- 17-Year-Old Hacks the Air Force for the Biggest Bug Bounty -
Foreign and domestic hackers probed hundreds of security holes in
critical Air Force networks for weeks in late spring, and the
Pentagon knew all about it. But instead of getting punished, the
hackers got paid.
44% of sampled websites fail password protection assessment - An
analysis of 48 popular websites determined that 46 percent of
consumer services sites and 36 percent of enterprise or business
services sites had "dangerously lax" password policies that failed
to enforce even some of the most basic security requirements.
Despite concerns over cyber diplomacy, State works to align internal
efforts - With all of the rising concerns about the future of cyber
diplomacy at the State Department, there is new hope that the agency
is finally getting its internal IT security processes aligned to be
Army standardizes IT components, software across 400 units - The
Army has begun an ambitious effort to implement a common set of
software and hardware standards across more than 400 different units
in order to maximize interoperability and combat efficiency, service
State Dept. new Cyber and Technology Security directorate falls
under diplomatic security - After saying it would shutter and fold
the Office of the Coordinator for Cyber Issues into the Bureau of
Economic and Business Affairs, raising concerns that cybersecurity
would be on a backburner, the State Department has confirmed that it
established a Cyber and Technology Security (CTS) directorate last
Russian cybercriminals using VOIP services to bypass fraud
verifications - Flashpoint researchers spotted Russian speaking
cybercriminals using Voice over Internet Protocol (VOIP) services to
bypass phone call transaction verifications.
Get rich or die tryin' Nigerian cybercriminal hits 4,000 companies
worldwide - A lone Nigerian cybercriminal has been on a crime spree
so broad and wide ranging that it puts Bonnie and Clyde's
Depression-era interstate crime wave to shame.
Web application attacks accounted for 73% of all incidents says
report - Web application attacks accounted for 73 percent of all
incidents and pure public cloud installations experienced the fewest
security incidents in recent industry report.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- Ukrainian postal service hit by 48-hour cyber-attack - Ukraine's
national postal service has been hit by a two-day-long cyber-attack
targeting its online system that tracks parcels.
World of Warcraft, Overwatch, Hearthstone and other games hit by
DDoS - Games company Blizzard Entertainment reported on Aug. 13 that
a DDoS attack hit its game servers for World of Warcraft, Overwatch,
Hearthstone and other titles.
Mandiant breach hackers claim to dump FireEye data - The threat
actors who two weeks ago targeted FireEye subsidiary Mandiant,
leaking data stolen from an analyst working for the firm, are now
claiming to have leaked FireEye documents for a second time.
Lazarus Group tied to new phishing campaign targeting defense
industry workers - The suspected North Korean APT collective known
as the Lazarus Group appears to be targeting individuals associated
with U.S. defense contractors, including prospective employees, with
phishing emails that display fake job listings and companies'
Spyware found in more than 1,000 apps in Google Play store - Android
Apps on the Google Play Store have been discovered to harbour
spyware originally created by an Iraqi developer. Surveillance
malware records audio and steals data from users.
Hackers release Curb Your Enthusiasm, other HBO programming - HBO is
refusing to comment on the latest programming dump that included
upcoming episodes of Larry David's Curb Your Enthusiasm, Ballers,
Insecure and The Deuce.
Almost 5,000 The Daniel Drake Center for Post-Acute Care patient
records exposed - The Daniel Drake Center (DDC) for Post-Acute Care,
which is part of the University of California's health system,
reported patient information was accessed and viewed by an
unauthorized employee over a two-year period.
Brute force attack on Scottish Parliament's email system - Yesterday
members of the Scottish Parliament in Holyrood were notified that
hackers were trying to crack their email passwords and they were
advised to update their passwords.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
OCC - Threats from
Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance
for Web Site Spoofing Incidents (Part 1 of 5)
Web-site spoofing is a method of creating fraudulent Web sites that
look similar, if not identical, to an actual site, such as that of a
bank. Customers are typically directed to these spoofed Web sites
through phishing schemes or pharming techniques. Once at the
spoofed Web site, the customers are enticed to enter information
such as their Internet banking username and password, credit card
information, or other information that could enable a criminal to
use the customers' accounts to commit fraud or steal the customers'
identities. Spoofing exposes a bank to strategic, operational, and
reputational risks; jeopardizes the privacy of bank customers; and
exposes banks and their customers to the risk of financial fraud.
PROCEDURES TO ADDRESS SPOOFING
Banks can mitigate the risks of Web-site spoofing by implementing
the identification and response procedures discussed in this
bulletin. A bank also can help minimize the impact of a spoofing
incident by assigning certain bank employees responsibility for
responding to such incidents and training them in the steps
necessary to respond effectively. If a bank's Internet activities
are outsourced, the bank can address spoofing risks by ensuring that
its contracts with its technology service providers stipulate
appropriate procedures for detecting and reporting spoofing
incidents, and that the service provider's process for responding to
such incidents is integrated with the bank's own internal
Banks can improve the effectiveness of their response procedures by
establishing contacts with the Federal Bureau of Investigation (FBI)
and local law enforcement authorities in advance of any spoofing
incident. These contacts should involve the appropriate departments
and officials responsible for investigating computer security
incidents. Effective procedures should also include appropriate
time frames to seek law enforcement involvement, taking note of the
nature and type of information and resources that may be available
to the bank, as well as the ability of law enforcement authorities
to act rapidly to protect the bank and its customers.
Additionally, banks can use customer education programs to mitigate
some of the risks associated with spoofing attacks. Education
efforts can include statement stuffers and Web-site alerts
explaining various Internet-related scams, including the use of
fraudulent e-mails and Web-sites in phishing attacks. In addition,
because the attacks can exploit vulnerabilities in Web browsers
and/or operating systems, banks should consider reminding their
customers of the importance of safe computing practices.
the top of the newsletter
FFIEC IT SECURITY
We continue our series on the FFIEC
interagency Information Security Booklet.
INTRUSION DETECTION AND RESPONSE
INTRUSION RESPONSE (Part 2 of 2)
Successful implementation of any response policy and
procedure requires the assignment of responsibilities and training.
Some organizations formalize the response organization with the
creation of a computer security incident response team (CSIRT). The
CSIRT is typically tasked with performing, coordinating, and
supporting responses to security incidents. Due to the wide range of
non-technical issues that are posed by an intrusion, typical CSIRT
membership includes individuals with a wide range of backgrounds and
expertise, from many different areas within the institution. Those
areas include management, legal, public relations, as well as
information technology. Other organizations may outsource some of
the CSIRT functions, such as forensic examinations. When CSIRT
functions are outsourced, institutions should ensure that their
institution's policies are followed by the service provider and
confidentiality of data and systems are maintained.
Institutions can assess best the adequacy of their preparations
While containment strategies between institutions can vary, they
typically contain the following broad elements:
! Isolation of compromised systems, or enhanced monitoring of
! Search for additional compromised systems;
! Collection and preservation of evidence; and
! Communication with effected parties, the primary regulator, and
Restoration strategies should address the following:
! Elimination of an intruder's means of access;
! Restoration of systems, programs and data to known good state;
! Filing of a Suspicious Activity Report (Guidelines for filing are
included in individual agency guidance); and
! Communication with effected parties.
Return to the top of
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
the series on the National Institute of Standards and Technology
Chapter 12 - COMPUTER
SECURITY INCIDENT HANDLING
12.1 Benefits of an Incident Handling Capability
The primary benefits of an incident handling capability are
containing and repairing damage from incidents, and preventing
future damage. In addition, there are less obvious side benefits
related to establishing an incident handling capability.
12.1.1 Containing and Repairing Damage from Incidents
When left unchecked, malicious software can significantly harm an
organization's computing, depending on the technology and its
connectivity. An incident handling capability provides a way for
users to report incidents and the appropriate response and
assistance to be provided to aid in recovery. Technical capabilities
(e.g., trained personnel and virus identification software) are
prepositioned, ready to be used as necessary. Moreover, the
organization will have already made important contacts with other
supportive sources (e.g., legal, technical, and managerial) to aid
in containment and recovery efforts.
Without an incident handling capability, certain responses --
although well intentioned -- can actually make matters worse. In
some cases, individuals have unknowingly infected anti-virus
software with viruses and then spread them to other systems. When
viruses spread to local area networks (LANs), most or all of the
connected computers can be infected within hours. Moreover,
uncoordinated efforts to rid LANs of viruses can prevent their
Many organizations use large LANs internally and also connect to
public networks, such as the Internet. By doing so, organizations
increase their exposure to threats from intruder activity,
especially if the organization has a high profile (e.g., perhaps it
is involved in a controversial program). An incident handling
capability can provide enormous benefits by responding quickly to
suspicious activity and coordinating incident handling with
responsible offices and individuals, as necessary. Intruder
activity, whether hackers or malicious code, can often affect many
systems located at many different network sites; thus, handling the
incidents can be logistically complex and can require information
from outside the organization. By planning ahead, such contacts can
be preestablished and the speed of response improved, thereby
containing and minimizing damage. Other organizations may have
already dealt with similar situations and may have very useful
guidance to offer in speeding recovery and minimizing damage.
Some organizations suffer repeated outbreaks of viruses because the
viruses are never completely eradicated. For example suppose two
LANs, Personnel and Budget, are connected, and a virus has spread
within each. The administrators of each LAN detect the virus and
decide to eliminate it on their LAN. The Personnel LAN administrator
first eradicates the virus, but since the Budget LAN is not yet
virus-free, the Personnel LAN is reinfected. Somewhat later, the
Budget LAN administrator eradicates the virus. However, the virus
reinfects the Budget LAN from the Personnel LAN. Both administrators
may think all is well, but both are reinfected. An incident handling
capability allows organizations to address recovery and containment
of such incidents in a skilled, coordinated manner.