From our friends at Citadel Information GroupSecuring the Village - ISSA International Conference - Anaheim, CA - October 23-24, 20122012 ISSA International Conference: New opportunities abound in the midst of amazing transformations in technology, business, and culture. Inspired by Disney's innovative vision, the cybersecurity community will gather at the Magic Kingdom on October 25-26 to look at change as a chance to achieve excellence. Disruptions like "big data", "cloud computing", massive collaboration, and business transformation make it possible for us to blaze new trails and build effective foundations. We are enabling our work forces to be mobile and productive while protecting sensitive data. We build systems and policies that impede our foes and guard our constituents. This is an exciting time to be in the information security field and we are all vital in making our businesses faster, better, smarter and, most importantly, safer. Cyber Security Management & LeadershipHow Much Should We Worry About Cyber Security?:Internet crime is increasing in frequency and severity. What can be done to protect individuals, businesses, and governments? With the advent of cloud computing and the growth of connectivity among institutions, companies, and individuals, electronic security has never been a more visible and urgent issue. Special Issue. Bloomberg BusinessWeek. July 30, 2012 Creative Leadership: Democracy: If you want to be a leader in your organization and you're not one now, what are you doing about it? Maybe you're toiling away hoping your boss will see your leadership potential, or you're certain the higher-ups might have sensed your interest in leadership in the myriad of memos or reports you've carefully written and submitted. Call it your stealth leadership campaign. Forbes, July 12, 2012On Business, Leadership & The Stanley Cup:Eric Swenson - To know me is to know I'm a hockey fan. I went to my first game at the age of 8, in 1970. I've been a fan of Los Angeles Kings, a team that had an unsurpassed history of futility since their founding in 1967. To be a Kings fan is to live with a lifetime of frustration, a lot of hope, and not much else. RSJ Swenson.Cyber Threat - TechnologyUptick in Cyber Attacks on Small Businesses: New data suggests that cyber attacks aimed at small businesses have doubled over the past six months, a finding that dovetails with my own reporting on companies that are suffering six-figure losses from sophisticated cyber heists. KrebsOnSecurity. Aug 3, 2012 Black Hat is Over, But SQL Injection Attacks Persist: Last month, Yahoo found itself so overly distracted with kicking out and hiring yet another CEO that it fell prey to an old school SQL injection attack. Security gurus reacted with scorn and dismay at Yahoo's allowing 400,000 user names and passwords to be carried out the door then displayed on someone's front lawn for all the world to see, like a yard sale with no buyers. Wired, August 2, 2012From the article: Says Stan Stahl, President of the Los Angeles chapter of ISSA security association, "We simply cannot tolerate a head-in-the-sand attitude, whether by web developers or the people who hire and manage them. The consequences of willful ignorance are too grave."Microsoft: Windows, Mac malware gets in via Adobe, Java, Office: Microsoft has been doing some research into all the recent cross-platform malware (1, 2, 3) that attacks Windows, Macs, and sometimes even Linux. The company has concluded that current attacks exploit third-party vulnerabilities in software on these platforms. There are two ways the malicious code is being delivered, according to the software giant: via the Web and via e-mail attachments. ZDnet, August 1, 2012Email-Based Malware Attacks, July 2012: Last month's post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about the source of these attacks. KrebsOnSecurity, July 31, 2012Dropbox: Password Breach Led to Spam: Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they'd created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site that got hacked. KrebsOnSecurity, July 31, 2012More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet: The Gameover Zeus botnet is now the biggest financial fraud botnet around, and it's run by a single cybercrime group out of Eastern Europe, according to new research. DarkReading, July 31, 2012Security researchers reveal critical vulnerabilities in Huawei routers at Defcon: Researchers criticize Huawei for insecure coding practices and lack of security transparency. Security researchers disclosed critical vulnerabilities in routers from Chinese networking and telecommunications equipment manufacturer Huawei at the Defcon hackers conference on Sunday.Computerworld, July 30, 2012Tools Released at Defcon Can Crack Widely Used PPTP Encryption: Security researchers released two tools at the Defcon security conference that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication. PC World, July 29, 2012 SQL injection attacks up 69%: SQL injection attacks are becoming significantly more popular amongst hackers, according to recent data. Between Q1 2012 and Q2 2012, there has been an estimated 69 percent increase of this attack type. ZDNet, July 27, 2012Hacker Demos Android App That Can Wirelessly Steal And Use Credit Cards' Data: Smartphone payment systems like Google Wallet give Android users the futuristic ability to use their phones to make payments with their credit cards. Research Eddie Lee has taken that trick a step further: Using an Android phone to make payments from a credit card that belongs to an unwitting stranger. Forbes, July 27, 2012Cyber Threat - Social EngineeringOlympic Flavored 419 Scams Exploit London Games Fervor: Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a 'stay safe online' page but has also compiled a downloadable list of known scams. ThreatPost, July 31, 2012 Malware Hidden in Fake Groupon Email:Cybercriminals are now offering group discounts on malware.Security firm Sophos reported today that coupon site Groupon is being used to front malware.Emails allegedly from Groupon, with the misspelled subject line of "Groupon dicount gifts," claim that one of your friends has shared a Groupon deal with you. Except they probably haven't. PC Magazine, July 30, 2012Identity TheftEPA security breach exposes personal information of 8,000 people: A computer security breach at the Environmental Protection Agency exposed the Social Security numbers and banking information of nearly 8,000 people, most of them current employees, the EPA confirmed. Washington Business Journal, August 2, 2012 Online Bank FraudDefining Reasonable Security: Last month, an appellate court in Boston reversed a lower court's ruling that favored a bank in a legal dispute over a 2009 account takeover incident (see PATCO ACH Fraud Ruling Reversed.) BankInfoSecurity, August 2, 2012 FFIEC Risk Assessments Are Priority: Financial institutions are focusing a great deal of their attention on risk assessments. And that's exactly what regulatory examiners reviewing institutions for conformance with the FFIEC's updated Authentication Guidance want to see, says Doug Johnson, who oversees risk management policy for the American Bankers Association. BankInfoSecurity, July 30, 2012National Cyber SecurityCybersecurity Bill Is Blocked in Senate by G.O.P. Filibuster: WASHINGTON - A cybersecurity bill that had been one of the Obama administration's top national security priorities was blocked by a Republican filibuster in the Senate on Thursday, severely limiting its prospects this year. The New York Times, August 2, 2012 Cybersecurity Bill's Backers Cite Antivirus Firms' Bogus Cybercrime Stats: Antivirus firms, aside from producing antivirus software, are also some of the world's leading sources of fear, uncertainty, and doubt-what the security community refers to as FUD. Forbes, August 2, 2012Cybersecurity bill bombarded with amendments: As the U.S. Senate races toward its August recess, lawmakers are filing tons of amendments to the Cybersecurity Act, a number of them designed to add privacy protections. CNet, July 31, 2012Cyber DefendersRussia's Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals: It's early February in Cancun, Mexico. A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night's tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull's-eye. Wired, July 23, 2012 Cyber SunshineSouth Korean Hackers Arrested For Stealing 8 Million Users' Personal Information: SEOUL, South Korea (AP) - South Korean police said they arrested two men who allegedly stole the personal details of about 8 million mobile phone subscribers and sold the data to marketing companies in one of the country's biggest hacking schemes. Huffington Pose, July 31, 2012 Jeff Snyder’s SecurityRecruiter.com Security Recruiter BlogJeff Snyder is the President of Securityrecruiter.com, an
executive retained search firm highly specialized in information
security, corporate security, physical security, electronic
security and converged security recruiting.
read more: Cyber Security News for the Week Of August 6, 2012