What you need to know for your personal cyber security life…
Number Fourteen in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the loop.
# # #
Prepare for cyber war, Iran’s supreme leader tells students
- By Haaretz
- Feb. 13, 2014
Iranian Supreme Leader Ayatollah Ali Khamenei has urged the country’s students to prepare for cyber war, the semi-official Mehr News Agency reported on Wednesday.
Khamenei delivered a message to a university students’ association, or his “Revolutionary foster-children,” as he called them, reminding them that they are “cyber-war agents” who must prepare for battle, Mehr reported.
“You are the cyber-war agents and such a war requires Ammar-like insight and Malik Ashtar-like resistance,” he wrote according to Mehr, referring to two Prophet’s companions in early Islamic history. “Get yourselves ready for such war wholeheartedly.”
Also Wednesday, Iran’s Chief of Staff, General Hassan Firouzabadi, said his country is ready for a “decisive battle” with the U.S. and Israel, and dismissed threats against Tehran as “political bluffing.”
# # #
DHS Hires Booz to Finish Cyberattac
k Drill Job
- By Aliya Sternstein
- February 13, 2014
The Homeland Security Department has decided to extend a contract for help on a biennial cyberattack drill with Booz Allen Hamilton.
The roughly $400,000 follow-on runs from Feb. 6 through April 6, according to a Jan. 13 justification for not letting other firms bid on the upcoming work. Booz won a five-year $15 million contract for the project in 2009.
Booz was unable to get the job done on time due to hiccups in the federal billing cycle, DHS said..
“The delays can be entirely attributed to government action, including the government shutdown,” DHS officials said in the justification, which was signed Jan. 13. Homeland Security offices “would like to complete planned deliverables that have projected schedule delays through no fault of the contractor.”
# # #
Hackers break into networks of 3 big medical device makers
- By Thomas Lee
- February 10, 2014
San Francisco — Hackers have penetrated the computer networks of the country’s top medical device makers, The Chronicle has learned.
The attacks struck Medtronic, the world’s largest medical device maker, Boston Scientific and St. Jude Medical sometime during the first half of 2013 and might have lasted as long as several months, according to a source close to the companies.
It’s not clear what exactly the hackers were after, but federal laws meant to safeguard medical information require the companies to disclose any breach involving patient information. The companies have made no such disclosures.
All three companies have extensive operations in the Bay Area. Santa Rosa is home to Medtronic’s endovascular therapies and coronary businesses. St. Jude Medical operates manufacturing plants in Sunnyvale. Boston Scientific has offices in San Jose, Santa Clara and Fremont.
# # #
Regulator: Las Vegas Sands hackers didn’t steal credit cards
- By Brian Krebs
- Krebs on Security
- February 12, 2014
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.
Two of those sources said the malware in question was Citadel — a password-stealing bot program that is a derivative of the ZeuS banking trojan — but that information could not be confirmed. Through a PR firm, Fazio declined to answer direct questions for this story, and Target has declined to comment, citing an active investigation.
In a statement (PDF) issued last week, Fazio said it was “the victim of a sophisticated cyber attack operation,” and further that “our IT system and security measures are in full compliance with industry practices.”
# # #