Cyber Security: ICS-CERT Vulnerability Summary for Week of October 22

Click the link below to view the summary of cyber security vulnerabilities for the week of October 22 as collected and reported by ICS-CERT.

http://www.us-cert.gov/cas/bulletins/SB12-303.html

Cyber Security: How secure is your digital life?

You may be sharing more personal information online than you think you are. Read this article for tips on how to better protect yourself online and avoid identity theft or remote data wipes.

http://www.pcworld.com/article/2010300/just-how-hackable-is-your-digital-life.html

Cyber Security: The hacker ate my homework - 100 colleges hacked

Education websites all over the world are being hacked. View the list of affected universities and read the note written by the leader of the hacking group responsible, TeamGhostShell.

100 Education hacked, thousands of accounts leaked by @TeamGhostShell

Cyber Security: Virgin Mobile customers in danger of being hacked

Virgin Mobile's password policy requires users to select a 6-digit numerical password. Read about the major security concerns and how it would only take hackers 1 million guesses to take over your cellular account.

http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/

Cyber Security: What You Don't Know Can Hurt You

The number of mobile malware instances has increased from 14,000 to 40,000 in less than a year, mostly due to lack of cyber security awareness among consumers.

Infosecurity - Mobile malware up 185% amid a lack of consumer awareness

Cyber Security: Historic DDoS attacks against U.S. banks continue

PNC, out of Pittsburgh, joins Wells Fargo, J.P. Morgan Chase & Co. and Bank of America on a list of banks taken offline reportedly by a group who claimed responsibilities for the attacks as retaliation for the portrayal of Muslims in “Innocence of Muslims,” a series of movie trailers uploaded to YouTube.

http://threatpost.com/en_us/blogs/historic-ddos-attacks-against-major-us-banks-continue-092712

Attend the free webinar on “Cyber Security: A Catalyst for Modernization”

Attend the free webinar on “Cyber Security: A Catalyst for Modernization”

Learn from our experts on what the impact and role Cyber Security is playing within a plant’s operational processes and business requirements.

Date: October 24, 2012, at 10 AM Eastern or 5 PM Pacific

Register Here

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 1

Click the link below to view the summary of cyber security vulnerabilities for the week of October 1 as collected and reported by ICS-CERT.

http://www.us-cert.gov/cas/bulletins/SB12-282.html

Cyber Security: September 2012 ICS-CERT Monthly Monitor

View ICS-CERT's September 2012 newsletter, with a feature article on the Shamoon virus.

http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Sep2012.pdf

Cyber Security: FERC Opens Cyber Security Office

A new FERC office, Office of Energy Infrastructure Security (OEIS), will focus on potential cyber and physical security risks to energy facilities under its jurisdiction.

Cybersecurity malware hackers computer viruses | Homeland Security News Wire

Cyber Security Advisor Newsletter - Sept 2012 vol 12

Greetings,    Our 12^th volume…..   It’s hard to believe that it’s been a year since we launched the 'Cyber Security Advisor'  to help get the message out.

We have had lots of inquiries to help our clients with their cyber requirements.    This past month, there has been no shortage of these requests.     This month’s newsletter focuses on some of these recent attacks and provides you some stories about what’s going on out there.     We know that installing firewalls just does not cut it anymore….or did it ever?    We know that comprehensive programs that support strong patching, logging, access controls and network management and monitoring is a must.

Don’t miss this month Consultant's Corner piece by Bill Owen.  He’s offering some perspective on Incident Response.

Click here for this months issue

Cyber Security: Can a password ever be fully secure?

Charles Smith, Invensys Critical Infrastructure & Security Practice consultant, gives tips on how to create strong passwords.

Is your password really secure? As recent news articles have shown, it probably isn’t. Just over the last few months, LinkedIn, Yahoo, Blizzard Games, and others have been hacked and customer passwords stolen. Last year, Sony’s Playstation Network was hacked and not only were passwords captured, but also other personal customer information.

What can be the impact of having your personal information stolen? Many hacker groups are no longer concerned about capturing passwords and instead thrive on personal information. They use this information to perform a "social engineering" attack on people by impersonating someone from a company the victim does business with. They are usually prepared with some information they have already stolen to convince victims that they are legit, and then they will attempt to gather more information such as a credit card number, social security number, or something like a "secret question answer." This allows them to access private accounts and recover or change passwords. They can use this information to wreak havoc on people’s online lives just as if they had originally stolen someone’s password.

What can you do to protect yourself if a vendor does not adequately protect your personal information? There are three things you can do:

1. Use complex, yet easy-to-remember passwords, as Tom Jackson stated in Issue 8 of the Cyber Advisor (May 2012).
2. Do not link your online accounts together. Sites such as Yahoo now allow you to sign in using your Facebook username and password. While it may be tempting to link accounts to reduce the number of passwords to remember, if one account gets hacked, then all of your accounts can get hacked. If you must link accounts, only link non-secure accounts together. For example, you might link two social media accounts as long as they aren’t linked to your email or an account with credit card information (like eBay or Amazon).
3. Use two-factor authentication. Two-factor authentication is where you use "something you know" and "something you have" to log in to your account. If you work for a large company and have VPN access, then you may already be using two-factor authentication if you have a key fob in addition to your network password.

Yahoo now offers the option of having a code sent via text message to your cell phone to access your account. You use this feature by entering your username and password online, and then Yahoo will send a code to your cell phone that must be entered before you can access your account. In this case, even if a hacker has stolen your password, they cannot access your account unless they have physically stolen your cell phone as well. Two-factor authentication isn’t offered by every online service yet, but it is gaining popularity. Click here for more information on two-factor authentication.

If you follow the three key points above, then your information will be much more

secure in today’s online world.

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month and the Department of Homeland Security and National Cyber Security Alliance encourage all computer users to be safe and secure online with tips and weekly themes throughout the month. This year’s weekly themes are:

Week 1: Stop. Think. Connect.

Week 2: Law Enforcement and Cyber Security

Week 3: Industry Efforts in Cyber Security

Week 4: K-Life: Digital Literacy Efforts

For tips on what you can do to stay safe online, visit http://stopthinkconnect.org/tips-and-advice/

http://www.staysafeonline.org

Cyber Security: White House confirms spearphishing intrusion

Hackers with ties to China's government have successfully targeted the White House in a spearphishing attack aimed at one of its internal computer networks, reportedly a military office in charge of the president's communications.

http://news.cnet.com/8301-1009_3-57523621-83/white-house-confirms-spearphishing-intrusion/?part=rss&tag=feed&subj=News-Security&Privacy