Chinese MalWare Attacks Tracked to Individual March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, LuckyCat, mark consulting group, PCI DSS, security
add a comment
According to a report on Foxnews today, TrendMicro has traced a MalWare attack aimed at Tibetan activists in Japan and India to a Chinese graduate of Sichuan University. The LuckyCat campaign has been active for about a year and compromised over 230 computers in 90 separate attacks. You can read the TrendMicro report here. According to TrendMicro: “The Luckycat campaigns targets include the aerospace, military, energy, shipping and engineering industries, as well as Tibetan activists and organizations. Given its technical similarities, Luckycat is believe to be a continuation of ShadowNet, also known as GhostNet, a Chinese cybercrime campaign that has been targeting Tibetan activists as well as the Indian government since 2009, Trend Micro said.”
2012 – Another “Massive” Credit Card Breach March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, data breach, fraud, InfoSec, mastercard, PCI DSS, security, visa
add a comment
According to Krebsonsecurity, the payment card industry has been wracked by yet another massive data breach. The story says that Visa and MasterCard are alerting companies to a US processor that was breached. This, according to reports, is a breach of Track1 and Track2 data. For those unfamiliar with credit cards, track1 and track 2 data is what is known as “magnetic stripe data” and is used to counterfeit cards as it contains the sensitive authentication data necessary for retail (card present) transactions. This is the most dangerous and valuable data to criminals.
As stated on the site: “In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012.”
Risk 101 and my new $500 Million Fortune- Goodbye Work! March 29, 2012
Posted by Chris Mark in Risk & Risk Management.Tags: Chris Mark, jackpot, lottery, mega millions, risk, risk management, security
add a comment
I have written a number of posts on risk and probability in the past. You can read them here. As I was on the phone with a good friend last night talking about buying our Mega Millions lottery tickets for the very first time, I was struck by how amusing the whole situation was. My wife and I were talking with our friends about a strategy to buy lottery tickets. I was talking about buying lottery tickets for the very first time! First, they don’t sell MegaMillions in Utah, and I have never played the lottery. Why? I recognize that the chances of winning are infinitesimally small. (~1 in 176 million) So what changed last night?
The MegaMillions lottery approached $500 million for the jackpot! Can you believe it? I am going to be $500 million richer in the next few days! I just feel it. I have the winning numbers! Odds be damned! Goodbye GlobalRiskInfo.com and hello life of luxury on my new super yacht Risky Business! (I even have it picked out and named) (more…)
BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: bitdefender, Chris Mark, cybersecurity, mark consulting group, PCI DSS, security, slutwalk
add a comment
A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security. Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized. According to the article:
“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.” (more…)
Risk 102: “Security Ain’t Safefy”; Putting Risk In Context March 26, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: airline safety, Chris Mark, cybersecurity, mark consulting group, risk, risk management, safety, security
add a comment
In reading through the volumes of blogs, and Linkedin comments on security and risk management a common theme appeared. When talking about risk management at it applies to security there appears to be a temptation to use the same models and methodologies as those used in safety risk management. Make no mistake, safety risk management is critical and both aspects may overlap from time to time. Whether analyzing auto accident risks, designing industrial equipment or other aspect, it is important to understand and analyze the risk of the activity. The difference lies in the catalyst for the events in question. (more…)
Global Security, Privacy, & Risk Management 