All The Latest CyberNews..
Cybersecurity news stories that we found interesting and/or thought-provoking.
CyberNews – Biggest Incidents of 2017
Equifax, one of the three major credit reporting agencies, handles the data of 820 million consumers and more than 91 million businesses worldwide. Between May and July of this year 143 million people in the U.S. may have had their names, Social Security numbers, birth dates, addresses and even driver’s license numbers accessed. In addition, the hack compromised 209,000 people’s credit card numbers and personal dispute details for another 182,000 people. What bad actors could do with that information is daunting.
This data breach is more confusing than others — like when Yahoo or Target were hacked, for example — according to Joel Winston, a former deputy attorney general for New Jersey , whose current law practice focuses on consumer rights litigation, information privacy, and data protection law.
While other companies have scrambled to retain loyalty after consumer data has been compromised, the Equifax breach is different, says Winston, because we — the consumers — are not its customers.
“We are the product,” he says. “Us and our data is what Equifax is selling to other people and companies, and they are scrambling to keep their customers, without much regard for actual consumers.”
And while other breaches may have exposed credit card numbers or Social Security numbers, the information Equifax has — on almost all of us — is much more extensive, which makes us all feel very vulnerable.
CyberNews – August 2017
Individuals at Risk
Google Patches 10 Critical Bugs in August Android Security Bulletin: Google patched 10 critical remote code execution bugs in its August Android Security Bulletin issued Monday. ThreatPost, August 8, 2017
Mozilla Fixes 29 Vulnerabilities in Firefox, Makes Flash Click-To-Activate: Mozilla fixed three critical vulnerabilities when it released Firefox 55 on Tuesday, including bugs that could have triggered a crash of the browser and allowed for the execution of arbitrary code. ThreatPost, August 9, 2017
Critical Security Fixes from Adobe, Microsoft: Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. KrebsOnSecurity, August 8, 2017
Five Cybersecurity Tips for Your Summer Vacation: Whether you’re hitting the same old beach town or taking a cycling tour of Provence, follow these Top Five steps to stay cyber secure while soaking up the sun. ITSP Magazine
Information Security Management in the Organization
Information Security Management and Governance
Culture Change Metaphor: Teach everyone to avoid a hot stove and you have no-cost burn care: It’s ironic: when global threats are in the news every day, their ubiquity makes them easy to ignore.” Robert Braun, co-chair of the Cybersecurity and Privacy Law Group, Jeffer Mangels Butler & Mitchell and SecureTheVillage Leadership Council. Cyber Security Lawyer Forum, August 3, 2017
New analysis shows cyber-breach has large impact on stock price: When it comes to thinking about cyber-attacks, many of the folks running businesses are relying on a heavy combination of faith (“it won’t happen to us”), reliance on cyber-insurance (“any losses will be covered”), and the unfounded belief that the long-term consequences won’t be that bad (“if it does happen, we’ll be back in business in no time”). ITSP Magazine, August 7, 2017
Data Breach Cost Calculator – IBM Security & Ponemon Institute: Companies face the constant, rising threat of data breaches each year. However, the cost of a data breach differs for every organization. How much would it cost yours? IBM Security, 2017
Social cybersecurity: Influence people, make friends and keep them safe: Jason Hong talks about Carnegie Mellon’s work in social cybersecurity, a new discipline that uses techniques from social psychology to improve our ability to be secure online. Tech Target, August 2017
IRS Warns Tax Preparers of Fake Software Update Scheme that Steals Passwords: Just in time for the seasonal upgrading of tax software, the IRS is warning of phishing emails that try to trick tax professionals into downloading software updates, but in fact steer victims into divulging login credentials. BankInfoSecuirty, August 9, 2017
Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management: Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. Security Intelligence, August 9, 2017
Most of what we know about passwords is wrong, and how businesses should respond: Bill Burr, who wrote the guidelines for modern password standards, claims that he gave the wrong advice on how people should go about creating passwords. TechRepublic, August 9, 2017
10 bad habits cybersecurity professionals must break: Cybersecurity workers face many challenges on the job. Here are 10 bad habits they must avoid in order to be most effective. TechRepublic, August 10, 2017
Beware of Security by Press Release: The DirectDefense – Carbon Black Brouhaha: On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “security by press release.” KrebsOnSecurity, August 10, 2017
“White Hat” Hackers: Privileged Accounts Provide Fastest Access to Sensitive, Critical Data:Nearly 75 percent state traditional perimeter security firewalls and antivirus are now irrelevant or obsolete. DarkReading, August 9, 2017
Protecting Personal Information: A Practical Guide for Business – FTC: Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees. Federal Trade Commission
Nationwide Insurance Breach Settlement Agreement: $5.5 million & stronger security management practices: Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals. BankInfoSecurity, August 9, 2017
Majority of MSPs struggle to find enough cybersecurity pros to hire: Two out of three managed service providers (MSPs) suffer from a shortage of qualified cybersecurity staff—leading to challenges keeping customers safe from ransomware attacks, according to a report from Kaspersky Lab, released Wednesday. TechRepublic, August 10, 2017
Five strategies to address the cybersecurity skills shortage: The ability to detect and respond to threats is greatly impeded by a lack of cybersecurity skills and staff. CSO, August 10, 2017
Cyber Security in Society
HBO Cyber Attack
Game of Thrones stars’ personal details leaked as HBO hackers demand ransom: Hackers of US television network HBO have released personal phone numbers of Game of Thrones actors, emails and scripts in the latest dump of data stolen from the company, and are demanding a multimillion-dollar ransom to prevent the release of whole TV shows and further emails. The Guardian, August 8, 2017
Watch the ransom video hackers sent to HBO (set to Game of Thrones music): HBO is at the center of a massive cyberattack putting 1.5 terabytes of valuable intellectual property and private information at risk. Mashable, August 9, 2017
HBO Hackers Leak Email From Network That Offers Them $250,000: The email dated July 27 indicates a negotiation between the network and the hackers. Hollywood Reporter, August 10, 2017
Know Your Enemy
Hackers & Pirate Websites Conspire In Malware Extortion Schemes: Hackers have become an inescapable part of the Hollywood narrative, on and off the screen. Deadline, August 8, 2017
Russia’s ‘Fancy Bear’ Hackers Used Leaked NSA Tool to Target Hotel Guests: Since as early as last fall, the Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks, according to a new report from security firm FireEye, which has closely tracked the group’s intrusions, including its breach of the Democratic National Committee ahead of last year’s election. Wired, August 11, 2017
Voting Machine “White-Hat” Hackers Have 5 Tips to Save the Next Election: American Democracy depends on the sanctity of the vote. Wired, August 6, 2017
National Cyber Security
A Vulnerable Castle in Cyberspace … Embracing the ‘information warfare’ mindset: The topic of cybersecurity seems to affect just about everything these days. US News, August 11, 2017
Financial Cyber Security
Uptick in Malware Targets the Banking Community: A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. DarkReading, August 9, 2017
DHS Warning: Vulnerabilities Found in Some Siemens Medical Imaging Devices Open Door to Hackers: The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could enable hackers to “remotely execute arbitrary code.” BankInfoSecurity, August 8, 2017
Alleged sextortionist caught after FBI plants malware on video of victim: A Bakersfield, Calif. man who allegedly tried to extort pornographic video footage from underage victims was tracked down and apprehended after investigators secretly hid malware on a digital video file sent from the intended victim’s computer, according to a criminal complaint filed in Indiana. SC Media, August 10, 2017
Alleged vDOS Operators Arrested, Charged — Krebs on Security: Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges. KrebsOnSecurity, August 09, 2017
SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: SecureTheVillage and Citadel President Stan Stahl will speak on High-Performance Information Security Management & Leadership Teams. August 17, 2017, 7:30 -10AM. Datastream, Glendale.
National Assn of Corporate Directors — Southern California Chapter: Join SecureTheVillage and Citadel President Stan Stahl, the National Cyber Forensics Training Alliance (NCFTA) CEO and former secret service agent Matt Lavigna, Apria Healthcare’s CISO Jerry Sto. Thomasand former SaaS CEO and PwC Partner, Bob Zukis. Learn about Southern California’s unique risks and local efforts to fight cybercrime. September 6, Noon Luncheon, California Club.
PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club
SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank
SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.
Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.
SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard
That’s about it for now.