Cyber Security News of the Week, January 22, 2017

Cyber Security News of the Week, January 22, 2017

Individuals at Risk

Cyber Privacy

You’ve probably never heard of this creepy genealogy site. But it knows a lot about you: Early Tuesday morning, Anna Brittain got a text from her sister: Did she know about The relatively unknown site, which presents itself as a free genealogy resource, seemed to know an awful lot about her. The Washington Post, January 12, 2017

Cyber Warning

Critical security vulnerability in Samsung SmartCam range can give hackers full control: Security researchers have uncovered a critical and easy-to-exploit vulnerability in Samsung’s SmartCam range of cloud-based cam

Information Security Management in the Organization

Information Security Management and Governance

New Survey Shows How Information Security Management Evolving to Meet Changing Risks: Security managers are seeing upheaval within their own organizations as they adopt new security policies and technologies designed to keep pace with the changes happening within business units, according to a recent Forbes Insights report, “Enterprises Re-engineer Security in the Age of Digital Transformation,” sponsored by BMC. The extent of this disruption is undeniable—69% of senior executives surveyed for the report believe that digital transformation is forcing them to rethink their cybersecurity strategies. Forbes, Jauary 20, 2017

Is the CISO Reporting Structure Outdated?: Security has become a top concern for enterprises, so it’s no wonder that the chief information security officer (CISO) reporting structure has changed. The position has risen in the organizational structure to the inner echelon of the C-suite, giving the CISO top-level visibility within the business. SecurityIntelligence, January 19, 2017

Case Study of Manufacturing Firm Victim of Ransomware: As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast provides a striking real world example. The National Law Review, January 19, 2017

Management Must get Everyone Involved so CISO Can Deal w Increased Demand for Security Services: With organizations going through digital transformation,IT leaders must fundamentally change how information security services are delivered, and make security part of everyone’s job. InformationWeek, January 12, 2017

How information security professionals can help business understand cyber risk: Information security is continually moving up business and board agendas, but information security professionals find it challenging to help business leaders to understand fully the cyber risks across increasingly digital businesses. ComputerWeekly, January 2017

Cyber Awareness

Social Engineering – Detecting/Stopping Attacks: A common misconception most people have about cyber attackers is that they use only highly advanced tools and techniques to hack into people’s computers or accounts. This is simply not true. Cyber attackers have learned that often the easiest way to steal your information, hack your accounts, or infect your systems is by simply tricking you into making a mistake. SANS, January 2017

Cyber Warning

Mac, Linux malware discovered targeting biomedical research: A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research. PCWorld, January 19, 2017

Highly Effective Gmail Phishing Technique Being Exploited to Steal Credentials & Take-Over Account: As you know, at Wordfence we occasionally send out alerts about security issues outside of the WordPress universe that are urgent and have a wide impact on our customers and readers. Unfortunately this is one of those alerts. There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users. WordFence, January 12, 2017

Cyber Talent

Cybersecurity boot camps seek to fill the workforce gap: A startup in Denver and an initiative in Chicago are using cybersecurity boot camps to quickly prepare workers to fend off digital attacks. Christian Science Monitor, January 20, 2017

IT Security Employment Soars to Record High: The number of people employed in the United States as information security analysts reached a record high in 2017, according to uncirculated employment data provided by the U.S. Labor Department’s Bureau of Labor Statistics. BankInfoSecurity, January 18, 2017

Cyber Security in Society

Cyber Crime

Fraud Is The Most Common Crime in UK, Says Office of National Statistics: The Office of National Statistics has released its latest crime report, revealing that fraud now accounts for nearly one in three of all crimes committed, making it the country’s most common offence. It is estimated there were 3.6 million cases of fraud in a single year. Nick Brown, group managing director of identity data intelligence company GBG commented below. ISBuzzNews, January 20, 2017

Data breaches hit all-time record high, increase 40% in 2016:
The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout. This represents a substantial hike of 40 percent over the near record high of 780 reported in 2015. HelpNetSecurity, January 20, 2017

Cyber Attack

Insecure Hadoop & CouchDB installations latest targets in wave of database highjacking attacks: Insecure Hadoop and CouchDB installations are the latest targets of cybercriminals who are hijacking and deleting data. Last week, security researchers said 28,000 MongoDB and Elasticsearch installations were hacked in a new wave of attacks against unprotected open source data management platforms. Threatpost, January 20, 2017

Cyber Warning

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story: A coalition of some of the globe’s top researchers and cryptographers are pleading with The Guardian to retract a story it published last week in which it suggested the encrypted messaging app WhatsApp contained a backdoor. ThreatPost, January 20, 2017

Know Your Enemy

Satan: A new Ransomware as a Service: If you’ve been hit by ransomware that has scrambled the names of your encrypted files and has appended the .stn extension to them, you’ve been targeted by Satan – not the “Prince of Darkness”, but by the eponymous new Ransomware as a Service. HelpNetSecurity, January 20, 2017

Cybersecurity Experts Uncover Dormant Botnet of 350,000 Twitter Accounts: A massive botnet secretly infiltrated the Twitterverse in 2013 but has lain mysteriously dormant since then, say researchers. MIT Technology Review, January 20, 2017

Who is Anna-Senpai, the Mirai Worm Author?: [Brian Krebs’ historical account of the growth of DDoS Attacks Using IoT. Fascinating & Instructive!!] On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name “Anna-Senpai” — released the source code for Mirai, spawning dozens of copycat attack armies online. KrebsOnSecurity, January 18, 2017

Carbanak cybercrime gang uses Google services to manage malware installed on victims PCs: An organised cybercriminal gang is is using Google services to issue command and control (C&C) communications to help monitor and control the machines of unsuspecting malware victims. ZDNet, January 20, 2017

Cyber Defense

Industry Security Consortium & Incident Response Group create Vulnerability Coordination SIG: Recent cyber attacks on organizations around the world have demonstrated the need for consistency in managing security vulnerabilities. To answer that demand, the Industry Consortium for the Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST) created the FIRST Vulnerability Coordination Special Interest Group (SIG). This is a collaboration among vendors, security researchers, product security incident response teams (PSIRTs), computer security incident response teams (CSIRTs), and other stakeholders in the incident response community. One of the goals for the Vulnerability Coordination SIG is to “develop and publish vulnerability coordination best practices, which include use cases or examples that describe scenario and disclosure paths”. CISCO, January 20, 2017

European Union Security Agency (ENISA) Says CyberSecurity Key to Blockchain Implementation: European Union Agency for Network and Information Security (ENISA) has entered into the Blockchain debate with a new report aimed to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger. The-Blockchain, January 20, 2017

Cyber Readiness

Data Privacy Day on Jan 28 to heighten privacy and security awareness: Respecting Privacy, Safeguarding Data and Enabling Trust is the theme for Data Privacy Day (DPD), an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information. StaySafeOnline, January , 2017

National Cyber Security

Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixed: The U.S. Army on Thursday shared the outcome of its first bug bounty, which concluded a three-week trial on Dec. 21, calling the program a success. ThreatPost, January 20, 2017

Financial Cyber Security

Card-Not-Present Fraud Picking Up In US: Card-not-present (CNP) fraud is increasing as cyber thieves are showing they are quite able to use both technology and stolen payment card data to defraud retailers around the world. PYMNTS, January 18, 2017

Cyber Sunshine

Spanish police nab suspected hacker behind Neverquest banking malware: Spanish police have arrested a Russian programmer suspected of developing the Neverquest banking Trojan, a malware targeting financial institutions across the world. PCWorld, January 20, 2017

The post Cyber Security News of the Week, January 22, 2017 appeared first on Citadel Information Group.