Friday, February 22, 2013

Security Management Weekly - February 22, 2013

header

  Learn more! ->   sm professional  

February 22, 2013
 
 
Corporate Security
  1. "Police Search for SUV Involved in Vegas Shooting, Crash That Left 3 Dead"
  2. "U.S. Ups Ante for Spying on Firms"
  3. "'Mole Mastermind' Sought for 'Perfect' Brussels Diamond Heist"
  4. "Brazen Thieves Steal Jewlery From Four Seasons Hotel" New York City
  5. "Loose Lips Sink ...Your Business" Trade Secret Theft

Homeland Security
  1. "Deadly Blasts Put India on High Alert"
  2. "Terror Threat: USA Issues Worldwide Advisory"
  3. "Airspace Breached at Obama Vacation"
  4. "Finger Guns, Toy Guns and Threats: The Fallout of Sandy Hook"
  5. "How U.S. Marine Corps Base Quantico Trains for an Active Shooter"

Cyber Security
  1. "Apple, Facebook Employees Hacked Via Website Malware, Java Vulnerability"
  2. "Adobe Fixes Sandbox Flaw Used in Attacks"
  3. "Twitter Hacks on the Rise; Jeep the Latest Victim"
  4. "Cybercriminals Mounting More Sophisticated, Harder to Spot Attacks"
  5. "Chinese Army Unit is Seen as Tied to Hacking Against U.S."

   

 
 
 

 


Police Search for SUV Involved in Vegas Shooting, Crash That Left 3 Dead
Associated Press (NY) (02/22/13)

Police are currently searching for a Range Rover involved in a shooting on the Las Vegas strip on Thursday that left three dead and six more injured. Clark County Sheriff Doug Gillespie said the shooting began as an argument in the valet area of the Aria hotel-casino. Occupants of the Range Rover allegedly opened fire on a Maserati at a red light on the strip, causing the Maserati to run the light and collide with a taxi that soon after exploded into flames. The driver of the Maserati, the taxi driver, and a passenger in the taxi were killed in the incident. Police sources said there were no traffic cameras at the intersection to help identify the Range Rover, but they said they are currently looking at hotel surveillance footage. "What happened will not be tolerated," Gillespie said, vowing that the shooters would be "found and prosecuted to the full extent of the law." Police have not yet released the identities of the victims, and they do not yet know the motivation for the crime.


U.S. Ups Ante for Spying on Firms
Wall Street Journal (02/21/13) Gorman, Siobhan; Favole, Jared A.

Obama administration officials have unveiled a new strategy for fighting back against corporate espionage and cyber attacks allegedly carried out by China and other countries. The strategy, which was introduced at a White House conference, did not go into great detail about the actions the administration would take against China and other countries in response to state-sponsored cyber attacks but it did hint that there could be tighter trade restrictions on products and services that are developed using stolen trade secrets. In addition, the strategy calls for a tougher diplomatic response to state-sponsored corporate espionage. As part of that response, the State Department will ensure that foreign governments are aware about the Obama administration's commitment to stopping corporate espionage as well as the emphasis the administration places on more effective penalties and enforcement of laws against the theft of trade secrets. Experts say that these and other components of the administration's strategy are necessary for convincing the Chinese to stop engaging in corporate espionage. However, they also say that it may be several years before the administration's strategy bears fruit.


'Mole Mastermind' Sought for 'Perfect' Brussels Diamond Heist
Telegraph.co.uk (02/20/13) Waterfield, Bruno

Law enforcement officials in Belgium say that the theft of $50 million in diamonds from a plane in Brussels on Monday was likely facilitated by a mole who provided necessary information to the thieves. Investigators say the robbers took only two minutes and 50 seconds to carry out the crime during a five-minute window in which the diamond shipment was most vulnerable. Reports indicate the robbers also knew that an access gate was not locked and that construction work would allow them to cut through a perimeter fence. Once inside, the thieves waited eight minutes until the diamonds were being moved from an armored van to the plane. They were then able to open the cargo hatch in just a few seconds, indicating they likely knew beforehand what security they would be facing. Investigators additionally believe that the robbers may have had military training, due to the discipline and precise timing exercised.


Brazen Thieves Steal Jewlery From Four Seasons Hotel
ABC7 News (02/18/13)

Burglars entered the Four Seasons Hotel in New York City's Midtown Manhattan district on Feb. 16 and stole nearly $167,000 worth of jewelry in a smash-and-grab heist, according to police. City police released images of two of the three perpetrators of the crime, who entered the hotel lobby at 2 a.m. that day and smashed the a jewelry display case with a sledge hammer before stealing the case's contents. The store's owner said the thieves secured only a few pieces of jewelry in their heist and even dropped a stolen watch while running away. "We are cooperating fully with the police to aid in their investigation and have given the footage and screen shots from our security cameras to the detectives," the hotel said in a statement. "The safety of our guests and employees are our top priority and our security team is working very closely with the authorities."


Loose Lips Sink ...Your Business
Security Technology Executive (02/13) Rothman, Paul

Trade secret theft is a key security issue that should be a priority for security professionals. In December 2012, Michigan couple Yu Qin (Chin) and Shanshan (Shannon) Du were found guilty of stealing trade secrets on hybrid car technology from General Motors in order to develop such vehicles in China. The defendants now face a maximum sentence of 10 years and a $250,000 fine on each count of trade secret theft. Speaking at a recent ASIS International ASIS educational session, consultant Ray Mislock Jr. recommended that security leaders develop a strategic trade secret theft mitigation plan by first identifying who will own the process and who will lead it in the organization, such as the CSO, general counsel, or CISO. The next step is forming a steering unit comprising representatives from key departments, such as HR, legal, compliance, R&D, audit, security, and engineering. Senior-level oversight should be established by forming a body of senior organizational executives to which the process owner reports on a regular basis about progress and policy changes. Every part of the company has a role in enforcing trade secret theft mitigation policies, so it is crucial to clearly define these roles. It is also vital to create a written policy that at minimum includes an overview of trade secret protection requirements, the definition of a trade secret, why the policy is important, employee responsibilities, visitor management practices, and audit and compliance procedures. Mislock said adherence to the policy should be clearly stated as a condition of employment.




Deadly Blasts Put India on High Alert
Wall Street Journal (02/22/13) Machado, Kenan; Roy, Rajesh

At least 12 people were killed and more than 70 others were injured on Thursday in what Indian officials say was a coordinated terror attack in the city of Hyderabad. According to Indian Home Minister Sushil Kumar Shinde, bombs were placed on bicycles in a crowded market in Hyderabad and were rigged to go off nearly simultaneously. The market that was attacked is located in a neighborhood visited mostly by day laborers and luggage loaders. Despite Shinde's comments about the bombs being placed on bicycles, Hyderabad police say they have not yet determined the cause of the explosions and they have not said who they believe was responsible. The attacks came as the Indian government had intelligence that indicated that some type of bombing was imminent, Shinde said. Shinde did not say whether there was any specific intelligence indicating that the attack was going to take place in Hyderabad, and said that the Indian government only had intelligence that a bombing was going to take place somewhere in the country. In the aftermath of the Hyderabad attack, Indian security forces have been placed on a heightened state of alert to prevent further attacks.


Terror Threat: USA Issues Worldwide Advisory
Samaylive (India) (02/20/13)

The State Department has issued an international travel alert warning of an increased risk of attacks from terrorist groups including al-Qaida, the Taliban, and Pakistan-based Lashkar-e-Taiba. Other groups that could be planning attacks include Harkat-ul-Jihad-i-Islami, Harakat ul-Mujahidin, Indian Mujahideen, and Jaish-e-Mohammed, the State Department says. Recent intelligence indicates that al-Qaida and its affiliates are currently planning attacks against American targets in Europe, Asia, Africa, and the Middle East. Expected tactics in the attacks may include suicide operations, assassinations, kidnappings, hijackings, and bombings with conventional or non-conventional weapons. Although both public and private targets are possible, citizens are asked to be wary at locations such as sporting venues, residential areas, and business offices, particularly during the holidays.


Airspace Breached at Obama Vacation
Wall Street Journal (02/19/13) Pasztor, Andy

U.S. military officials report that fighter jets intercepted three small planes and a helicopter that breached restricted airspace near a golf resort in Palm City, Fla., where President Obama was vacationing on Feb. 16 and Feb. 17. All three aircraft departed the area safely, including a single-engine Cessna that initially failed to respond to Air Force warnings. None of the pilots in the aircraft were identified but two were met by law enforcement officials on landing. No reason was given for the breaches, but it is not uncommon for private aircraft to accidentally intrude into restricted airspace, particularly because that area of Florida is a busy one for small planes. The Federal Aviation Administration (FAA) says it is looking into the incidents, and pilots could face license suspensions if they are found to have intentionally ignored FAA flight restrictions.


Finger Guns, Toy Guns and Threats: The Fallout of Sandy Hook
The Washington Post (02/18/13) St. George, Donna

Schools around the Washington, D.C., area are increasing security measures and tightening disciplinary actions in the wake of the Dec. 14 shooting massacre at Sandy Hook Elementary School in Newtown, Conn. School officials in the region have become increasingly sensitive about about threats, intruders, and guns, and some children have found themselves in detention or placed on suspension for behavior that most consider playful. An 8-year-old boy in Prince William County, Va., was recently suspended for pointing his finger like a gun at another student while allegedly playing "cowboys and Indians." School officials suspended the child for "threatening to harm self or others." Parents worry their children might have their permanent records marred by infractions stemming from simple childhood antics. Judith Browne Dianis, the co-director of the Advancement Project, a civil rights organization that works on the school violence issue nationally, said schools were in the process of increasing disciplinary measures. "Clearly, we're post-Newtown," she said. "We're seeing more school districts rushing to hire more police, and we're seeing a rise in the number of incidents of school discipline that puts common sense to the side." While school officials agree there is increased awareness of potentially violent acts, they maintain good judgement is being exercised when evaluating such acts.


How U.S. Marine Corps Base Quantico Trains for an Active Shooter
Security Management (02/13) Harwood, Matthew

The U.S. Marine Corps Base Quantico spans 59,297 acres that contain 136 miles of paved roads. Nearly 4,000 people live on the base, including roughly 1,000 school age children, but during the workweek the civilian population rises to 25,000. The base's Security Batallion comprises 86 military police and 121 civilian police. "Access control is our biggest concern," says Gunnery Sgt. Brian Ableman. Under the existing arrangement, every time a resident leaves their enclave and base, they must pass through a designated security gate upon reentry. A police officer runs a "wants and needs" check on the driver and everyone else in the vehicle if there is time. Security forces also conduct random and routine ID checks of people getting off the train. Officials discuss the previous day's incidents at morning blotter meetings. Common incidents include people trying to get on base using a suspended license and attempts to bring drugs on base. Police officers must undergo active-shooter training to know how to go "direct to threat" and dispatch the shooter before they can hurt others. Another new program at the base is the Hostile Intent Detection and Evaluation program modeled on the Transportation Security Administration's behavior program. When officers detect threats among people as they approach the gates, they are instructed to call for backup assistance.




Apple, Facebook Employees Hacked Via Website Malware, Java Vulnerability
ZDNet (02/21/13) O'Grady, Jason D.

The malware that reportedly infected the computers of Apple and Facebook employees came from the popular iPhone Dev SDK Web site. The creators of the malware, reportedly an Eastern European gang of hackers looking to steal company secrets, took advantage of a vulnerability in the Java browser plug-in to install the malicious code onto the Mac computers of employees visiting the site. iPhone Dev SDK reset all user passwords upon learning of the attack, and it said no user data was compromised during the breach. Apple also made an announcement earlier this week admitting that computers of some of its employees were hacked, but it too said no data was taken. Apple, meanwhile, has released a new Java version for its operating system, and users will now have to download the latest version of the Java applet plug-in directly from Oracle in order to run Java applets in their Web browsers.


Adobe Fixes Sandbox Flaw Used in Attacks
Dark Reading (02/20/13) Higgins, Kelly Jackson

Adobe released patches for Adobe Reader and Acrobat that fix two critical zero-day bugs that were being actively abused in targeted attacks. The attacks attempted to lure users into clicking on baited PDFs in email messages. The exploit used the two vulnerabilities to bypass Adobe Reader 10's sandbox feature and to skirt Reader XI's Protected Mode sandbox. Adobe became aware of a similar threat in November, when Russian security company Group IB issued a press release saying it had found a zero-day bug in Adobe X that could best Adobe's sandbox feature. But Adobe's Dave Lenoe says his company has yet to see proof the bug exists. Meanwhile, independent researcher Chris Kaspersky brought to Adobe's attention an "anomaly" of code that was not actually part of Adobe's library. Kaspersky provided proof that he could crash Adobe's Reader X sandbox, which Adobe patched a few months ago. But Lenoe says Kaspersky never demonstrated an actual bypass of the sandbox. Lenoe says Adobe's sandbox has worked well overall at preventing exploits, and the company is determined to immediately fix any of its vulnerabilities.


Twitter Hacks on the Rise; Jeep the Latest Victim
SecurityInfoWatch.com (02/20/13) Linkhorn, Tyrel

Twitter account hacking has become a widespread problem for major brands, prompting many companies to improve protections against cyberattacks via social media. In the case of a Twitter attack, the damage to the brand is usually short-lived, so long as the company can get the word out that it has been hacked. Little or no data can be gained by breaking into such an account, although if hackers are able to access that password its likely they might be able to steal others. The latest major brands to be targeted by such attacks are Jeep and McDonald's. Reports indicate that someone began posting tweets on Jeep's official account on Tuesday that were profane and nonsensical. Many of the tweets also referenced competitor Cadillac, which said it had nothing to do with the hack. Chrysler, which owns the Jeep brand, said that it immediately notified Twitter of the beach and was able to regain full control of the account 90 minutes after the tweets started. A similar prank was played on Burger King on Monday, with fake tweets reporting the company had been sold to McDonald's.


Cybercriminals Mounting More Sophisticated, Harder to Spot Attacks
TechJournal (02/19/13)

A new McAfee report identifies three emerging strategies cybercrooks will use this year to steal digital identities, commit financial fraud, and invade users' privacy on mobile phones: Risky apps, black market activity, and near field communication. McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users were found in the Google Play store, and the average consumer has a one in six chance of downloading an infected app. McAfee says the black market is rife with botnet clients, downloaders, rootkits, and other generic software used as part of software toolkits. Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud. The report also predicts that this year more criminals will abuse the tap-and-pay NFC technology used in mobile payment programs. As the mobile environment evolves, criminals will seek ways to generate revenue from features only found on mobile devices. Last year, about 16 percent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages. McAfee researchers expect an increase in threats that will leave users buying premium apps unwittingly and only finding out when their bill arrives.


Chinese Army Unit is Seen as Tied to Hacking Against U.S.
New York Times (02/19/13) Sanger, David E.; Barboza, David ; Perlroth, Nicole

A report from the computer security firm Mandiant links a number of recent cyber attacks on American companies to the Chinese military. Mandiant's report discusses the findings of a six-year investigation into a Chinese hacking group known as the Comment Crew, which gets its name from a method of attack in which it embeds hidden code or comments into Web pages. Mandiant examined the Internet protocol addresses and other digital clues from 141 attacks carried out by the Comment Crew, and found that all of the evidence indicated that the attacks originated in a neighborhood of Shanghai that is home to the headquarters of the Chinese People's Liberation Army Unit 61398--a group that experts say plays an important role in Chinese computer espionage efforts. Mandiant noted that its investigation did not determine that the hackers were working inside Unit 61398's headquarters, but said that there is no other plausible explanation as to why so many cyber attacks originated from one neighborhood in Shanghai. The report did not name the victims of the attack, who generally ask to remain anonymous, though it did say that the hackers were able to steal vital data from companies in more than 20 industries in the U.S. Chinese officials have responded the report by saying that their government does not engage in computer hacking.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

5 comments:

  1. Anonymous11:32 AM

    This released search engine searches the free full-text of over and above 400 online law reviews and law journals, as well as particularize repositories hosting erudite papers and coordinated publications such as Congressional Analyse Professional care reports. Not too of the law reviews and lawful journals (such as the Stanford Technology Law Review), working papers, and reports are at online only.

    http://www.kilkennynews.pl/produkcja,przemyslowa/klapa,dymowa,s,2553/
    http://eldrr.com.pl/?p=2051
    http://iayd.edu.pl/?p=6432
    http://irash.edu.pl/?p=5394
    http://wielkat.pl/firmy/sjs,adwokaci,kancelaria,prawna,krakow,s,6316/

    ReplyDelete
  2. Anonymous12:42 PM

    Tyya's dad won't accept anything tolerable at the depend on - no ice cream, no sweetmeats, no cookies. But when the saleslady puts a assay sticker on Tyya's nose, Daddy is when all is said feigned to secure something good

    http://www.webhunter.pl/?p=1


    http://wingtsunwarszawa.pl/tanie-przygotowanie-potraw
    http://stratford.pl/2012/02/24
    http://reklama.salitech.org/tag/firma
    http://foodandfunlodz.pl/tag/mcdonalds
    http://francja24h.eu/tag/turystyka-2/page/5

    ReplyDelete
  3. Anonymous7:14 PM

    Far-reaching Industrial coupon codes are codes that you can consume to capture discounts upon your shopping at global industrial online or not. Coupon codes released by the company discharge a function as discuss of the company their trusty customers.
    http://instalacjeociepleniatychy.pl/tag/osuszacze/
    http://www.kataloguj.info/tag,perfumy/
    http://full-set.pl/sport/kluby,sportowe,p,173/
    http://katalog.avki.pl/firmy/kurtyny,powietrzne,s,16509/
    http://dachywykonczeniapodlaskie.pl/nauka-jazdy-wroclaw/

    http://straey.pomorze.pl/?p=875
    http://www.kataloguj.info/biznes,i,ekonomia/konto,bankowe,s,417/
    http://www.kataloguj.info/internet,i,komputery/firmy,z,calej,polski,katalog,odi,pl,s,134/
    http://ogrodnikgdynia.com.pl/tag/nagrzewnice-wodne/
    http://dorabianiekluczyszewcszczecin.pl/tag/osuszacze-powietrza/

    ReplyDelete
  4. Anonymous7:27 AM

    Two paramount manufacturers of sulk care for products are pulling a variety of popular brands from the market because they may restrict traces of poultry antibiotics that are not approved in the U.S.

    http://centrum-firm.com/katalog/pokaz/4203
    http://promowanefirmy.pl/category/sport-i-rekreacja-turystyka-rozrywka-sport-biura-turystyczne/cat/274
    http://www.promowanefirmy.pl/katalog/pokaz/1199
    http://www.biznesdlafirm.com/katalog/pokaz/8280
    http://centrum-firm.com/katalog/aksjomat-sc-marek-i-wojciech-paszko-tyndzik

    http://www.biznesdlafirm.com/katalog/checkpoint---piotr-siemaszko
    http://centrum-firm.com/katalog/pensjonat-zacisze
    http://centrum-firm.com/katalog/pokaz/4482
    http://biznesdlafirm.com/katalog/pokaz/3884
    http://promowanefirmy.pl/katalog/pokaz/4027

    ReplyDelete
  5. Anonymous3:03 PM

    They feature in presenting exquisite garments and accessories on the Fashion websites.
    They find the fashion world, Unbihexium is a theoretical superactinide g-block element, atomic
    number 126, with an emphasis onbridging the cultural gap.

    Mr Gurung was born in 1907. The plot thickened when Joey Barton
    went postal in the 55th minute. That wasn't the case for Stella McCartney as actress Jessica Alba, U2 singer Bono and TV star Nicole Richie joined McCartney's father,
    Sir Paul, in the final three months of 2011, according to Dr.


    Also visit my webpage themostcake.co.uk

    ReplyDelete