Iranian Cyber Army" site instead.
What it means: There are two levels of meaning here. The obvious level is that social network sites continue to demonstrate that they have yet to get system security under adequate management control.
At a deeper level, consider that users were redirected from Twitter to the “Iranian Cyber Army" site. What if it weren't Twitter but your favorite eCommerce site and instead of being sent to the “Iranian Cyber Army" site you were presented with a site that looked identical to the site you thought you were going to—except that it stole your credit card information or installed malware on your computer.
And what if it's not your favorite eCommerce site but your own company's web site. And now every visitor going to your web site is at risk that malware will be installed on their computer.
What to do: Keep computers patched. Run an intrusion detection and prevention program instead of basic anti-virus. To protect your company's web site, make absolutely positively certain that IT staff is securely managing the master passwords to your company's DNS.
**********************************
Web Attack on Twitter Is Third Assault This Year
What it means: There are two levels of meaning here. The obvious level is that social network sites continue to demonstrate that they have yet to get system security under adequate management control.
At a deeper level, consider that users were redirected from Twitter to the “Iranian Cyber Army" site. What if it weren't Twitter but your favorite eCommerce site and instead of being sent to the “Iranian Cyber Army" site you were presented with a site that looked identical to the site you thought you were going to—except that it stole your credit card information or installed malware on your computer.
And what if it's not your favorite eCommerce site but your own company's web site. And now every visitor going to your web site is at risk that malware will be installed on their computer.
What to do: Keep computers patched. Run an intrusion detection and prevention program instead of basic anti-virus. To protect your company's web site, make absolutely positively certain that IT staff is securely managing the master passwords to your company's DNS.
**********************************
Web Attack on Twitter Is Third Assault This Year
Tuesday, December 15, 2009
Hackers target unpatched Adobe Reader, Acrobat flaw
What's happening: Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.
What to Do: The exploit only works when users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript." Stay tuned for an update patch from Adobe.
**********************************
Hackers target unpatched Adobe Reader, Acrobat flaw
What to Do: The exploit only works when users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript." Stay tuned for an update patch from Adobe.
**********************************
Hackers target unpatched Adobe Reader, Acrobat flaw
Sunday, December 13, 2009
Viruses That Leave Victims Red in the Facebook
What's happening: Malware is spreading through Web sites like Facebook and Twitter. After stealing a Member's screen name and password, these malicious programs are coded to automatically send spam messages to the Member's friends and followers. Unsuspecting friends have been asked for money, have been directed to web-sites where malware is installed on their computers, and have had their user-names and passwords to online bank accounts stolen.
What it means: Social networks continue to be the wild wild west of the internet.
What to do: Stay vigilant. Be suspicious. Report suspected problems. And use a strong hard-to-break password.
**********************************
Viruses That Leave Victims Red in the Facebook
What it means: Social networks continue to be the wild wild west of the internet.
What to do: Stay vigilant. Be suspicious. Report suspected problems. And use a strong hard-to-break password.
**********************************
Viruses That Leave Victims Red in the Facebook
Saturday, December 12, 2009
In Shift, U.S. Talks to Russia on Internet Security
What's happening: The United States, Russia and a United Nations arms control committee have begun talks aimed at strengthening Internet security and limiting military use of cyberspace.
What it means: Nations must protect cyberspace as the strategic national asset it has become. As attacks on Latvia and Georgia have illustrated, a nation can be crippled by a methodical cyber-attack. Along with strong defenses, international treaties are a necessary pillar in any effective cyberspace security solution.
What to do: Stay tuned. This is just the beginning. There's still a lot of hard work ahead.
**********************************
In Shift, U.S. Talks to Russia on Internet Security
What it means: Nations must protect cyberspace as the strategic national asset it has become. As attacks on Latvia and Georgia have illustrated, a nation can be crippled by a methodical cyber-attack. Along with strong defenses, international treaties are a necessary pillar in any effective cyberspace security solution.
What to do: Stay tuned. This is just the beginning. There's still a lot of hard work ahead.
**********************************
In Shift, U.S. Talks to Russia on Internet Security
Friday, December 11, 2009
Security Alert: Check your Facebook 'privacy' settings now
What's happening: Facebook has made major changes that may allow complete strangers to see your personal photos and videos, date of birth, family relationships, and other sensitive information.
What it means: Unless you act to control who gets to see your private information, Facebook may let anyone see it, friend or foe alike.
What to Do: Follow the advice of Washington Post's Brian Krebs in the blog link below.
**********************************
Check your Facebook 'privacy' settings now
What it means: Unless you act to control who gets to see your private information, Facebook may let anyone see it, friend or foe alike.
What to Do: Follow the advice of Washington Post's Brian Krebs in the blog link below.
**********************************
Check your Facebook 'privacy' settings now
Wednesday, December 9, 2009
Zeus crimeware appears to be using Amazon's EC2 as command and control server
What's happening: Security researchers have intercepted a variant of the Zeus crimeware using Amazon’s EC2 services for command and control purposes of its botnet. Cybercriminals appear to be using Amazon’s RDS managed database hosting service as an alternative control domain in case they lose access to the primary domain. ScanSafe reports that in the past 3 years, it has recorded 80 unique malware incidents involving amazon, with 45 in 2009 compared to 35 total in 2007 and 2008 combined
What it means: This story illustrates the inherent challenge of securing the internet and with it, all the corporate and personal information in our computers and servers that is accessible via the internet. Amazon has every reason to get security perfect; yet they don't. No one can. Perfect information systems security is as impossible as perfect security of any kind. So long as we have information in our systems that someone else wants, there will be risk.
What to do: Follow the advice of Wall Street journalist Meryl Rukeyser who said "The secret of success lies not in avoiding risk but in managing it." (Meryl Rukeyser was Wall Street Week's Louis Rukeyser's father and a periodic guest on the show in the 1980s.)
**********************************
Zeus crimeware using Amazon's EC2 as command and control server
What it means: This story illustrates the inherent challenge of securing the internet and with it, all the corporate and personal information in our computers and servers that is accessible via the internet. Amazon has every reason to get security perfect; yet they don't. No one can. Perfect information systems security is as impossible as perfect security of any kind. So long as we have information in our systems that someone else wants, there will be risk.
What to do: Follow the advice of Wall Street journalist Meryl Rukeyser who said "The secret of success lies not in avoiding risk but in managing it." (Meryl Rukeyser was Wall Street Week's Louis Rukeyser's father and a periodic guest on the show in the 1980s.)
**********************************
Zeus crimeware using Amazon's EC2 as command and control server
Tuesday, December 8, 2009
Brian Krebs, Washington Post Journalist, Named Cybercrime Hero by Cisco
What's happening: Cisco's 2009 Annual Security Report names Brian Krebs, Washington Post journalist, as winner of its Cybercrime Hero.
The report writes: Kudos to Brian Krebs, who reports on computer security issues in his Security Fix blog on the website of The Washington Post. Krebs has spent a significant amount of time researching and reporting on banking Trojans like Zeus and Clampi and exposing how they operate.
In the fall of 2009, Krebs published a series of articles about the online “bank jobs” conducted by the sophisticated malware that Zeus and Clampi distribute. Through his extensive research and reporting, Krebs managed to discover a great deal about these Trojans. The tactics and routines associated with the malware—and the significant number of businesses and individual users who have been affected by it—would likely impress even some of the most successful bank thieves in history.
Krebs has taken time not only to report on these dangerous threats, but also to provide readers with practical and easy-to-understand advice about how not to fall victim to such scams.
What it means: Congratulations to Krebs for his award. The information security community has a friend in Krebs. One can only hope that a Pulitzer follows.
**********************************
Cisco names Security Fix author 'cybercrime hero'
The report writes: Kudos to Brian Krebs, who reports on computer security issues in his Security Fix blog on the website of The Washington Post. Krebs has spent a significant amount of time researching and reporting on banking Trojans like Zeus and Clampi and exposing how they operate.
In the fall of 2009, Krebs published a series of articles about the online “bank jobs” conducted by the sophisticated malware that Zeus and Clampi distribute. Through his extensive research and reporting, Krebs managed to discover a great deal about these Trojans. The tactics and routines associated with the malware—and the significant number of businesses and individual users who have been affected by it—would likely impress even some of the most successful bank thieves in history.
Krebs has taken time not only to report on these dangerous threats, but also to provide readers with practical and easy-to-understand advice about how not to fall victim to such scams.
What it means: Congratulations to Krebs for his award. The information security community has a friend in Krebs. One can only hope that a Pulitzer follows.
**********************************
Cisco names Security Fix author 'cybercrime hero'
Critical updates for Adobe Flash, Microsoft Windows
What's happening: Microsoft released six software updates on Tuesday to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. Adobe also issued security updates to its ubiquitous Flash Player and its Adobe AIR software. Updates are available for Windows, Linux and Mac versions of these programs.
What to Do: Patch your systems.
**********************************
Critical updates for Adobe Flash, Microsoft Windows
What to Do: Patch your systems.
**********************************
Critical updates for Adobe Flash, Microsoft Windows
Cisco Publishes 2009 Annual Security Report
What's happening: Cisco Security Intelligence Operations announces the Cisco 2009 Annual Security Report. The updated report includes information about 2009 global threats and trends, as well as security recommendations for 2010.
Report Highlight: Online criminals have taken advantage of the large social media following, exploiting users' willingness to respond to messages that are supposedly from people they know and trust.
What to Do: Review the report and strengthen defenses accordingly.
**********************************
Cisco 2009 Annual Security Report
Report Highlight: Online criminals have taken advantage of the large social media following, exploiting users' willingness to respond to messages that are supposedly from people they know and trust.
What to Do: Review the report and strengthen defenses accordingly.
**********************************
Cisco 2009 Annual Security Report
Monday, December 7, 2009
La. firm sues Capital One after losing thousands in online bank fraud
What's happening: An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.
What it means: Another victim of online bank fraud does battle with its bank over who's responsible.
What to do: Follow our earlier recommendations. Manage your own security. Check your insurance. Send your attorney a copy of our paper "An Emerging Information Security Minimum Standard of Due Care."
**********************************
La. firm sues Capital One after losing thousands in online bank fraud
What it means: Another victim of online bank fraud does battle with its bank over who's responsible.
What to do: Follow our earlier recommendations. Manage your own security. Check your insurance. Send your attorney a copy of our paper "An Emerging Information Security Minimum Standard of Due Care."
**********************************
La. firm sues Capital One after losing thousands in online bank fraud
Saturday, December 5, 2009
Phishers angling for Web site administrators
What's happening: Cybercriminals have launched a massive phishing campaign to trick webmasters into giving up the credentials needed to administer their Web sites. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute malicious software.
What it means: Cybercriminals have learned that they can take control of a PC by loading malicious software on a web site visited by the PCs users. This malware then infects the PCs of visitors, often bypassing corporate firewalls and antivirus software.
What to do: If you administer a web site and fell for this phishing scheme, contact your hosting provider and change your password. You also need to review your Web site content for any recent unauthorized changes.
**********************************
Phishers angling for Web site administrators
What it means: Cybercriminals have learned that they can take control of a PC by loading malicious software on a web site visited by the PCs users. This malware then infects the PCs of visitors, often bypassing corporate firewalls and antivirus software.
What to do: If you administer a web site and fell for this phishing scheme, contact your hosting provider and change your password. You also need to review your Web site content for any recent unauthorized changes.
**********************************
Phishers angling for Web site administrators
Subscribe to:
Posts (Atom)