CyberSecurity Daily
CyberSecurity Daily

Daily Distillation of Cybersecurity News For You!

Please Click Here to Take Our Very Short Survey

Internet Storm Center Infocon Status




10/13/2014: Home Depot Now Facing 21 Class-Action Lawsuits Over Data Breach...

09/22/2014: Home Depot’s Former Security Architect Had History of Techno-Sabotage...

09/18/2014: Home Depot Announces Hackers Stole 56 Million Credit and Debit Cards...

09/18/2014: Home Depot's 56 Million Card Breach Bigger Than Target's...


10/23/2014: Banks, Target Argue Over Breach Suit...

09/11/2014: Target Files Motion to Dismiss Data Breach Lawsuit...

(Click Here for Earlier Postings re The Target Breach)

Breach Level Index: http://breachlevelindex.com/#!home

Breach Level Index: http://breachlevelindex.com/#!breach-database

(Click Here for Links to Other Resources)

Links to Earlier Postings by Month

September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013


10/26/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Always access the Internet from behind a firewall. A firewall adds a security layer between your computer and the Internet, and helps stop hackers from stealing your identity, destroying your files, or using your computer to attack other systems. (Click here for additional information on firewalls).



Ransomware: Koler Worm Spreads Via SMS, Holds Phones for Ransom...


Privacy: How-To Guide to Protecting Yourself from Electronic Spying...

Authentication: Google Accounts Now Support Security Keys...



10/25/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Avoid allowing others to use your computer [devices] or login credentials. One way the serious culprits avoid detection is by asking a friend to use their computer. They then download or share files, using the IP address and identity of the friend, thereby diverting a possible lawsuit.




Cyberwar: Russia and China Edge Out US With Proposed Cyber Security Pact...

Privacy: Verizon Wireless Injects Identifiers That Link Its Users to Web Requests...


Privacy: Mac OS X Yosemite Sends Location, Search Data to Apple...


Privacy: Chinese Government Launches Man-in-Middle Attack Against iCloud...

Privacy: Apple CEO Tim Cook Meets with Chinese Official After iCloud Attack...

Cyberwar: US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'...



10/18/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Business Leaders: Pay due attention to those legal and regulatory requirements that affect the business (e.g. data privacy, copyright and internal control demands). Enforce your IS policy through regulatory compliance and through internal and external reviews. If you don't do this, you will be merely reacting to the latest security incident. This might find you legally liable for a breach, with consequential damage to your reputation and brand.




Vulnerability: Who’s Watching Your WebEx?...

Privacy: Cops Need a Warrant to Grab Your Cell Tower Data, Florida Court Rules...

Privacy: Facebook Tool Mines Stolen Passwords, Notifies Affected Users...

Privacy: Laura Poitras on the Crypto Tools That Made Her Snowden Film Possible...

Vulnerability: Hacked: The Six Most Common Ways Non-Tech People Fall Victim...

Industry: Facebook “Safety Check” Allows You to Connect with Family during Natural Disasters...



10/07/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Business Leaders: Create and maintain a comprehensive corporate information security (IS) policy. Support this with related guidance (including detailed policies and procedures) on how to deal with IS issues. Align this policy closely with business priorities. Endorse the approach and show total commitment to IS. Stress the need for good communication, comprehensive awareness of the key issues and compliance with relevant regulations.



Malware: Tyupkin Malware Infects ATMs Worldwide...

Vulnerability: Bugzilla 0-day Can Reveal 0-day Bugs in OSS Giants Like Mozilla, Red Hat...

Malware: Huge Data Leak at Largest U.S. Bond Insurer...

Privacy: Twitter Files Suit Over Government Restrictions on National Security Letter Data...

Legal: Feds ‘Hacked’ Silk Road Without a Warrant? Perfectly Legal, Prosecutors Argue...



10/06/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Enable two-factor authentication for your banking, email, social networking, and other crucial accounts. (This means you will need to enter a password, but also have a second factor of authentication such as a code sent via SMS to your phone that acts as a one-time password).





10/05/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Use a password manager: It will make your life easier so you don’t have to remember every single password you have. It is also safer because it will allow you to use more complex passwords and use different passwords for each site. Try LastPass, Dashlane, 1Password or KeePass.



Botnets: 17,000 Macs Infected with Botnet Controlled Via Reddit...

Botnets: Apple Updates Malware Definitions to Protect Against Botnet Threat Coordinated Via Reddit...

Privacy: Feds Only Have Themselves to Blame for Apple and Google's Smartphone Encryption Efforts...

Privacy: Animation Explains the Dangers of Computercop, the Malware that US Police Agencies Distribute to the Public...

Awareness: How a Times Cybersecurity Reporter Protects Her Data. And What You Can Do to Protect Yours...



10/04/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: If given a choice, never allow an online business to store your financial information. Rule of thumb: forego the "ease-of-use" temptation of allowing an e-commerce site to store your financial information. Often, under the auspices of convenience, companies will offer to store your information for future transactions. This information may be stored at the servers of the business, their cloud provider, or hidden on your system somewhere. Although any data you enter is somewhat at risk, data that is entered once and then transmitted is less likely to be compromised than stored data.



Attacks: Hackers’ Attack Cracked 10 Financial Firms in Major Assault...


Breach: JPMorgan Chase Breach Affected 83 Million Customers...

Threats: Tools for Creating Malicious USB Thumb Drives Released by Security Researchers...

Attacks: Report: LulzSec Leader Directed Cyberattacks While Working for FBI...


Privacy: The NSA and Me...



10/03/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Gamers:

  • If another player is making you feel uncomfortable, tell a trusted adult.
  • Learn how to block and/or report another player if they are making you uncomfortable. Keep a record of what the other player said, but do not engage them.
  • Never reveal your real name, location, gender, age, or any other personal information.
  • Keep your user name vague.
  • Use an avatar rather than an actual picture of yourself.
  • Do not present yourself as dating material.
  • Do not use voice chat when playing an online game, unless there is a feature that allows you to disguise your voice.
  • Do not use a web-cam while playing an online game.
  • Do not accept downloads from strangers. This includes cheat programs that may claim to help you perform better in the game, but really could be carrying malware.
  • Do not send out materials to fellow gamers that contains personal information and/or data.
  • Do not meet a stranger from your gaming world in person. People are not always who they say they are.




10/02/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: Tor is a more dramatic step you can take to stay secure. It's a network of virtual tunnels (a mix routing network) that sends your ISP to a cloud through a network of routers, making it impossible for your telecommunications provider to spy on you by default. Learn more at TorProject.org.





10/01/2014 Click Here to Report a Broken Link

TIP-OF-THE-DAY: For network encryption — Browser plug-ins and SSL (Secure Sockets Layer) will help maintain privacy. BlockPRISM for Chrome secures Facebook messaging. NoScript for Firefox, ScriptSafe for Chrome, and Disconnect for Safari are viable plug-ins.



(Click Here for September 2014 Postings)

(Click Here for August 2014 Postings)

(Click Here for July 2014 Postings)

(Click Here for June 2014 Postings)

(Click Here for May 2014 Postings)

(Click Here for April 2014 Postings)

(Click Here for March 2014 Postings)

(Click Here for February 2014 Postings)

(Click Here for January 2014 Postings)

(Click Here for December 2013 Postings)



Magazines

Arstechnica Security
CIO Security
Computer World
CSO Online
Data Breach Today
Dark Reading
eWeek Security
Information Week
infosecurity
pctech Magazine
SC Magazine
Tech Crunch
TechRepublic Security
Top Tech News
Wired Threat Level
ZDNet
ZDNet Security Blog


News

ABC News Cyber Attacks
Bank Info Security
Cyber Sec Report
eSecurity Planet
Government Info Security
The Guardian Information Security Hub
The Hacker News
Help Net Security
Homeland Security News Wire (Cybersecurity)
The Intercept
KrebsonSecurity
nakedsecurity
Schneier on Security
Search Security Tech Target
SecureList
Silicon Valley
Threat Post
Virus Bulletin


Organizations

CERT - Carnegie Mellon University computer emergency response team.

EPIC - public interest research center focusing public attention on emerging civil liberty issues in the information age.

Electronic Frontier Foundation - leading nonprofit organization defending civil liberties in the digital world.

Internet Storm Center - provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.

(ISC)2 - global, not-for-profit leader in educating and certifying information security professionals throughout their careers.

NIST - non-regulatory federal agency that promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology.

Onguard Online - the federal government’s website to help you be safe, secure and responsible online.

Privacy - site for daily news, information, and initiatives on privacy.

Privacy Rights - mission is to engage, educate and empower individuals to protect their privacy.

SANS - cooperative research and education organization working together to help the entire information security community.

Qualys SSL Labs - collection of documents, tools and thoughts related to SSL.

Stay Safe Online - educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school.

US CERT - leads efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans.



Tools

FCC Smartphone Security Checker - tool is designed to help the many smartphone owners who aren't protected against mobile security threats.

Metasploit - world's most used penetration testing software.

Nmap - a free and open source utility for network discovery and security auditing.

Snort - an open source network intrusion prevention and detection system (IDS/IPS).

Wire Shark - world's foremost network protocol analyzer.

ZMap - an open-source network scanner that enables researchers to easily perform Internet-wide network studies.




Information

AV-Test
Breach Level Index
Bytecode Cyber Security
Cyber Awareness Challenge
DHS List of Critical Infrastructure Sectors
FCC Cyber Planner
ICSA Labs
Information Security Glossary
My Information Security Policy
National Checklist Program Repository
Overview of current cyber attacks (logged by 180 Sensors )
Phoenix City Information Security and Privacy
Security Development Lifecycle
Top 100+ Cybersecurity Blogs
Virus Bulletin AV Product RAP (Reactive and Proactive) Report
VirusTotal File and Website Scanner


Conferences

Black Hat
DEF CON


Companies

Accuvant - Accuvant is a leading provider of information security services and solutions serving enterprise-class organizations across North America. The company offers a full suite of service capabilities to help businesses, governments and educational institutions define their security strategies, identify and remediate threats and risks, select and deploy the right technology and achieve operational readiness to protect their organizations from malicious attack.

CheckPoint - Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs.

CloudFlare - CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources.

Coalfire - fast-growing IT Governance, Risk and Compliance (IT GRC) firm, serving as a trusted advisor and IT GRC tools-provider to security-conscious leaders in Retail, Financial Services, Healthcare, Hospitality, Higher Education, Government and Utilities.

Crowdstrike - global provider of security technologies and services focused on identifying advanced threats and targeted attacks.

FireEye - provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks that easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways.

FishNet Security - leading provider of information security solutions that combine technology, services, support and training.

FORTINET - worldwide provider of network security appliances and a market leader in unified threat management (UTM).

Guidance Software - software solutions provide the foundation for corporate government and law enforcement organizations to conduct thorough and effective computer investigations of any kind, including intellectual property theft, incident response, compliance auditing and responding to e-discovery requests-all while maintaining the forensic integrity of the data.

KnowBe4 - delivers next-generation security awareness training and testing, security consulting / penetration testing and innovative security software products addressing the needs of business owners, IT, HR, and end-users.

Logrhythm - LogRhythm is the largest and fastest growing independent security intelligence company in the world. The company’s patented and award-winning Security Intelligence Platform, unifying SIEM, log management, file integrity monitoring, network forensics and host forensics, empowers organizations around the globe to detect and respond to breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before. LogRhythm also provides unparalleled compliance automation and assurance as well as IT predictive intelligence to Global 2000 organizations, government agencies and mid-sized businesses worldwide.

Mandiant - security incident response management.

Palo Also Networks - security platform natively brings together all key network security functions, including advanced threat protection, firewall, IDS/IPS, and URL filtering.

Parameter Security - ethical hacking firm.

Renesys - internet intelligence for performance management, competitive analysis and network situational awareness.

Threat Track Security - specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber-defenses deployed by enterprises, small and medium-sized businesses (SMBs) and consumers around the world.

Trustwave - Trustwave helps businesses fight cybercrime, protect data and reduce security risk. We give organizations-ranging from Fortune 500 enterprises to small- and medium-sized businesses-the services and technologies they need to transform the way they plan, prepare, integrate and manage their information security and compliance programs.

VUPEN Security - defensive and offensive cyber security intelligence and advanced vulnerability research.



Contact Us

info@cybersecdaily.com