Individuals at Risk
Cyber Update
Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software. KrebsOnSecurity, January 11, 2017
Cyber Defense
5 data security and privacy tips for iOS: Securing privacy and data on mobile devices is always a tricky proposition, but with the right combination of settings, apps, and care, iOS users can feel safer. TechRepublic, January 9, 2017
Cyber Warning
This phishing scam poses as a charity email, delivers Ramnit banking Trojan malware: Cybercriminals are attempting to infect people with bank data stealing Ramnit malware by using phishing emails pretending to come from a charity. ZDNet, January 13, 2017
WhatsApp vulnerability allows snooping on encrypted messages: A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. The Guardian, January 13, 2017
Should I be worried about the WhatsApp encryption vulnerability?: A vulnerability has been found within Facebook’s secure messaging service WhatsApp, which would allow the company and third-parties such as government agencies to intercept and read supposedly encrypted and private messages. The Guardian, January 13, 2017
Adobe quietly bundles data-collecting Chrome extension with latest Reader update: Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension (“Adobe Acrobat”) that can collect some of their operating environment data. HelpNetSecurity, January 13, 2017
WhatsApp Says ‘Backdoor’ Claim Bogus: Claims of a backdoor in WhatsApp that could be used for third-party snooping were shot down by WhatsApp, which called the allegations false. ThreatPost, January 13, 2017
Peace Sign Pics Could Give Hackers Your Fingerprints: Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined. InfoSecurity Magazine, January 12, 2017
Researchers say smart children toys from Genesis Toys puts children’s privacy at risk: My Friend Cayla and i-Que, two extremely popular “smart” toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children’s) rights to security and privacy, researchers have found. HelpNetSecurity, December 6, 2016
Information Security Management in the Organization
Information Security Management and Governance
The Sorry State Of Cybersecurity Awareness Training: In today’s dangerous cyberworld, corporations often say that cybersecurity is now a top priority for them, especially after all the massive data breaches we’ve been hearing about on a day-to-day basis. But one has to wonder, if that’s case, why are so few companies doing cybersecurity training properly? DarkReading, January 13, 2017
Being a “compliant” victim of cybercrime: When I discuss cybersecurity with business leaders, the most common misconception I see involves the role of security compliance. In my last column, I described the reality of cybercrime, a wild frontier of advanced attackers that can critically damage your business with impunity. In this dangerous environment, it’s important to realize that compliance alone will not protect you. Mississippi Business Journal, January 13, 2017
Natl Assn Corporate Directors updates cybersecurity handbook for Boards & managers: The server room might be an obvious choice for a starting point when it comes to protecting your company’s cyber networks, but the National Association of Corporate Directors says the best place to begin is in the board room. FederalNewsRadio, January 12, 2017
Cyber Defense
The CIO Must Take Charge of the Organization’s Application Portfolio: There was a time when every application used in the enterprise application portfolio was either selected and deployed by the chief information officer (CIO) or at least vetted under the management of IT. The advent of software-as-a-service (SaaS) computing options led to the rise of shadow IT, which has allowed individuals to make their own decisions about what applications met the needs of their departments. SecurityIntelligence, January 13, 2017
Cyber Security in Society
National Cyber Security
Trump on Hack: ‘I Think It Was Russia’: President-elect Donald Trump says he accepts the assessment of the U.S. intelligence community that Russia President Vladimir Putin directed cyberattacks against Democratic Party computers and a social media campaign in an attempt to influence the results of the U.S. presidential election. BankInfoSecurity, January 11, 2017
DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton: Russian President Vladimir Putin directed a massive propaganda and cyber operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday. KrebsOnSecurity, January 8, 2017
Suspected NSA tool hackers dump more cyberweapons in farewell: The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off — but not before releasing another arsenal of tools that appear designed to spy on Windows systems. PCWorld, January 12, 2017
The Lessons of the DNC Hack: We’ve been waiting almost 20 years for a cyberdefense strategy. We can’t afford to wait longer. Slate, August 1, 2016
Stewart Baker Cyberlaw Podcast – Interview w CSIS’ Davis Hake and Nico Sell: We interview two contributors to CSIS’s Cybersecurity Agenda for the 45th President. Considering the track record of the last three Presidents, it’s hard to be optimistic, but Davis Hake and Nico Sell offer a timely look at some of the most pressing policy issues in cybersecurity. Steptoe Cyberblog, January 10, 2017
Cyber Crime
Israeli phone hacking firm Cellebrite confirms ‘information security breach’: Cellebrite, the phone hacking company reportedly used by the FBI to crack the San Bernardino shooters’ iPhone, has itself become the victim of a major hack in which customer contact information was accessed by an outside party. RT, January 12, 2017
Los Angeles Valley College pays $28,000 in bitcoin ransom to hackers: The Los Angeles Community College District paid a $28,000 ransom in bitcoin last week to hackers who took control of a campus email and computer network until a payment was made. LATimes, January 11, 2017
Cyber Attack
Hackers trigger yet another power outage in Ukraine: For the second time in as many years, security researchers have determined that hackers have caused a power outage in Ukraine that left customers without electricity in late December, typically one of the coldest months in that country. ars techica, January 11, 2017
Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed: Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other’s ransom notes. KrebsOnSecurity, January 10, 2017
Know Your Enemy
Krebs’s Immutable Truths About Data Breaches: I’ve had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction. KrebsOnSecurity, January 9, 2017
Cyber Law
$475,000 fine marks first HIPAA enforcement action over breach notification timing: The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has taken action against a healthcare facility for failing to report a breach of unsecured protected health information (PHI) in a timely manner. HealthcareDIVE, January 10, 2017
Financial Cyber Security
Ploutus ATM Malware: Press F3 for Money: Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. BleepingComputer, January 13, 2017
Internet of Things
FTC vs. D-Link: A Warning to the IoT Industry: Internet-of-things vendors beware: The complaint filed by the Federal Trade Commission against router and camera manufacturer D-Link could signal the start of a long-term battle to fix systemic industry problems. BankInfoSecurity, January 11, 2017
Cyber Miscellany
Global Information Security Consulting Market to Reach $26 Billion by 2021: The information security consulting market size is expected to grow from USD 16.12 Billion in 2016 to USD 26.15 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.2% during the forecast period. The major growth drivers of the market include the increased network complexities due to third-party applications deployment and mergers & acquisitions across globe. Yahoo, January 13, 2017
The post Cyber Security News of the Week, January 15, 2017 appeared first on Citadel Information Group.