Internet Security Alliance News 7-29-09
From The Internet Security Alliance
In The News…
July 24, Orange County Register – (California) FBI to investigate Placentia library hacking. The FBI is hunting down the hackers that hijacked the Placentia Public Library Web site the morning of July 24, a bureau official said the same afternoon. “The FBI will open and investigation into this incident,” said an FBI spokeswoman. The spokeswoman, who works out of the bureau’s Los Angeles field office, said that the FBI has a special unit that investigates “cyber crimes, computer intrusions, defacements, more traditional crimes like fraud and child exploitation.” Visitors to the Placentia Library Web site were greeted by an image of a flapping flag with a crescent moon and star behind a portrait of famed Turkish leader Mustafa Kemal Ataturk. Underneath was the phrase “Editaarruz is back.” A group calling itself the “Federal Atack Team” has apparently hacked www.placentialibrary.org — disabling the site completely. The word “taarruz” means “attack” or “offensive” in the Turkish language.
Source: http://www.ocregister.com/articles/site-web-search-2506225-google-placentia
July 25, ZDNet – (International) HP researchers develop browser-based darknet. Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from uncovering confidential formation. Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, two HP researchers plan during the week of August 3 to demonstrate a browser-based darknet called “Veiled,” which they claim requires little proficiency to set up and run. “This will really lower the barriers to participation,” one of the researchers told ZDNet UK. “If you want to create a darknet, you can send an encrypted e-mail saying, ‘Here’s the URL.’ When (the recipient visits) the Web site, the browser can just get (the darknet application) going.” The researchers are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas.
Source: http://news.cnet.com/8301-1009_3-10295761-83.html
July 27, Louisville Courier Journal – (Kentucky) Theft used stealthy computer code. The world suddenly seemed a lot smaller in late June, following the theft of $415,000 from a bank account belonging to Bullitt County government. Investigators say Ukrainian criminals hacked their way into Bullitt government computers using malicious code also used to hijack $6 million from banks in the United States, United Kingdom, Spain and Italy in 2007. Federal investigators are still trying to determine where the Bullitt taxpayers’ funds have gone. An FBI spokesman from the Louisville office said the investigation may take several more weeks. But computer experts say the malicious code, which Bullitt officials identified as “ZeuS,” is a stealthy type of trojan software popular among hackers. A trojan is a program that appears legitimate but actually performs illicit activity. Bullitt County and its bank, Elizabethtown-based First Federal Savings Bank, are just beginning to grapple with the ramifications left in ZeuS’ wake. Bullitt officials said the culprits hacked into an e-mail to gain access to county government passwords and used them to withdraw funds from an account used to pay county employees. Bullitt County recovered $105,813.06 of the $415,989.17 discovered missing June 29 by reversing transactions in accounts still containing the stolen money.
Source: http://www.courier-journal.com/article/20090727/ZONE10/907270320/Theft+used+stealthy+computer+code
July 27, Softpedia – (International) Critical out-of-band patch for Internet Explorer 8. Microsoft is cooking a security refresh for Internet Explorer 8, and earlier supported versions of the browser, that will be released on July 28. According to the Redmond company, the IE update will be accompanied by a security bulletin for Visual Studio. The software giant underlined that, although two separate security bulletins were scheduled for release come July 28, both updates were designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protections possible explained the director of MSRC. “While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported,” the director noted. The patches coming July 28 are what Microsoft refers to as out-of-band security updates.
Source: http://news.softpedia.com/news/Critical-Out-of-Band-Patch-for-Internet-Explorer-8-117601.shtml
July 27, USA Today – (International) Hackers may slip through hole found in Adobe tools. Cybercriminals may have a clear path to spread mayhem on computers this week by taking advantage of a newly discovered vulnerability in Adobe’s ubiquitous Flash video player and Acrobat Reader, the widely used tool for opening PDF documents. Since early July, troublemakers have been e-mailing PDF files with corrupted Flash video clips and hacking into websites to implant them. These clips, when activated, enable attackers to quickly install malicious programs on the user’s computer. Criminals typically take control of PCs, turning them into obedient “bots.” The number of attacks could soar this week as Adobe scrambles to develop an emergency patch by July 31. The company recently began issuing security patches once a quarter, with the next update scheduled on Sept. 8. “The volume of cybercrime has been increasing, so we’ve stepped up our efforts to supply best-in-class security,” says Adobe’s senior vice president and general manager of business productivity. But even that might not solve the problem. Adobe alerts computer users every seven days about software updates that can include security patches, but users often defer installing such updates. The security firm has already found a booby-trapped e-mail sent to a corporate executive.
Source: http://www.usatoday.com/tech/news/computersecurity/2009-07-26-adobe-hackers_N.htm
Introducing the ISAlliance Information Security Resources News Feed
In our continued effort to provide membership with access to the latest developments and relevant issues being addressed by compliance, IT and security professionals today, the ISAlliance would like to introduce the addition of the Information Security Resources News Feed to our website selections.
Information Security Resources strives to bring together security thought leaders by providing a forum for security issues across all sectors and industries. ISR’s concern is centered around the failure of organizations to adequately protect regulated systems and data, with a focus is on the exposure of private info and sensitive systems during the financial meltdown, including identity theft, privacy breach, info stolen, credit card fraud, and other enormous liabilities. In addition to the obvious threat to market stability, the financial debacle has the added element of national and global security concerns. ISR’s editors and contributors strongly believe that system integrity is the next major national security, shareholder derivative, D&O liability, regulatory, consumer product safety, and class-action issue our nation will face. ISR is led by Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, who is a former ISalliance Board member, and managed by Anthony M. Freed.
The link for the news feed in located at the top of the “Business Services” column on any ISAlliance website page. Enjoy!
This Week at the ISAlliance…
Friday, July 31: ISAlliance & ANSI Homeland Security Standards Panel (HSSP) - Workshop on Developing a Framework to Analyze and Manage Financial Risk for Cyber Security. This Workshop marks the beginning of the second phase of this project and is the latest in a series of homeland security initiatives that have focused on an economic perspective to standards supporting subject areas such as private sector preparedness, perimeter security, biometrics, credentialing/access control for disaster management, and a number of others. The primary output of this Workshop will be the creation of a framework encompassing the process for analyzing, managing and transferring financial risk for cyber security. It will also include guidance on taking this risk analysis and incorporating it into business operations (e.g., business continuity planning, vendor management, insurance determination, etc.). This plenary effort will lay the groundwork for delivering a second publication for delivery during National Cyber Security Month (October 2009). The first phase of this project delivered the publication: The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask which is available for free download at - http://www.isalliance.org/index.php?option=com_content&task=view&id=171&Itemid=333
Speaking Opportunity for ISAlliance members: The Illinois Institute of Technology’s Center for Professional Development will be hosting the 5th Annual VoIP Conference and Expo Wednesday and Thursday October 28 and 29, 2009. This two-day conference, where industry and academia meet, will bring together technical professionals and executives from the data and telecommunications industry, standards bodies, government agencies, as well as the business community. ISAlliance members interested in participating as a panelist discussing the practical side of VoIP Security, how IT security is being practiced today to protect VoIP and what important new steps need to be taken in the near future should contact bfoer@isalliance.org.
Download a complete copy of The Cyber Secuirty Social Contract: Policy Recommendations for the Obama Administration and 111th Congress.
- Learn More About the ISAlliance
The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.
* * *
Stay Informed With ISR News Feeds and Email Alerts Here:
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Government, ISR News, Insider Threat, Internet Security Alliance, Military, PCI, Sarbanes-Oxley, Uncategorized, due diligence, hackers, identity-theft, malware, national security, privacy
Comments
2 Comments on Internet Security Alliance News 7-29-09
-
Internet Security Alliance News 7-29-09 : Information Security … | OnlineTalkers - Let technology do the talking on
Tue, 28th Jul 2009 7:05 pm
-
IT BLOG - Internet Security Alliance News 7-29-09 : Information Security … on
Tue, 28th Jul 2009 9:09 pm
[...] the original post here: Internet Security Alliance News 7-29-09 : Information Security … due-diligence, Entertainment, federal, Gadgets, hackers, home refinance loans, identity-theft, [...]
[...] View post: Internet Security Alliance News 7-29-09 : Information Security … [...]
Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
