Cyber Security News of the Week, October 23, 2016

Cyber Security News of the Week, October 23, 2016

Individuals at Risk

Identity Theft

LinkedIn says hacking suspect is tied to breach that stole 117M passwords: An alleged Russian hacker arrested in the Czech Republic following an FBI-coordinated tip-off is suspected of taking part in a 2012 breach of LinkedIn that resulted in the theft of more than 117 million user passwords, representatives of the professional networking site said Wednesday. ars technica, October 19, 2016

Cyber Privacy

YAHOO ASKS DNI TO DE-CLASSIFY EMAIL SCANNING ORDER: Yahoo continues to seek high ground with regard to public reports that last year it scanned user email messages in compliance with a classified government order. ThreatPost, October 20, 2016

Police facial-ID tech raises civil rights concerns, including Racial profiling: The growing use of facial-recognition systems has led to a high-tech form of racial profiling, with African Americans more likely than others to have their images captured, analyzed and reviewed during computerized searches for crime suspects, according to a new report based on records from dozens of police departments. The Washington Post, October 18, 2016

UK government conducted illegal bulk data collection for over a decade: The UK government conducted illegal bulk data collection and storage on citizens for almost 20 years, the Investigatory Powers Tribunal (IPT) has ruled. The case was brought by Privacy International and heard in the summer. V3, October 17, 2016

Cyber Warning

Beware .LNK Attachments as Locky Ransomware Learns New Evasive Tricks: For several weeks security experts have had success slowing Locky ransomware infection rates. That’s been due to aggressive efforts to combat the Trojan downloader Nemucod, used in recent campaigns to distribute Locky. But now researchers say hackers behind Locky are changing tactics, giving the ransomware new legs. ThreatPost, October 20, 2016

ICLOUD PHISHING CAMPAIGN ZYCODE BACK FROM THE DEAD: A phishing campaign aimed at Chinese Apple users that was thought to be in hibernation has been roused from its slumber. ThreatPost, October 20, 2016

Cyber Defense

New Free Tool Stops Petya Ransomware & Rootkits: Although Check Point reported today that ransomware operators have reached a new benchmark in their malicious spree, security researchers at Cisco Talos Labs have unveiled a new way to fight back. DarkReading, October 20, 2016

Information Security Management in the Organization

Information Security Governance

Diligent IT network hygiene critical to lowering information risk: Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain. DarkReading, October 20, 2016

Explaining Privacy And Cybersecurity To A Corporate Board: Cybersecurity is — and should be — a major concern for lawyers. Earlier this year, for example, we learned about Russian hackers targeting top Biglaw firms. Above The Law, October 19, 2016

Cyber Law

An EU General Data Protection Guide for the Insurance and Financial Services Sector: To help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR titled “The GDPR from an Insurance and Financial Mediation Perspective” targeted to the insurance and financial services sector, including their intermediaries. Steptoe Cyberblog, October 19, 2016

Cyber Career

Information security needs to cast recruitment net wider, says industry panel (ISC)2: Organisations can help to fill the cyber security skills gap by casting their recruitment net wider, according to a discussion panel at the (ISC)2 Emea Congress 2016 in Dublin. ComputerWeekly, October 19, 2016

Cyber Security in Society

National Cyber Security

How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts: On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google. Vice, October 20, 2016

Evidence Points to Putin. Russia Hackers to Blame for Wikileaks Emails: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.” Esquire, October 20, 2016

Government alleges former NSA contractor stole ‘astonishing quantity’ of classified data over 20 years: Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with “an astonishing quantity” of classified digital and other data over 20 years in what is thought to be the largest theft of classified government material ever. The Washington Post, October 20, 2016

Highly sophisticated DNCC hackers used 6 zero-days in compromising user computers: Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee’s computers. TheRegister, October 20, 2016

Agents of influence: How reporters have been “weaponized” by leaks: Since June, some entity has been releasing e-mails and electronic documents obtained via network intrusions and credential thefts of politicians and political party employees. Some of the releases have appeared on sites believed to be associated with Russian intelligence operations; others have appeared on Wikileaks. On occasion, the leaker has also engaged journalists directly, trying to have them publish information drawn from these documents—sometimes successfully, other times not. ars technica, October 20, 2016

Cybersecurity Issues for the Next Administration: On today’s Internet, too much power is concentrated in too few hands. In the early days of the Internet, individuals were empowered. Now governments and corporations hold the balance of power. If we are to leave a better Internet for the next generations, governments need to rebalance Internet power more towards the individual. This means several things. Schneier On Security, October 13, 2016

Cyber Attack

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage: A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests. KrebsOnSecurity, October 21, 2016

Hackers Used New Weapons to Disrupt Major Websites Across U.S.: SAN FRANCISCO — Major websites were inaccessible to people across wide swaths of the United States on Friday after a company that manages crucial parts of the internet’s infrastructure said it was under attack. The New York Times, October 21, 2016

A massive cyberattack blocked your favorite websites; FBI and Homeland Security are investigating: The Department of Homeland Security and the FBI are investigating a massive cyberattack that stopped or slowed access to Twitter, Spotify, Amazon and other sites Friday by targeting a firm responsible for routing Internet traffic their way. LA Times, October 21, 2016

DDoS on Dyn Impacts Twitter, Spotify, Reddit: Criminals this morning massively attacked Dyn, a company that provides core Internet services for Twitter, SoundCloud, Spotify, Reddit and a host of other sites, causing outages and slowness for many of Dyn’s customers. KrebsOnSecurity, October 21, 2016

Know Your Enemy

Ancalog – the document exploit tool that makes cybercrime easy: SophosLabs principal researcher Gábor Szappanos, better known as Szappi, has featured in Naked Security articles many times before. NakedSecurity, October 20, 2016

Forget ‘hackers in hoodies,’ cybercriminals are the new Mafia: Forget the cliché of lonely figures in hoodies crouched over laptops, feverishly bashing out lines of code. Online crime is a lucrative business, and hackers are the new Mafia. Wired, October 19, 2016

Spreading the DDoS Disease and Selling the Cure: Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home. KrebsOnSecurity, October 19, 2016

Tech-Support Scams Receive Government Scrutiny: Two years ago, an elderly man with a French accent called the office of E-Racer Tech, a Florida-based tech-support company. His computer was acting up, he said, and he needed a hand. The technician on the line asked a few questions, and then he agreed: The computer was in bad shape. Luckily, he knew just what to do. The Atlantic, October 18, 2016

Cyber Politics

Ars Technica examines the two leading candidates’ positions on crypto and Snowden: Last week, Republican presidential candidate Donald Trump’s campaign team released a plan to address “the cyber,” as the candidate had promised to do in a speech he gave earlier this month. ars technica, October 19, 2016

Financial Cyber Security

Tough Federal Cybersecurity Standards for Big Banks Proposed: Federal banking regulators are proposing tough new standards designed to bolster cybersecurity at the nation’s largest banking institutions. BankInfoSecurity, October 19, 2016

Internet of Things

How To Crash A Drone By Hacking Its 3D Propeller Design: Researchers at Israel’s Ben-Gurion University of the Negev along with their counterparts at the University of South Alabama and the Singapore University of Technology and Design have demonstrated how attackers can cause fatal equipment failures by sabotaging the integrity of 3D-printed parts. DarkReading, October 20, 2016

When the Society of Things Attacks Itself – A BBC World News Newsday Interview by Sean Martin: I was fortunate to receive an invitation for an interview with BBC World News Newsday. A good portion of my interview was aired on the 10th of October. In this article is a collection of my thoughts that drove the direction of my responses to their questions. ITSP Magazine, October 11, 2016

The post Cyber Security News of the Week, October 23, 2016 appeared first on Citadel Information Group.