Search This Blog

Friday, August 10, 2012

Security Management Weekly - August 10, 2012

header

  Learn more! ->   sm professional  

August 10, 2012
 
 
Corporate Security
Sponsored By:
  1. "Engineer Indicted in Workplace Threats" Texas
  2. "Houston Policeman Kills Armed Man Outside Wife's Workplace"
  3. "Ohio Man Goes To Court in Wife's Hospital Shooting"
  4. "Hospital Security Continues to Crumble" Egypt
  5. "Security Officials Predict More Use of Their Services in Wake of Aurora Shootings"

Homeland Security
Sponsored By:
  1. "Right-Wing Extremist Terrorism as Deadly a Threat as al Qaeda?"
  2. "Yemen Airstrikes Part of Broad Strategy to Curb al-Qaeda, Obama Adviser Says"
  3. "Jared Lee Loughner Pleads Guilty to Going on Deadly Shooting Rampage, Killing 6, Wounding 13"
  4. "Source: Wisconsin Temple Gunman Was Army Vet, Possibly a White Supremacist"
  5. "Spain 'al Qaeda Cell' May Have Targeted Gibraltar"

Cyber Security
  1. "Organizations Send Sensitive Data to Cloud, Even If They Don't Trust Security"
  2. "Three of Four New Malware Infections in Q2 Caused by Trojans"
  3. "Microsoft Tool Shows Whether Apps Pose Danger to Windows"
  4. "How to Secure Sensitive Files and Documents"
  5. "BYOD Initiatives Grow, but Security Remains a Challenge" Bring Your Own Device

   

 
 
 

 


Engineer Indicted in Workplace Threats
Amarillo Globe News (08/09/12) Cervantes, Bobby

A Bureau of Land Management engineer who allegedly threatened coworkers at the bureau's office in Amarillo and supposedly maintained a "kill list" was indicted by a Texas grand jury on Aug. 8. Peter Madrid faces charges of felony threats of murder and assault, intimidation, and interference with law enforcement, and could face up to 11 years in prison and $350,000 in fines. Madrid was arrested in July after two of his coworkers told an FBI agent that they had fled their workplace on April 26, frightened by threats Madrid had made a day earlier. Madrid had worked at the office for about a year and coworkers say he claimed to have post-traumatic stress disorder caused by multiple infantry tours in Iraq. According to an affidavit, Madrid had repeatedly threatened his coworkers with violence and many worried he might follow through on his threats.


Houston Policeman Kills Armed Man Outside Wife's Workplace
Houston Chronicle (08/08/12) Glenn, Mike

A Houston police officer fatally shot an armed man who was menacing his estranged wife at her workplace during a confrontation on Tuesday. Officer J. McPhail responded to the scene, an office park in Houston, after the suspect's wife called police to report that her husband, against whom she had filed a restraining order based on a pattern of abuse, was standing outside her office and making threats. The suspect had arrived in a taxi van and retreated to it after McPhail arrived, despite the officer's orders to stop and show his hands. McPhail retrieved a shotgun from his squad car before the suspect emerged from the taxi and attempted to move towards the office building while concealing a handgun behind his back. McPhail fatally shot the suspect after he suddenly raised the hand holding the weapon. While no one in the office building was hurt during the incident, Houston police say that they believe the suspect had fired a shot at the same office earlier on Tuesday.


Ohio Man Goes To Court in Wife's Hospital Shooting
Associated Press (08/07/12) Sheeran, Thomas J.

A Massillon, Ohio, man is being held on a charge of attempted aggravated murder in nearby Akron this week after he allegedly shot his wife in the intensive care unit of an Akron hospital on Saturday. Akron General Medical Center officials say that John Wise apparently concealed the handgun he used to shoot his wife Barbara in what police suspect may have been an attempted mercy killing. Wise surrendered willingly when hospital security arrived in his wife's hospital room after hearing a single shot and prosecutors are waiting for the results of an autopsy on Barbara Wise, who died on Sunday, before they modify the charges against Wise. Due to medical confidentiality it is not yet known why Barbara Wise was in the hospital, but authorities in Massillon reported that emergency personnel were called to the Wise's residence on July 28 and treated someone there, presumably Barbara Wise, with oxygen and heart monitoring. Akron police Capt. Dan Zampelli confirmed that Barbara Wise had been in intensive care at Akron General for several days prior to the shooting. The Wises had been married for 45 years and were by all appearances a happy couple.


Hospital Security Continues to Crumble
Daily News Egypt (08/05/12) Molloy, Connor

Doctors and administrators at Egyptian hospitals are demanding something be done to improve security as an epidemic of attacks, assaults, and fights at hospitals are forcing many to close. El-Mounira General Hospital in Cairo experienced such an attack Aug. 3, when a group of men forced their way into the emergency room and assaulted the director and head nurse and smashed hospital property, leading the hospital to close its emergency room for a day and a half. Meanwhile, Dr. Rafa Fauzi has refused to return to his work in the surgical emergency room of the El-Demerdash Hospital after a fight closed that facility last Thursday. "We won't go back until they get proper security," said Fauzi. This sentiment is echoed by the Egyptian Medical Syndicate, which has demanded that the Interior Ministry provide additional security, especially to emergency rooms, which are more vulnerable to violence. The syndicate's board has even contemplated taking action itself by arming doctors. The issue seems to be that there is not enough police or military security to go around.


Security Officials Predict More Use of Their Services in Wake of Aurora Shootings
Denver Business Journal (07/27/12) Huspeni, Dennis

The recent shooting at a movie theater in Aurora, Colo., has left some businesses questioning their own security needs. Thus far, security companies have not seen a significant increase in their client base, though industry experts say they are aware of many organizations examining their security plans. Meanwhile, some security companies are taking a proactive approach to helping other companies boost their security. For example, Universal Protection Services, a division of Universal Services of America, contacted its clients following the July 20 shooting and offered them information on how to deal with an active shooter scenario. Representatives for other companies in the Aurora area, including Advantage Security Inc. and Securitas Security Services USA Inc., say that some local malls and other area businesses did step up security immediately following the shooting, but they say that security will gradually return to normal levels. However, even as the region struggles to return to some semblance of "normal" operations, the impact of the shooting will linger in people's minds. As Aaron Graham, a branch manager for Securitas in the Denver area, points out "Unfortunately when a situation like this happens, people see security's real value."




Right-Wing Extremist Terrorism as Deadly a Threat as al Qaeda?
CNN.com (08/08/12) Bergen, Peter; Rowland, Jennifer

Right-wing extremists pose just as much, if not more, of a threat to the U.S. than do Islamic terrorists, writes New America Foundation Director Peter Bergen and program associate Jennifer Rowland. Bergen and Rowland pointed to data from their think tank that show that militants with ties to al-Qaida or those who were inspired by jihadist theology have carried four terrorist attacks in the U.S. since September 11, 2001. Those attacks resulted in 17 deaths, 13 of which took place during the 2009 Fort Hood shooting. By comparison, right-wing extremists committed at least eight terrorist attacks in the U.S. since September 11, 2001, killing nine people. The death toll from those attacks could rise if the Aug. 5 shooting at the Wisconsin Sikh temple is deemed to be an act of right-wing terrorism. Bergen and Rowland noted that the right-wing extremists that represent the biggest security threat in the eyes of law enforcement are the members of the Sovereign Citizens movement, who maintain that they are not obliged to follow U.S. law and do not have to pay taxes. According to the FBI, members of the Sovereign Citizens movement have killed six law enforcement officers in lone-wolf attacks since 2000. Finally, Bergen and Rowland pointed out that right-wing extremists, as well as their left-wing counterparts, have been more successful than al-Qaida or its affiliates at acquiring dirty weapons.


Yemen Airstrikes Part of Broad Strategy to Curb al-Qaeda, Obama Adviser Says
Washington Post (08/08/12) DeYoung, Karen

Speaking at the Council on Foreign Relations on Aug. 8, White House chief counterterrorism adviser John Brennan said that criticisms of U.S. policy in Yemen focusing on the use of drone air strikes ignores the administration's broader strategy in the impoverished Arab country. American drone activity in Yemen has increased this year and primarily targets militants affiliated with al-Qaida in the Arabian Peninsula. However, many foreign policy experts have criticized this approach to the threat of AQAP in Yemen, characterizing it as unsustainable. Brennan, however, stated that focusing on drone strikes ignores the broader $337 million aid package provided to Yemen this year, $178 million of which is earmarked for political transition, humanitarian assistance, and development. This will be important in winning over the populations of towns like Jaar, Lawdar, and Zinjibar that were at one point controlled by AQAP fighters, who dug wells and provided electricity and phone service while they were in control, a senior Yemeni official said. The official also said that government forces, which recently retook the towns from AQAP, will also have to work to develop the area if they want to win the hearts and minds of the Yemeni people.


Jared Lee Loughner Pleads Guilty to Going on Deadly Shooting Rampage, Killing 6, Wounding 13
Associated Press (08/07/12)

Jared Lee Loughner on Tuesday pleaded guilty to the January 8, 2011, shooting rampage in Tucson, Ariz., in which he killed six and wounded 13, including then-Rep. Gabrielle Giffords. The plea came after a year of intensive psychiatric treatment, including forced medication, aimed at making Loughner competent enough to understand the charges against him. Government psychiatrists have determined that Loughner suffers from schizophrenia and the year's treatment had a marked effect on the young man. "He's a different person in his appearance and his affect than the first time I laid eyes on him," said Judge Larry A. Burns, before accepting Loughner's plea. The plea means that Loughner will avoid the death penalty, and instead likely face life in prison and compulsory psychiatric treatment to control his schizophrenia. Victims and their families, including former Rep. Giffords, expressed relief at the verdict and hope that they could now begin the process of healing. "I truly believe that justice was done today. It is important to me that this individual never again is in a position in which he can cause harm to anyone else," said Ron Barber, a former Giffords staffer who was wounded in the attack.


Source: Wisconsin Temple Gunman Was Army Vet, Possibly a White Supremacist
CNN.com (08/06/12)

Six people were killed and three others were injured in a shooting at a Sikh temple in the Milwaukee suburb of Oak Creek, Wis., on Sunday. The shooting began at about 10:30 Sunday morning, when the assailant arrived at the temple's parking lot and opened fire using a 9mm semiautomatic pistol. At least one person was killed in the parking lot before the gunman moved into the temple itself, where congregants had gathered to prepare for the main Sunday service and the community lunch. When the gunman continued firing inside the temple, some of those who were inside ran outside to escape, while others hid in the basement or the pantry. As police began responding to the scene, the gunman opened fire on one of the officers, wounding him. However, a second officer returned fire and killed the gunman. A subsequent search of the scene was performed to determine if there was another assailant. None was found. Police believe that the gunman was an Army veteran who might have been a white supremacist.


Spain 'al Qaeda Cell' May Have Targeted Gibraltar
CNN (08/05/12) Cruickshank, Paul

Spanish police have arrested three al-Qaida-linked suspects believed to have been plotting a large-scale air attack on a Gibraltar shopping mall. Officials speculate that the goal of the attack was to successfully target a British territory during the Olympic games. Other possible targets of the attack were a joint U.S.-Spanish naval base in Rota, Spain, or other European locations. A paragliding instructor told police that Cengiz Yalcin, a Turkish citizen believed to be the facilitator of the group, wanted to take pictures of the mall "at all costs." Authorities also found paragliding machines and explosives in his home as well as videos and photos that could have been used to plan the attack. The other two men arrested are Chechen-Russians-- Ahmad Avar and Muhammad Adamov--who police believed would have actually carried out the attack. Security experts say the cell, which is believed to have been led by Avar, is the most sophisticated group of terrorists discovered in Europe in some time. Avar is a former member of Russian special forces and received training at camps in Afghanistan and Pakistan. Adamov also received explosives training in Afghanistan.




Organizations Send Sensitive Data to Cloud, Even If They Don't Trust Security
Government Computer News (08/08/12) Yasin, Rutrell

Even as organizations continue to move sensitive data to the cloud, many remain dubious of the security offered by cloud service providers, according to a Ponemon Institute study. The study polled more than 4,000 business and IT managers from seven countries, working for organizations in both the public and private sector, about their organizations' use of data encryption and cloud storage. Thirty-nine percent of respondents believed moving data to the cloud had decreased their organization's security posture, while 44 percent believed there was no increase or decrease in security associated with cloud services. Of those respondents currently using cloud services, about half said they applied persistent encryption to their data before transferring it to the cloud, while the other half relied on encryption provided by their cloud vendor. However, more than half of respondents said their vendors managed the encryption keys for their data, even if encryption was being managed by the organization. "This clearly demonstrates that for many organizations the economic benefits of using the cloud outweigh the security concerns," says Ponemon Institute chairman Larry Ponemon.


Three of Four New Malware Infections in Q2 Caused by Trojans
TechJournal (08/07/12)

More than 6 million new malware samples were created between April and June 2012 alone, a similar figure to the prior three months, according to PandaLabs' Q2 quarterly report. Trojans continued to account for the bulk of new threats created this quarter, followed by worms and viruses. Curiously, viruses continued to decline, dropping from second place in the 2011 Annual Report to third place this quarter. In regard to number of infections caused by each malware category, Trojans once again topped the list, accounting for more infections in the first quarter—76.18 percent, compared to 66.30 percent in the second quarter. The report noted that the figures corroborate existing research showing that massive worm epidemics are now a thing of the past, and have been replaced by banking Trojans and other viruses as the top threats. The average number of infected PCs worldwide stands at 31.63 percent, dropping nearly 4 percentage points from the first quarter. Asian countries take the top three spots of most infections per country, led by South Korea, China, and Taiwan, while nine of the 10 least infected nations are in Europe, with the tenth country being Uruguay. The countries with the fewest infected PCs are Switzerland and Sweden.


Microsoft Tool Shows Whether Apps Pose Danger to Windows
IDG News Service (08/03/12) Constantin, Lucian

Microsoft has released version 1.0 of a free tool that can help system administrators, IT security experts, and software developers understand how newly installed applications can impact the security of a Windows operating system. The tool scans for categories of known security flaws that can be introduced by the files, registry keys, services, Microsoft ActiveX controls, and other parameters created or changed by new applications. It also can identify executable files, directories, registry keys, or processes with weak access control lists, as well as flag processes that do not denote memory regions as non-executable, which could lead to the bypassing of the Data Execution Prevention Windows security feature. The tool also identifies services with rapid restart times that could be compromised to bypass address space layout randomization, along with changes to the Windows Firewall rules or Internet Explorer security policies. The already is being used by Microsoft's internal product groups and a public beta version has been made available for downloading. The Microsoft Security Development Lifecycle team notes improvements to version 1.0 include a reduced number of false positives and better graphic user interface performance.


How to Secure Sensitive Files and Documents
CIO (08/03/12) Olvasrud, Thor

Ponemon Institute's 2012 Confidential Documents at Risk Study, a survey of 622 IT and security professionals who have an average of at least 11 years of experience, found that end users are engaging in a number of practices that are endangering the security of their employers' information. The study found that 68 percent of respondents believe employees frequently or very frequently attach and send unencrypted confidential documents from their work computers using personal Web email accounts. In addition, 65 percent of the participatingIT and security practitioners said employees often download, temporarily store, and transfer unencrypted confidential documents from their work computers to USB drives. Large majorities of the surveyed IT and security professionals said both of these practices have led to the loss or theft of confidential documents, though employees are usually engaging in them simply to be more productive. Ponemon said while security measures are necessary to combat the risk posed by such insecure practices, any measures that are put in place should not make it more difficult for workers to be productive. The organization recommended a number of steps that would strike such a balance, including preventing documents from being accidentally or maliciously forwarded to other individuals, making it possible for employees to access documents on devices equipped with technology that displays documents on any screen, and prohibiting third parties from sending documents to other third parties.


BYOD Initiatives Grow, but Security Remains a Challenge
eWeek (08/03/12) Eddy, Nathan

IT departments are still trying to determine how to secure the various smartphones and tablets used by employees to connect to the corporate network as the bring your own device (BYOD) trend gains momentum, according to OnForce's Q3 Confidence Index. Of the more than 500 technology service professionals who responded to OnForce's survey, more than 50 percent who do BYOD work reported at least a 25 percent uptick in the number of requests for personal mobile device configuration and/or setup at businesses in the past six months. But only 31 percent of those polled have seen an increase in requests for mobile device security over the same time period, suggesting businesses are exposing themselves to data breaches. The survey also found the number of various devices workers are using in the office is increasing. Two out of three specialists surveyed said they have seen an increase in diversity in the devices they work with in the past six months, and 58 percent reported an increase in the number of devices they typically connect in the past year. OnForce CEO Peter Cannone says it is "costly and ineffective" for organizations to maintain a full-time staff of technicians to handle on-site IT service requests for every kind of technology, and he notes businesses must take a more dynamic approach to IT security that lets them adapt quickly to requests without having to maintain a staff of technicians with the skills to address every possible technology.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: