Cyber Security News of the Week, March 19, 2017

Cyber Security News of the Week, March 19, 2017


SecureTheVillage — Events

SecureTheVillage & LA Networks team up for Cybersecurity Roundtable. C-Suite. IT Dirs. Brkfst. Glendale: LA Networks and SecureTheVillage are hosting a cybersecurity seminar that will feature experts in law enforcement, information security, and insurance. Join us for an informative SecureTheVillage Cybersecurity Roundtable and Q&A as we dive into the multi-billion dollar world of cybercrime and learn how to protect your company against a cybersecurity chess match. Secure the Village, Date: March 21, 2017

Financial Services Cybersecurity Roundtable, Speaker: National Cyber-Forensics and Training Alliance. The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-organizational “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. City National Bank, April 7, 2017, 7:30 – 10:00AM

Pasadena / Glendale Cybersecurity Roundtable. Speaker: Warren Kato, LA County DA Office, “Cyber-Crime: The Anatomy of a Breach.” The Pasadena Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives and cybersecurity experts. This roundtable is intended for both for-profits and not-for-profits and functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. April 13, 7:30 – 10:00AM

SecureTheVillage Board Member Howard Miller to speak at College of Canyons Cybersecurity Breakfast Briefing. 4/21: Be instructed in the latest on Cybersecurity from a panel of industry experts. College of the Canyons, Date: April 21, 2017

SecureTheVillage — Other

Los Angeles Business Journal honors three SecureTheVillage Leadership Council members as finalists for this year’s CTO of the Year awards. Hersel Shoumer, President of LA Networks. Dave Watts, President of NetFusion. Stan Stahl, President of SecureTheVillage and Citadel Information Group.  Also honored are Citadel co-founder, Kimberly Pease and Shawn Aminian, Vice President, Information Technology and CIO at Children’s Institute, one of LA’s important nonprofits serving the at-risk community, and a Citadel client. Awards Ceremony: Wednesday, March 22, 6:00PM – 8:30 PM, Casa Del Mar

Leadership Council Member, Louie Sadd, Pres of Datastream IT, Honored as Glendale CofC Man of Year: Congratulations to all of our honorees and our sincere appreciation for their contributions to the Glendale business community. Please join us as we celebrate their accomplishments and look forward to this year’s State of the City Address presented by Mayor Paula Devine! Glendale Chamber of Commerce, Date: March 22, 2017

Individuals at Risk

Identity Theft

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam: Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. KrebsOnSecurity, March 17, 2017

Cyber Privacy

FCC says your cybersecurity and privacy isn’t our problem: The new FCC chairman hasn’t wasted any time getting down to business. That is, the business of burning consumer privacy and security to the ground. engadget, March 17, 2017

Cyber Update

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month’s Patch Tuesday until today, issued an unusually large number of update bundles (18) to fix dozens of flaws in Windows and associated software. KrebsOnSecurity, March 14, 2017

Cyber Warning

Newly Discovered WhatsApp Security Flaw Allows Hackers to Access User Account Details & Information: Maintaining a high level of security while being online is no easy task. There are various ways of protecting oneself from all the bad elements on the Internet. Some use virtual private networks while others use encryption. As for WhatsApp, encryption has been chosen as a means of securing messages sent between users. MobiPicker, March 17, 2017

Cyber Defense

Basic password security tips to help you foil hackers: NEW YORK — Details from this week’s federal indictment of Russian hackers charged with compromising hundreds of millions of Yahoo accounts reveal that many people are still not taking routine precautions to safeguard their email accounts — and hackers are exploiting that. CBS, March 17, 2017 toolbar being used again to deliver malware. Users should remove it: Businesses that allow the toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods. NetworkWorld, March 17, 2017

Cyber crime prevention class to be offered by Police in Simi Valley on April 13: Simi Valley police and the FBI will be offering a cyber-crime prevention class on April 13. Ventura County Star, March 16, 2017

Information Security Management in the Organization

Information Security Management and Governance

HR data security: 5 questions to ask IT today: It can be comforting to think that the people safeguarding your company’s network have it all under control, but before you add even one more sensitive file , find out just how secure your systems are by asking IT these questions…Business Insider, March 17, 2017

Hackers’ delight: Businesses put selves at risk for invasion: NEW YORK — Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online store selling Viagra and Cialis. USA TODAY, March 17, 2017

A cybersecurity risk assessment is a critical part of M&A due diligence: As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo’s web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring. NetworkWorld, March 17, 2017

Cybersecurity & M&A Due Diligence Process – A 2016 NYSE Governance Services / Veracode Survey Report: CYBERSECURITY 2015 was a phenomenal year for mergers and acquisitions around the globe: Shell, AT&T, Kraft Heinz, Kinder Morgan, Charter Communications, Albertsons, Anthem, Dell, and Aetna, to name a few. NYSE Governance Services, 2016

Cyber Awareness

How did Yahoo get breached? Employee got spear phished, FBI suggests: SAN FRANCISCO—The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security Service, or FSB, (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) provides some details of how Yahoo was pillaged of user data and its own technology over a period of over two years. But at a follow-up briefing at the FBI office here today, officials gave fresh insight into how they think the hack began—with a “spear phishing” e-mail to a Yahoo employee early in 2014. ars technica, March 15, 2017

Nudging Towards Security – Part 4, Sahil Bansal: Traditional Approach of Security Communications – Employees behave in a particular way because there is something that motivates them to do so. Traditionally, the information security teams of organizations have relied on fear as a motivator to drive the right behavior. Highlighting the consequences of not following the right process, citing cases where extreme actions were taken on employees, exaggerating situations to scare employees into believing terrible outcomes could occur, information security has always been about locking down things and scaring the hell out of people. Clearly, it hasn’t worked. SANS, March 9, 2017

Cyber Warning

Unpatched flaw opens Ubiquiti Networks devices to compromise: A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a router or firewall, to take over the whole network. HelpNetSecurity, March 17, 2017

Cyber Defense

Five Make-It-Happen Defense Strategies Based Upon Improved Use of Automation: Here are five ways we can become more effective for our organizations. Dark Reading, March 17, 2017

Cyber Talent

A New Study Suggests the Serious Gender Gap in Cybersecurity Jobs Isn’t Getting Better: Johanna Vazzana knew the job she’d applied for was a stretch. Vazzana, now a cybersecurity strategist working at Mitre, was interviewing early in her career for a technical cybersecurity position with a Fortune 500 company. Though she lacked a computer science degree, she’d taught herself relevant skills and racked up certifications that she hoped would fill in the educational and experiential gaps. Slate, March 17, 2017

Cyber Security in Society

Cyber Crime

Krebs’ analysis of restaurant cyber-breach exposes POS vendor weaknesses: For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant. KrebsOnSecurity, March 16, 2017

Cyber Privacy

D.C. Circuit Court Issues Dangerous Decision for Cybersecurity: Ethiopia is Free to Spy on Americans in Their Own Homes: The United States Court of Appeals for the District of Columbia Circuit today held that foreign governments are free to spy on, injure, or even kill Americans in their own homes–so long as they do so by remote control. The decision comes in a case called Kidane v. Ethiopia, which we filed in February 2014. EFF, March 14, 2017

Cyber Attack

Attackers take control of popular Twitter app. Use it to tweet Swastikas & Turkish spam: Thousands of high-profile Twitter accounts have been spewing swastikas and spam following the hack of a popular third-party Twitter service. BankInfoSecurity, March 15, 2017

National Cyber Security

Senior British EU Official warns of significant cyber dangers. Says cooperation vital: The most senior British EU official has spoken out to warn of the need for strong security cooperation in Europe, just days before Theresa May triggers Brexit. Independent, March 17, 2017

Trump budget includes big money for cybersecurity: President Donald Trump’s proposed fiscal year 2018 budget introduced Thursday would boost cybersecurity efforts at several federal agencies, including the Pentagon, the Treasury Department and NASA. Though less of a cross-department priority, the budget also calls for more investment in IT to help improve the management and effectiveness of government. CIO Dive, March 17, 2017

Russian Bank Says Trump Link Work of False Flag Hackers: A leading Russian bank says it was targeted by hackers who created a fake cyber trail to suggest extensive links with businesses owned by U.S. President Donald Trump. Voice Of America, March 17, 2017

Cyber War I has already begun: To each American administration, its war. Which will be Donald Trump’s? There is good reason to fear it could be the Second Korean War, with craziness in North Korea and chaos in the South. Or it could be yet another quagmire in the Middle East. Trump’s most excitable critics keep warning that World War III will happen on his watch. But I am more worried about Cyber War I – especially as it has already begun. Harvard Kennedy School Belfer Center, March 15, 2017

Deterrence and Dissuasion in Cyberspace: Can states deter adversaries in cyberspace? Analogies drawn from nuclear deterrence mislead; nuclear deterrence aims for total prevention, whereas states do not expect to prevent every cyberattack. Additionally, cyber deterrence is possible even though it can be hard to identify the source of a cyberattack. Attribution problems do not hinder three of the major forms of cyber deterrence: denial, entanglement, and normative taboos. Harvard Kennedy School Belfer Center, Winter 2016/17

Stewart Baker asks NSA cyberexperts what they tell mom about cybersecurity: In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Steptoe Cyberblog, March 13, 2017

America must defend itself against the real national security menace: This week, we have watched the perfect example of a country fighting the last war. The Trump administration has devoted weeks of energy and political capital to rolling out its temporary travel ban against citizens of six Muslim-majority countries, none of whom, according to the libertarian Cato Institute, have committed a single deadly terrorist attack in the United States over the past four decades. Meanwhile, the White House’s response to a devastating barrage of WikiLeaks disclosures that will compromise U.S. security for years was a general vow to prosecute leakers. , The Washington Post, March 9, 2017

Russian bank found communicating with server registered to Trump Organization: This spring, a group of computer scientists set out to determine whether hackers were interfering with the Trump campaign. They found something they weren’t expecting. Slate, October 31, 2016

Know Your Enemy

Churn Under the Surface of Global Cybercrime: Global cybercrime actors generally adhere to the same principal as a handyman: If it’s not broken, don’t fix it. But that’s not so easy when malware works in one area and attackers want to use it to target a new audience or geography. SecurityIntelligence, March 17, 2017

String of fileless malware attacks possibly tied to single hacker group: Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers. PCWorld, March 17, 2017

Financial Cybercriminals Looking More Like Nation-States, says Mandiant Report: As the cybercriminal-cyber espionage connection in the Yahoo breach demonstrates the security challenges facing organizations today. DarkReading, March 16, 2017

Meet the FBI’s top 5 Most Wanted for cyber crimes: Three of the four people who have been indicted in connection to a massive hack of Yahoo accounts are now on top of the FBI’s Most Wanted list for cyber crimes. CNN, March 16, 2017

Four Men Charged With Hacking 500M Yahoo Accounts: The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI’s point of contact in Moscow on cybercrime cases. Here’s a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. KrebsOnSecurity, March 15, 2017

Cyber Sunshine

Russian charged with computer fraud extradited to Atlanta to stand trial: Federal authorities said a Russian hacker who allegedly hijacked victims’ computers to get banking and other financial information was brought to an Atlanta court this week to face charges. ACJ, March 17, 2017

Russian Spies, Two Others, Indicted in Yahoo Hack: Two of the four individuals indicted for hacking Yahoo in 2014, exposing 500 million user accounts, work for a Russian intelligence service unit that the FBI collaborates with on international cybercrime investigations. BankInfoSecurity, March 15, 2017

Cyber Miscellany

Despite Breaches, Yahoo CEO Gets Golden Parachute: Search giant Yahoo suffered two massive data breaches during the tenure of CEO Marissa Mayer. But when the company wraps up the sale of its primary businesses to Verizon for $4.48 billion in cash, Mayer is set to exit with an extra $23 million in compensation, minus her title as head of Yahoo or CEO of the investment company Altaba being formed by what’s left. BankInfoSecurity, March 14, 2017

The post Cyber Security News of the Week, March 19, 2017 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group