CyberheistNews Vol 1, #17
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Scam Of The Week: ATM Eats Card
Cybercriminals have a new trick. They trap debit and credit cards in
ATMs so they can retrieve them later. It's a move that was caused by
better security measures designed to prevent skimming. There are
several ways to trap a card in an ATM. One trick is to put a device
on the machine that uses either tape, wire or thread in order to
hold a card in. Criminals can then retrieve your card when you walk
away. The PIN can be gotten either by literally looking over your
shoulder or by putting an overlay device on the keypad that can record
your PIN.
So, what to do? Ideally, only grab cash from the ATM at your local
bank. When the ATM eats the card, stay with the ATM and call the
bank on your cell phone. If you are traveling and an ATM in an airport
eats your card, call the credit card company and get them to kill
that card right there and then. Put the 800-number of your credit
card company in your cell phone NOW. Tell your friends.
How Big Is Your Email Attack Surface?
How many of the email addresses of your organization are floating
out there on the Net? Easy to find by hackers, and used for phishing
attacks? Find out now, for free:
http://www.knowbe4.com/eec/
Quotes of the Week
"Far more thought and care go into the composition of any prominent
ad in a newspaper or magazine than go into the writing of their
features and editorials." - Marshall McLuhan
"If you would not be forgotten as soon as you are dead, either write
something worth reading or do things worth writing." - Benjamin Franklin
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Training: A Powerful Breach Preventer
The Department of Defense, perhaps in reaction to the recent TRICARE
military health program breach, has issued, in conjunction with two
other agencies, a proposed rule that spells out requirements for
contractors' employees to receive training on privacy protections.
And it's time for all healthcare organizations to follow DoD's lead
and check on the privacy training their business associates offer.
A lack of training seems to be one of the causes of many healthcare
information breaches involving business associates. In the TRICARE
incident, unencrypted computer backup tapes containing information
on 4.9 million beneficiaries were stolen from the car of an employee
of a contractor, Science Applications International Corp. Perhaps
a refresher course on HIPAA compliance could have helped avert the
mistake. Here is the story on the Healthcare Infosecurity blog:
http://www.healthcareinfosecurity.com/
Who Else Was Hit by the RSA Attackers?
The data breach disclosed in March by security firm RSA received worldwide
attention because it highlighted the challenges that organizations face in
detecting and blocking intrusions from targeted cyber attacks. What's more, the
subtext of the intrusion was that if this could happen to one of the largest
security firms, what hope was there for organizations that aren't focused on
security?
Security experts have said that RSA wasn't the only corporation victimized in
the attack, and that dozens of other multinational companies were infiltrated
using many of the same tools and Internet infrastructure. But so far, no one has
been willing to say publicly which additional companies may have been hit.
Today's post features a never-before-published list of those victim
organizations. The information suggests that more than 760 other organizations
had networks that were compromised with some of the same resources used to hit
RSA. Almost 20 percent of the current Fortune 100 companies are on this list.
And all this because employees clicked on a phishing link and opened an
infected excel spreadheet. More at the Brian Krebs Blog:
http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/
Stupid Hacker Tricks: Exploits Gone Bad
Taunting tweets, provocative pics, iPad-spam chats -- stupid slip-ups lead
to high-profile hacker arrests. Fun article to read:
http://www.computerworld.com/s/article/9221127/Stupid_hacker_tricks_Exploits_gone_bad?
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
People Are Awesome 2011 - A compilation of awesome people doing incredible
things:
http://www.flixxy.com/people-are-awesome-2011.htm
Tel-Aviv University demonstrates "quantum levitation" - superconductors
locked in a magnetic field:
http://www.wservernews.com/go/1319190565687
Watch and listen to "Life of Flowers" and see if it doesn't makes you smile:
http://www.flixxy.com/penguin-heist.htm
One US Aircraft Carrier Has A More Powerful Air Force Than 70% Of All Countries:
powerful-air-force-than-70-of-all-countries-video/">http://www.dump.com/2011/04/16/one-us-aircraft-carrier-has-a-more-
powerful-air-force-than-70-of-all-countries-video/