Cyber Security News of the Week, September 4, 2016

Cyber Security News of the Week, September 4, 2016

Individuals at Risk

Cyber Privacy

Internet Tracking Has Moved Beyond Cookies to Fingerprinting: Chances are you know you’re being tracked online. Most of us are at the point where we’re not surprised when an ad for something we searched for on one site appears on the next site we visit. We know that many pages (yes, this one you’re reading, too) drop cookies and other scripts into our browser to keep tabs on our activity and sell us stuff. FiveThirtyEight, September 2, 2016

Cyber Awareness

40% of Facebook users click on phishy links. Do you?: A new study has found that up to 56% of email recipients and about 40% of Facebook users clicked on a link from an unknown sender that could have been crawling with malware, for all they knew. NakedSecurity, September 1, 2016

Cyber Danger

Dropbox’s Big, Bad, Belated Breach Notification: To the annals of super-bad historical mega breaches that no one knew about, add a new entry: file-hosting service Dropbox. Separately, music service also was reportedly breached badly in 2012, although that has yet to be independently confirmed. BankInfoSecurity, September 1, 2016

Cyber Update

Patch Fixes Nexus 5X Lock-Screen Bypass Vulnerability: Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the device. ThreatPost, September 2, 2016

Patch now! Recent iOS vulnerability affects Macs too: A week ago, Apple pushed out a small but critical security patch for iOS. NakedSecurity, September 2, 2016

Information Security Management in the Organization

Information Security Management & Governance

KPMG Cyber Security Survey: A Failure of Imagination by CEOs: An email embedded with malware. Security systems hacked by thieves. Credit card numbers stolen from store purchases. There’s certainly no shortage of examples when it comes to data security breaches and the havoc they wreak on business. And as technology continues to create innovative ways for organizations to connect with customers, the bad actors are innovating as well. The Atlantic, 2016

Cyber Warning

Easy to carry out, difficult to fight against: Why ransomware is booming in 2016: With more devices connected to the internet than ever before and organisations increasingly reliant on constant access to such connected systems, it’s no wonder ransomware has surged this year. ZDNet, August 16, 2016

Cyber Security in Society

Cyber Crime

One of Europe’s Biggest Companies Loses €40 Million in Business Email Compromise CEO Scam: Leoni AG, Europe’s biggest manufacturer of wires and electrical cables and the fourth-largest vendor in the world, has announced it lost €40 million ($44.6 million) following an online scam that tricked one of its financial officers into transferring funds to the wrong bank account. Softpedia, August 31, 2016

Cyber Privacy

How Spy Tech Firms Let Governments See Everything on a Smartphone: SAN FRANCISCO — Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like — just check out the company’s price list. The New York Times, September 2, 2016

Cyber Attack

Russia-Backed DNC Hackers Strike Washington Think Tanks: Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned. DefenseOne, August 29, 2016

Opera Web Sync Service Breached By Hackers: Account Information, Passwords Compromised: Opera revealed that early last week the company detected a possible security breach on the server of its cloud sync service, forcing a password reset for the 1.7 million users possibly affected by the hack. TechTimes, August 29, 2016

Know Your Enemy

Cybercrime Inc: How hacking gangs are modeling themselves on big business: Franchises, resellers, customer service, collaer boration tools, and training — professional hacking organizations are now operating like any other business. ZDNet, September, 1, 2016

Cyber Readiness

NIST fellow & former CIA CIO tell Gov’t Commission trustworthy computing answer to better security: Stunning and depressing words from two cybersecurity leaders in the federal community, both of whom presented Aug. 23 to the Commission on Enhancing National Cybersecurity. FederalNewsRadio, August 29, 2016

National Cyber Security

Putin says DNC hacking was a service to public: Vladimir Putin said the hacking of thousands of Democratic National Committee emails and documents was a service to the public, but denied U.S. accusations that Russia’s government had anything to do with it. ProvidenceJournal, September 2, 2016

Trying to Smoke Out the Players in the Hacking of the D.N.C.: WASHINGTON — American intelligence agencies believe that the Russian government was behind the theft of emails and documents from the Democratic National Committee, but many questions remain about how the documents made their way to WikiLeaks, which released them. The New York Times, August 31, 2016

China-based hackers suspected in cyberattacks sustained by Australian government networks: Australia’s defence research division, the Defence Science Technology Group and Austrade, the Australian trade commission and others are believed to have been targeted by China-based hackers. Both Austrade and Australian defence networks are also believed to have sustained significant cyber penetrations over the past five years. IBTimes, August 29, 2016

Cyber Politics

Here’s how Russian hackers could actually tip an American election: Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. The Washington Post, August 30, 2016

Harry Reid Cites Evidence of Russian Tampering in U.S. Vote, and Seeks F.B.I. Inquiry: The Senate minority leader, Harry Reid of Nevada, asked the F.B.I. on Monday to investigate evidence suggesting that Russia may try to manipulate voting results in November. The New York Times, August 30, 2016

Officials: Hackers breach election systems in Illinois, Arizona: Hackers have breached databases for election systems in Illinois and Arizona, according to state election and law enforcement officials. CNN, August 30, 2016

Russian hackers targeted Arizona election system: Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The Washington Post, August 29, 2016

FBI says foreign hackers penetrated state election systems: The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. Yahoo, August 29, 2016

Cyber Law

Why lawmakers are trying to make ransomware a crime in California: State legislation to outlaw ransomware is drawing broad support from tech leaders and lawmakers, spurred by an uptick in that type of cybercrime and a series of recent attacks on hospitals in Southern California. LA Times, July 12, 2016

Financial Cyber Security

PNC upgrades ATMs to better protect customers against fraud: CLEVELAND, Ohio — PNC Bank is in the process of upgrading its 370 ATMs in Northeast Ohio to better protect consumers against skimmers, data breaches and other sources of fraud., September 2, 2016

SWIFT Sees New Hack Attacks Against Banks: Attackers have been continuing to compromise banks’ local security controls to send fraudulent messages via SWIFT’s interbank messaging network. BankInfoSecurity, August 31, 2016


Medical Privacy Laws, Explained: Laws have been enacted to help protect your medical privacy. Here’s the lowdown on two such regulations and the aspects of medical privacy they protect. ConsumerReports, August 25, 2016

Internet of Things

Car Infotainment Vulnerability Raises Questions of Responsibility with After-Market Installers:Should an automobile manufacturer have to release a patch for a feature that they never deployed? A newly discovered vulnerability in MirrorLink’s infotainment software may force an answer. DarkReading, September 2, 2016

FiatChrysler moves to tighten dealer security codes after hackers steal over 100 cars: A few weeks ago, I wrote a story about two men who had been caught hacking into and stealing Jeeps and Rams. Now Fiat Chrysler has updated its terms of use on DealerCONNECT and told the Houston Chronicle exactly how the thieves used the dealer software to steal cars. Jalopink, August 29, 2016

Cyber Sunshine

Cisco Talos Shuts Down Malvertising Campaign Pushing Ransomware: A global malvertising campaign exposing potentially one million users to the risk of being infected with CrypMIC ransomware delivered via the Neutrino Exploit Kit has been shut down, according to researchers. ThreatPost, September 1, 2016

Cyber Miscellany

Hacking Report on St. Jude Pacemakers Was Flawed, Researchers Say: A report on cybersecurity vulnerabilities in St. Jude Medical’s implantable heart devices released last week by short sellers was flawed and didn’t prove the flaws existed, according to a review by University of Michigan researchers. Fortune, August 31, 2016

The post Cyber Security News of the Week, September 4, 2016 appeared first on Citadel Information Group.