Weekly Rewind – Top Industry News, Infosec Schools, 20 CSCs, Cybersec Awareness, & More

Icon of Rewind ButtonHere’s another edition of the Weekly Rewind, where we post out a quick summary of industry articles you seemed to like as well as our stories from the past week. If you missed anything or happened to be offline, we hope you find this post useful as a reference.

Industry Articles

Steve Jobs: How to Live before You Die: [@grecs: Nuff said…] (watch here)

Computer Virus Hits U.S. Drone Fleet: A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system. (continued here)

Monster Spam Campaigns Lead to Cyberheists: Phishers and cyber thieves have been casting an unusually wide net lately, blasting out huge volumes of fraudulent email designed to spread password-stealing banking Trojans. Judging from the number of victims who reported costly cyber heists in the past two weeks, many small to medium sized organizations took the bait. Security firm Symantec says it detected an unprecedented jump in spam blasts containing “polymorphic malware,” — malicious software that constantly changes its appearance to evade security software. One of the most tried-and-true lures used in these attacks is an email crafted to look like it was sent by NACHA, a not-for-profit group that develops operating rules for organizations that handle electronic payments, from payroll direct deposits to online bill pay services. (continued here)

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More: I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev’s findings deep inside HTC’s latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others. These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison. Without further ado, let me break things down. (continued here)

Does CISSP trump an MS in Cybersecurity from UMUC?: [@grecs: Not really an article per se but there are some interesting responses here.] (continued here)

Our Blog Posts

Where You Want to Be This Week for 2011-10-03: Where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night. If you would like your event listed in our Calendar and in this post, contact us or mention it to @grecs on Twitter. A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop. Anyway, here are your meetups for this week. (continued here)

Balancing the 20 Critical Security Controls: Ben “@falconsview” Tomhave put out a nice post yesterday regarding the SANS 20 Critical Security Controls (CSC). In it he stressed how the they are 1) not actually controls, 2) not scalable, and 3) only designed to sell a product. I don’t know enough to comment on point 1. Point 2 seems right on target. And I somewhat agree with point 3. Regardless, having such a starting list is good in that it provides a pick list of the “basics” we should be doing as mentioned by Ben in point 2. Unfortunately, strictly adhering to the 20 CSCs might end up prescribing costly unnecessary controls while missing critical ones. Pictorially, I am reminded of the security vs. compliance graphic I put out a while ago. What you apply and don’t apply should be based on a risk assessment of your organization rather than a standard list of controls. (continued here)

Happy National Cybersecurity Awareness Month: Wow, can’t believe it’s been a year already… It just seemed like yesterday we were basking in the improved cybersecurity awareness of those around us. Unfortunately, people seemed to fall back into their old routines rather quickly and we had one of the worst years on record. There was the almost daily barrage of breach announcements with umpteen billions of pieces of personal and/or financial information lost. (continued here)

Top 3 NoVA Infosec Blog Posts of the Week: This week we lost one of the greatest visionaries that our generation will ever see, Rest in Peace Steve Job….Technological innovation will never be the same!! It’s that time of the week again: the time where we take a look at what local security bloggers have been up to. You can take a look at what local security bloggers have been up to but if you can’t get enough of the local security scene, check out our NovaInfosec Twits listfor even more great security blogs and people to follow on Twitter. (continued here)

Top Infosec Schools in the Metro DC Area: How do you get started in an information security career? This is a question we get asked a lot. There are several ways … but if you’re looking to take a more formal approach, attending a school accredited as a National Center of Academic Excellence (CAE) is a great place to start. Run by the NSA and DHS this program evaluates educational institutions and designates them as either Information Assurance Education (IAE) or Research (R) schools. The goal, as stated on the program’s page, is “promoting higher education and research in IA and producing a growing number of professionals with IA expertise in various disciplines.” (continued here)

3 comments for “Weekly Rewind – Top Industry News, Infosec Schools, 20 CSCs, Cybersec Awareness, & More

  1. October 8, 2011 at 5:55 pm

    #NOVABLOGGER: Weekly Rewind – Top Industry News, Infosec Schools, 20 CSCs, Cybersec Awarene… http://t.co/iE3VVqze http://t.co/Inu1SfcI

  2. October 8, 2011 at 8:38 pm

    Weekly Rewind – Top Industry News, Infosec Schools, 20 CSCs, Cybersec Awareness, & More http://t.co/ZDjTIRPO #novablogger

Leave a Reply

Your email address will not be published. Required fields are marked *