Cyber Security News of the Week, December 18, 2016

Cyber Security News of the Week, December 18, 2016

Individuals at Risk

Identity Theft

Yahoo says 1 billion user accounts were hacked: Yahoo said Wednesday that more than 1 billion user accounts — meaning most of the Internet giant’s customers worldwide — were hacked in 2013, leading to the release of user names, telephone numbers, dates of birth and other personal information. The Washington Post, December 14, 2016

My Yahoo Account Was Hacked! Now What?: Many readers are asking what they should be doing in response to Yahoo‘s disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q & A format.KrebsOnSecurity, December 15, 2016

Cyber Privacy

Evernote CEO: ‘We let our users down’ with privacy policy change: Evernote CEO Chris O’Neill has had a long couple of days. The company he runs recently ignited a firestorm among its users when it announced a privacy policy change that would have required users to open up all their notes for analysis in order to take advantage of forthcoming machine learning features. PC World, December 16, 2016

Hack of Quest Diagnostics App Exposes Data of 34,000 Patients: A medical laboratory company based in New Jersey said Monday that it was investigating a recent hack that exposed the personal health information of about 34,000 people. The New York Times, December 12, 2016

Cyber Update

Apple’s macOS file encryption easily bypassed without the latest fixes: Without the macOS update released this week, Apple’s disk encryption can be easily defeated by connecting a specially crafted device to a locked MacBook. PCWorld, December 16, 2016

Cyber Warning

6 ways hackers could pwn you using your latest Instagram post: The majority of social media users don’t realize hackers can attack them simply using the power of observation. People share personal photos on social media platforms all the time. You might set strong passwords and turn on the best security settings. You may even remain wary of accepting strangers’ friend requests. However, do you realize that cyber criminals can analyze seemingly irrelevant elements within a photo, or words within a caption, to piece together enough personal details about you to launch a convincing attack or scam? GeekWire, December 16, 2016

Home routers under attack in new malvertising campaign: Attackers are targeting more than 166 router models with an exploit kit called DNSChanger that is being distributed via malvertising. Researchers at Proofpoint said the exploit kit is unique because the malvertising component of the attack doesn’t target browsers, rather a victim’s router. ThreatPost, December 15, 2016

Cyber Defense

Microsoft To Block Flash In Edge Browser For Security, Speed: Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla. DarkReading, December 16, 2016

The 12 Days of 2FA: How to Enable Two-Factor Authentication For Your Online Accounts: 2-Factor AuthenticationEnabling two-factor authentication—or 2FA for short—is among the easiest, most powerful steps you can take to protect your online accounts. Often, it’s as simple as a few clicks in your settings. However, different platforms sometimes call 2FA different things, making it hard to find: Facebook calls it “login approvals,” Twitter “login verification,” Bank of America “SafePass,” and Google and others “2-step verification.” Electronic Frontier Foundation, December 8, 2016

Securely Disposing of Your Mobile Device: Mobile devices, such as smartphones, smartwatches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as often as every year. Unfortunately, too many people dispose of their devices with little thought on just how much personal data is on them. In this newsletter we will cover what types of personal information may be on your mobile device and how you can securely wipe it before disposing or returning it. If your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below. SANS, December, 2016

Information Security Management in the Organization

Information Security Management and Governance

Intellectual Property Is Valuable. How to Protect It in the Digital Society?: There are 318.9 million people in the United States and their collective creativity is one of the most economically beneficial assets in the country. ITSP Magazine, December 12, 2016

Cyber Warning

DDoS in 2017: Strap yourself in for a bumpy ride: DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. The Register, December 16, 2016

Cyber Talent

Cybersecurity skills gap: it’s big and it’s bad for security: The cybersecurity skills gap, defined as a shortage of qualified people needed to fill open positions in IT security, is a phenomenon that I have researched quite extensively this year, and with good reason. You may have seen this recent headline: WeLiveSecurity, December 16, 2016

Cyber Security in Society

Cyber Espionage

New Details on China Cyber Theft of Data From Major U.S. Law Firms: A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune. Fortune, December 7, 2016

National Cyber Security

Why Russia’s Cyberattack Wasn’t Stopped- Podcast w authors of NY Times analysis: It was utterly avoidable. In retrospect, anyway. The most brazen, disruptive and manipulative attack on the American electoral system since Watergate — a vast cyberattack by Russia, aimed squarely at Democrats in 2016 — hinged on a series of human errors and institutional misjudgments. The New York Times, December 16, 2016

Russian hackers seized control of the Pentagon’s unclassified email system in 2015: WASHINGTON (Reuters) – Russian hackers seized control last year of the unclassified email system used by the U.S. military’s Joint Chiefs of Staff, CBS News reported on Thursday, citing an interview with then-Joint Chiefs of Staff Chairman Martin Dempsey. Business Insider, December 16, 2016

FBI in agreement with CIA that Russia aimed to help Trump win White House: FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the White House, officials disclosed Friday, as President Obama issued a public warning to Moscow that it could face retaliation. The Washington Post, December 16, 2016

Obama Suggests Putin Behind Hacks to Influence Vote: President Barack Obama, saying the United States will retaliate against Russia for conducting hacks aimed at influencing the American presidential election, strongly suggested Dec. 16 that Russian President Vladimir Putin authorized the cyberattacks against Democratic Party computers. BankInfoSecurity, December 16, 2016

U.S. Faces Tall Hurdles in Detaining or Deterring Russian Hackers: WASHINGTON — When a suspected Russian cybercriminal named Dmitry Ukrainsky was arrested in a Thai resort town last summer, the American authorities hoped they could whisk him back to New York for trial and put at least a temporary dent in Russia’s arsenal of computer hackers. The New York Times, December 15, 2016

Cybersecurity Firm Crowdstrike Confirms Russian Hackers Breached The DNC: NPR’s Audie Cornish speaks with Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, about their assessment on how Russian hackers breached the Democratic National Committee and what it means for U.S. cyber security. NPR, December 14, 2016

U.S. Sen Cory Gardner renews call to establish permanent Select Committee on Cybersecurity: Citing cybersecurity as one of the most significant and complex challenges facing Congress, U.S. Sen. Cory Gardner (R-CO) renewed his call on Monday for a permanent Select Committee on Cybersecurity in the Senate. Ripon Advance, December 14, 2016

The Perfect Weapon: How Russian Cyberpower Invaded the U.S: WASHINGTON — When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk. The New York Times, December 13, 2016

Stewart Baker interviews Kiersten Todt re enhancing national security: Too busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity? No worries. Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director. Steptoe Cyberblog, December 12, 2016

Stewart Baker on Trump cyber plans & interview w MSFT’s Scott Charney: The Trump administration is hinting at a change in responsibility for protecting critical infrastructure from cyberattack, and it’s consistent with the President-elect’s enthusiasm for turning hard jobs over to generals.  Congress is doing its bit, elevating Cyber Command to full combatant command status.  But the Obama administration may still be toying with the idea of firing Adm. Rogers. … We then turn to an interview with Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft.  I’ve known Scott for 25 years and he’s an acute observer of the international cybersecurity scene.  He discusses international pressures on technology companies including the conflicted roles of governments dealing with encryption. Steptoe Cyberblog, December 6, 2016

Cyber Misc

How Google used AI to transform Translate & how machine learning is poised to reinvent computing: Late one Friday night in early November, Jun Rekimoto, a distinguished professor of human-computer interaction at the University of Tokyo, was online preparing for a lecture when he began to notice some peculiar posts rolling in on social media. Apparently Google Translate, the company’s popular machine-translation service, had suddenly and almost immeasurably improved. Rekimoto visited Translate himself and began to experiment with it. He was astonished. He had to go to sleep, but Translate refused to relax its grip on his imagination. The New York Times, December 14, 2016

Cyber Sunshine

Third Alleged Hacker Arrested in Chase Breach: A third suspect alleged to be responsible for the 2014 JPMorgan Chase data breach, which resulted in the compromise of data linked to more than 83 million customers, was arrested Dec. 14 after voluntarily returning to the U.S. from Russia, according to The Associated Press and other news media reports. BankInfoSecurity, December 16, 2016

International Cyber Sweep by Feds & Interpol In 13 Countries Nets Nearly 3 Dozen DDoS Attackers: A 26-year-old student in California was among nearly three dozen suspects arrested last week in a cyber crime sweep involving 13 countries. FBI, December 12, 2016

The post Cyber Security News of the Week, December 18, 2016 appeared first on Citadel Information Group.