docCyberSecurity Current Events Newsletter
download 
Report Transcription
CyberSecurity Current Events Newsletter
Vol 5 – 30 Mar 2015 CyberSec Knowledge © Janice D. Pryor, GSLC, GSEC Director CyberSecurity Education & Training Covenant Security Solutions CyberSecurity Current Events Newsletter Highlights This version of the newsletter contains variety of recent hacks and exploits including attacks on service industries like airlines and hotel chains. Gov news covers activities in the US and Britain. Professional News covers methods for companies to protect themselves from hackers inside and out. Tools mentions new approaches to passwords and a look at the Industrial Control Systems. Employment covers injections of new funding which could lead to more jobs. Protect yourself lists attacks on social media and even our phones. Finally check out Miscellaneous for the strange and bizarre and useful information that doesn’t fit elsewhere. Have ideas on how to improve this newsletter? Email the address in the footer with your requests and ideas. Also, please forward the newsletter to friends and colleagues who might be interested. Recent Hacks/Exploits Adobe Flash fix FAIL exposes world's most popular sites http://news360.com/article/284404189 Attackers Target Community Banks http://news360.com/article/284463766 http://krebsonsecurity.com/2015/03/kreditechinvestigates-insider-breach/ Over 700,000 home routers threaten enterprise security http://news360.com/article/284671269 Government and Legislation Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected http://news360.com/article/284465273 Hackers breach NSW GovDC website http://news360.com/article/284547187 Australia's FIT College Hacked Because of Poor Security http://news360.com/article/284322532 IT leaders and security experts reject GCHQ call for firms to ban BYOD http://news360.com/article/284526019 British Airways frequent flyer accounts hacked http://news360.com/article/285282208 Communication startup Slack reports data breach http://reut.rs/1F22yl2 Apple Pay: Bridging Online and Big Box Fraud http://krebsonsecurity.com/2015/03/apple-pay-bridgingonline-and-big-box-fraud/ Hilton Honors Flaw Exposed All Accounts http://krebsonsecurity.com/2015/03/hilton-honors-flawexposed-all-accounts/ Kreditech Investigates Insider Breach FTC Opens Tech Office To Protect Consumers In This Strange New Connected World http://news360.com/article/284381080 Deputy Treasury Secretary names cyber crime biggest threat for enterprise http://news360.com/article/284711345 UK Government Gets Serious About Cyber Insurance in New Report http://news360.com/article/284477126 Threat-sharing cybersecurity bill unveiled http://news360.com/article/284652780 CyberSec Knowledge © Janice D. Pryor, Cyber Security Director, GSLC, GSEC Subscribe to this newsletter by sending email to [email protected] with a subject Subscribe. To be removed, send email to the same address with subject Remove. Follow me on Titter @JPCyberSec Facebook Covenant Security Solutions Linked In Janice Pryor Vol 5 – 30 Mar 2015 Congress needs to take action on data security http://news360.com/article/284679246 Protect Yourself Professional News Welcome To Privacy Hell, Also Known As The Internet Of Things http://news360.com/article/284381067 Alert: Cybersecurity Risk Management for Communications Companies http://news360.com/article/284729889 CFO's Finally Spending More in Cyber-Security http://news360.com/article/284362846 'Privilege Gone Wild' report examines account management habits vs. concerns http://news360.com/article/284519445 Why predictive analytics is defying one of security's greatest myths http://news360.com/article/284659885 Steptoe Cyberlaw Podcast, Episode #59: An Interview with Richard Bejtlich http://news360.com/article/284550449 Employment News Palo Alto Networks May Gain In Security Spending Hike http://news360.com/article/284730259 Virginia Cybersecurity Startup Lookingglass Raises $20 Million Series B http://news360.com/article/284549585 GCHQ have launched pilot scheme to recruit future cyber security experts http://news360.com/article/284718238 UK gov't launches hackathon for next-gen cybersecurity specialists http://news360.com/article/285047104 The race to build the Silicon Valley of cybersecurity http://news360.com/article/284674793 New CyberSecurity Tools or Advances Are passwords becoming passe? http://news360.com/article/284409768 Evolving Security in the Face of Cyber Attacks http://news360.com/article/284698223 Cyberphysical Security: The Next Frontier http://news360.com/article/284333751 Amazon patches huge XSS vulnerability that left user data exposed for two days http://news360.com/article/284521137 Android Security Flaw Could Potentially Affect Half of All Users http://news360.com/article/284652844 Flaw in Sync photos feature on Facebook mobile app http://news360.com/article/284496914 5 Social Engineering Attacks to Watch Out For http://news360.com/article/284403764 Beware: Google Docs Phishing Emails are circulating http://news360.com/article/284372678 Avast: Here's Why Smartphone Security Really Matters http://news360.com/article/284513039 Apple Pay's pitch: Simpler is better. But some security experts disagree. http://news360.com/article/284389548 Novels by Charles Dickens can generate secure and memorable passwords http://news360.com/article/284528753 Miscellaneous Five hacker movies that got things badly wrong http://news360.com/article/284463626 Apple patent envisions tracking people in real time http://news360.com/article/284489418 Will tomorrow's homes help hackers spy on us? http://news360.com/article/284570965 Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses http://news360.com/article/284629820 Hacking Air-Gapped Computers Using Heat http://news360.com/article/284640894 CyberSec Knowledge © Janice D. Pryor, Cyber Security Director, GSLC, GSEC Subscribe to this newsletter by sending email to [email protected] with a subject Subscribe. To be removed, send email to the same address with subject Remove. Follow me on Titter @JPCyberSec Facebook Covenant Security Solutions Linked In Janice Pryor Vol 5 – 30 Mar 2015 Featured Article Protecting Yourself In A Connected Age by Janice Pryor, GSLC, GSEC Whether its news of a new corporate compromise, or a notice in the mail that your accounts have possibly been stolen, it is inescapable in this new Internet of Things world that protecting yourself isn’t what it used to be. It’s no longer enough to lock your car and home, shred your sensitive paperwork before putting it in the trash and hide your check book and credit cards from your friends and relatives. Now you are online, attached, connected, and Tweeted, Instagramed, and Facebooked around the world. Children are online before they can even carry on a conversation and their tablets are as natural as crayons. Older Americans are connected so that they can stay involved with their younger family members in a way never before available. But the downside is most users have a plethora of user names and passwords or other authenticators that are no longer manageable. They have multiple connected devices that contain their personal secrets and identifiers, but few know the first thing about how to secure those numerous accounts, software, apps, devices and computers. Thinking Cyber Security is the problem of companies, ISPs, online services, or even your local store just leaves you vulnerable. Knowing how to provide your own personal Cyber Security is now as important a survival skill as knowing how to balance your checkbook (paper document that allows you to pay for things for my younger readers). Cyber Security education needs to be a part of our education system, starting in Pre‐Schools, through Elementary, Middle and High School, and offered in College self‐improvement courses. It also needs to be part of our Senior Centers, library out‐reach, and available through our other community resources. Additionally, this education isn’t a learn‐it‐and‐you‐are‐done affair. Just as the technology we use evolves so too do hacking avenues and possible vulnerabilities. Staying up to date on Cyber Security is going to be an essential requirement for personal protection and survival in our new connected age. Check out The more mobile you are, the more hackers rejoice: http://news360.com/article/284650074 CyberSec Knowledge © Janice D. Pryor, Cyber Security Director, GSLC, GSEC Subscribe to this newsletter by sending email to [email protected] with a subject Subscribe. To be removed, send email to the same address with subject Remove. Follow me on Titter @JPCyberSec Facebook Covenant Security Solutions Linked In Janice Pryor Vol 5 – 30 Mar 2015 Upcoming Events and Training Covenant Cyber Insider Threat Course- Virtual Class- 4.09.15 Cyber Insider Threat provides an up to date look at the Insider Threat for government and commercial organizations. This course provides students insight into documented insider threat cases, recent studies conducted on the insider threat, current government and industry guidance and best practices, as well as technical actions that can be taken to prevent, detect and handle the Cyber Insider Threat in their organization. https://www.facebook.com/events/611923495607474/ Covenant Cyber Insider Threat Course- Mclean VA- 4.30.15 Cyber Insider Threat provides an up to date look at the Insider Threat for government and commercial organizations. This course provides students insight into documented insider threat cases, recent studies conducted on the insider threat, current government and industry guidance and best practices, as well as technical actions that can be taken to prevent, detect and handle the Cyber Insider Threat in their organization. https://www.facebook.com/events/1607152232858823/ SANS Mentor SEC401 Session Charleston, SC | Thu Jul 16 - Thu Sep 17, 2015 SEC401: Security Essentials Boot camp Style is focused on teaching you the essential information security skills and techniques you need to protect and secure your organization's critical information assets and business systems. Our course will show you how to prevent your organization's security problems from being headline news in the Wall Street Journal! This course is a community mentor session that will meet for two hours every Thursday. http://www.sans.org/mentor/class/sec401‐charleston‐16jul2015‐janice‐pryor CyberSec Knowledge © Janice D. Pryor, Cyber Security Director, GSLC, GSEC Subscribe to this newsletter by sending email to [email protected] with a subject Subscribe. To be removed, send email to the same address with subject Remove. Follow me on Titter @JPCyberSec Facebook Covenant Security Solutions Linked In Janice Pryor
