CyberheistNews Vol 3, # 37

CyberheistNews Vol 3, # 37
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube

CyberheistNews Vol 3, 37

Editor's Corner


Scam Of The Week: "U.S. Starts Bombing Syria

This one is crafty. There is a fake CNN spam being sent with a subject that reads: "The United States began bombing!" in Syria, but clicking on it will likely result in the workstation being infected with malware.

The spam message is allegedly from the real CNN journalist Casey Wian, and some of the emails even have a picture with black smoke over a street scene.

The email has a two-sentence lead, and then there is a link for a "Full Story" that triggers a Trojan downloader and other malware, as per Kaspersky Labs. The bad guys are trying to exploit older versions of Adobe Reader and Java.

Warn your users to not fall for a classic social engineering trick like this. If the U.S. actually -does- start a police action in Syria, there will be many more of these phishing attacks. Here is a link to our blog that shows how the attack looks and it has a link to the original Kaspersky post:

Data Breach? You WILL Be Sued...

It's almost 10 years ago that the first big data breach happened. That was data broker ChoicePoint and 160,000 consumer records were stolen. Dan Kaplan at SC Magazine had a long article about the legal ramifications of a data breach, and one thing caught my eye that you should be aware of.

He quotes a lawyer saying: "I think it's an arguable virtual certainty that you're going to be breached," said Jason Weinstein, a Washington, D.C.-based partner at Steptoe & Johnson law firm, which represents corporate clients, in a recent interview with "And if you're breached; it's an absolute certainty you're going to get sued."

I have been keeping an eye on the bar these last few decades. The first big class action lawsuits were asbestos. Next came tobacco as a major "source of revenue" for lawyers. At the moment, pharmaceutical companies are targeted for literally billions of dollars related to antidepressants but in my humble opinion, the future of major class action money for lawyers are data breaches.

Now, this does get somewhat modified by the size of the breach, what data got lost, and if there are lawyers in the area that understand this type of legal issue. As an example, 500+ records stolen from a healthcare facility likely result in lawsuits because they make the news.

Edmund Normand, a civil trial lawyer based in Florida who currently is involved in about a half-dozen lawsuits filed on behalf of data breach victims, said he's finding that state and federal courts are recognizing the potential fallout that could result from breaches and are calling on organizations to step up their protections.

"Now, more than ever, the damage from these data breaches is astounding and limitless," Normand told "And it may not happen today, but you're at risk to worldwide exploitation over decades." His statement is quite relevant, seeing that stolen data is bought and sold in a flourishing underground economy.

Lawyers at this moment are suing for a variety of issues. Not to say all of the cases will be successful in court, either through settlements or outright wins, but "plaintiff's attorneys are remaining steadfast in their attempt to establish working theories of liability and carve out new ground for legal standing." For instance BYOD and the Mobile Device Management (MDM) vendors seem like an area ripe for fruitful legal action.

What that means for your organization is that complying with various regulations (like PCI) is becoming a very high priority. Not only because of the treat of lawsuits but also the possible regulatory fines. Here is a whitepaper that will help you better understand why having an effective security awareness program can prevent a significant amount of fees and fines:

Quote of the Week

"Frivolous lawsuits are booming in this county. The U.S. has more costs of litigation per person than any other industrialized nation in the world, and it is crippling our economy" - Mark Twain

"Companies should be able to share specific threat information with the government without the prospect of lawsuits hanging over their head." - Leon Panetta

Note: Links are no longer redirected. You can now hover the links and see exactly where they go.

Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog!:

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me:
Facebook LinkedIn Blog Twitter YouTube YouTube

Can Your Domain Be Spoofed? Find Out Now:

91% of successful data breaches began with a “spear-phishing” email, research from security software firm Trend Micro shows. Are -you- vulnerable? Find out now if your email server is configured correctly, many are not!

KnowBe4 offers you a free 'Domain Spoof Test', which shows if outsiders can send you an email coming from someone within your own domain. It's quick, easy and often a shocking discovery. The single thing we do is just send one email from the outside directly to you, but we spoof someone in your own domain.

Can hackers send all your employees an email 'from your CEO'? Find out now:"


How To Secure Your Company Against NSA-Inspired Hacking

Woody Leonhard at InfoWorld wrote: "News that the NSA has effectively negated security on the Internet is bleak -- even dire. It should also leave you and your company concerned that the same techniques might one day be used by other individuals and organizations. If you weren't wearing a tinfoil hat yesterday, you may well consider donning new headgear today.

While it's become increasingly clear the NSA can get its eyes onto anything it likes, there's also a great deal of concern that its dirty tricks may have opened the door for other groups to snoop. The revelations that NSA-derived intelligence was (is!) being leaked to the DEA, for example, certainly can't inspire much confidence that NSA is keeping mum on their "Bullrun Program" secrets, as originally covered in The Guardian and the NY Times." Here are some good anti-snoop hints and tips!:


Hourly Cost of Security Downtime Survey - Win $500 Amazon Cert

KnowBe4 and ITIC’s joint 2013-2014 Hourly Cost of Security Downtime Survey is live! The survey polls organizations on the cost of hourly downtime associated with security outages as well as the biggest security-related challenges and issues in your network environment.

When you complete this survey, you will be able to enter our sweepstakes for a chance to win a $500 Gift Card, and there are more prizes as well. Please tell us what you think! Deadline is 09/20/2013.

The survey should take only about 5 minutes to complete. All responses are confidential. As always, anyone who completes the survey AND leaves an essay comment is eligible to win one of three (3) additional prizes.

First prize for the best essay comment is a $200 Amazon gift certificate; second prize is a $150 Amazon gift certificate and the third prize is a $100 Amazon gift certificate. To be eligible to win the prizes you must leave your Email address along with your comment in the comment box of the last question. [No sales people will call you and we never share your information with anyone].

Once the survey results are tabulated we will post an Executive Summary in the CyberheistNews and on the ITIC Website: Anyone who completes the survey is eligible to receive a complimentary copy of the full Report when it’s published. All you have to do is email Laura DiDio: ldidio at

Here’s the link to the survey: Thanks in advance for your participation!

Please take 5 minutes and do the survey? Highly appreciated!


VIDEO: Kevin Mitnick Details Modern IT Threats

In this 8 minute video, KnowBe4's Chief Hacking Officer talks about website security and what users should do to protect themselves. In the world of computer security hackers, few are as well-known as Kevin Mitnick. His activities in the mid-1990s led to his arrest by the FBI and subsequent imprisonment.

In a video interview with eWEEK, Kevin discusses what his firm does and how he now works to help organizations secure themselves. As a well-known security professional, his website is the target of constant attacks.

"I run a security company, so it's quite embarrassing to have my business website defaced," he said. After being kicked off his former website hosting provider, Kevin today hosts his site with secure cloud hosting vendor Firehost, which he said is doing a good job for him.

Kevin discusses his partnership with KnowBe4, and how phishing and spear-phishing are some of the major weak links in IT security. The video is here - scroll down to the middle of the page:


Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Elon Musk shows off his Iron Man style 3D modeling. Wow, this is hot stuff!

Some German film school students spoofed a Mercedes commercial: A C-class vehicle kills Adolf Hitler as a child. Mercedes obviously has not authorized the video, and it's a YouTube hit:

Carl Sagan shows how the 'Drake Equation' is used to estimate the number of advanced civilizations in our Galaxy. Schtuff for nerdzz:

Let this gorgeous chart from 1944 teach you about electromagnetic radiation:

Everyone knows what the cat, the dog, the pig and the chicken say. But what does the fox say? The second video shows the cry of the Fox - I did not know!

Beautiful close-up high-speed footage from the film 'Wings of Life' by Louie Schwartzberg. Check out the hummingbird doing rolls while chasing a bug!:

You may have seen most of these movies, but you've never seen them quite like this. Cats in famous movie scenes:

The very best pickpocket in the entire world: Apollo Robbins - The Gentleman Thief:

Facebook LinkedIn Blog Twitter YouTube YouTube

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews