Cyber Security News of the Week, May 7, 2017

Cyber Security News of the Week, May 7, 2017

Individuals at Risk

Identity Theft

Identity Theft Protection: 10 Ways To Secure Your Personal Data: I was recently the victim of a hack. My identity was impersonated and the information was used to steal my personal data from GoDaddy. How could this happen I asked myself? The cybercriminal got hold of my social security number, used it to locate my credit card number from my bank, then used that credit card number to access my GoDaddy profile by socially engineering a customer service representative embedded at the hosting giant’s offices. Forbes, May 5, 2017

Cyber Privacy

More Android phones than ever are covertly listening for inaudible sounds in ads: Your Android phone may be listening to ultrasonic ad beacons without your knowledge. ars technica, May 5,2017

Android Users: Ultrasonic Beacons May Be Tracking Your Every Movement: More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. ThreatPost, May 5, 2017

Cyber Defense

The pitfalls of cybersecurity shopping: hype and shoddy products: There’s a growing threat on the cybersecurity scene that could drain millions from unsuspecting businesses and leave them vulnerable to hacking threats. CSO, May 5, 2017

123456 Reasons To Care It’s World Password Day: Last year, our security team leaked a fake profile onto the Dark Web to show just how quickly phished credentials can spread. Within a month, the fake employee’s credentials had been viewed over 1,400 times and there were multiple successful login attempts into the phished account. The number of large-scale data breaches and the fact that users regularly re-use passwords is a real issue for businesses today. Against this background, static passwords simply cannot provide effective corporate protection. InformationSecurityBuzz, May 5, 2017

Cyber Warning

Microsoft Warns of New Cybercriminal Attack Using False Updater. Always Update from Inside Program: Advanced attackers are using a blend of in-memory malware, legitimate pen-testing tools and a compromised updater to attack banks and tech firms, warns Microsoft. ZDNet, May 5, 2017

Cybercrime on the high seas: the new threat facing billionaire superyacht owners: Buyers at London superyacht conference shown the ease with which hackers can take control of vessels – and even procure private photos. TheGuardian, May 5, 2017

Email Phishing Attack Hits Google: Don’t Click & What to Do if You Did: Google said it was investigating an email scam winding its way through inboxes across the country and had disabled the accounts responsible for the spam. The New York Times, May 3, 2017

Blind Trust in Email Could Cost You Your Home: The process of buying or selling a home can be extremely stressful and complex, but imagine the stress that would boil up if — at settlement — your money was wired to scammers in another country instead of to the settlement firm or escrow company. Here’s the story about a phishing email that cost a couple their home and left them scrambling for months to recover hundreds of thousands in cash that went missing. KrebsOnSecurity, April 27, 2017

Information Security Management in the Organization

Information Security Management and Governance

Cybersecurity Training Nonexistent at One-Third of SMBs: But nearly half of US SMBs in a new survey would be willing to participate in security awareness training at their workplace – even if it was optional. DarkReading, May 1, 2017

Cyber Threats Have Evolved. How About Your Insurance?: In 2017 organizations communicate at the speed of light in an effort to reduce friction points with clients while providing a user experience in step with the evolution of technology. The use of computers has made conducting business fast, efficient, and often more cost effective but it has also opened organizations up to new threats at an unprecedented level. There are no shortage of cyber horror stories experienced by organizations of all sizes highlighting the harm a data breach can inflict upon the two things that matter most which are profitability and reputation. From a ransomware attack against a public utility in Michigan to countless W-2 business email compromise scams targeting a variety of industries, no organization can escape the borderless span of the internet. Security professionals are aware that the threat landscape has evolved but the $7M question remains; has the approach to cyber liability insurance? ITSP, May 2017

‘Orange Is the New Black’ Leak: Another Stark Illustration of Weak Security of 3rd-Party Vendors: This weekend’s leak of the upcoming fifth season of Netflix’s “Orange Is the New Black” may turn out to be Hollywood’s biggest breach since the Sony hack in 2014. But security experts aren’t surprised by the incident, even as details about it still emerge. That’s because many have been warning of weak security at third-party vendors for years. Variety, April 29, 2017

Cyber Warning

FBI IC3 Issues Updated Business E-mail Compromise Warning as Losses Up 2,370%. Exceed $5 Billion: Business E-mail Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The E-mail Account Compromise (EAC) component of BEC targets individuals that perform wire transfer payments. IC3, May 4, 2017

Cyber Defense

The Competing Claims of Security Vendors Sow Customer Distrust: Exploits, data breaches and ransomware campaigns are succeeding despite increased public awareness about these threats. New victims are found, old targets are rediscovered and people want to know how this keeps happening. Security Intelligence, May 5, 2017

Lessons Learned in Verizon’s 2017 Data Breach Investigation Report: Verizon has released its 10th annual Data Breach Investigations Report (DBIR), a comprehensive and multi-faceted look-back on breach trends, threat actor tactics and apparent motivations, based on analysis by the company or one of its 65 partners of 1,935 breach events occurring in 2016. ITSP, May 2017

Cyber Update

Intel patches critical remote hijacking vulnerability in business servers going back 7 years: Remote management features that have shipped with Intel processors since 2010 contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks, according to advisories published by Intel and the researcher credited with discovering the critical flaw. ars technica, May 1, 2017

Cyber Talent

Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It: It’s a refrain I’ve been hearing for the past 18 months from clients all over the world: “We need more skilled people for our security team.” Harvard Business Review, May 4, 2017

Cyber Security in Society

Cyber Crime

Cybercriminals Combine Phishing & a 40-Year Telco Protocol Flaw to Steal Millions: Hackers have exploited the Signaling System #7 international telecommunications signaling protocol as part of a two-stage attack designed to drain money from online bank accounts. BankInfoSecurity, May 5, 2017

Breach at Sabre Corp.’s Hospitality Unit: Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments. KrebsOnSecurity, May 2, 2017

Hacker Leaks Episodes From Netflix Show and Threatens Other Networks: A hacker who claims to have stolen unreleased television shows from several major networks shared the coming season of the Netflix series “Orange Is the New Black” on Saturday after the person said the streaming service failed to meet its ransom requests. The New York Times, April 29, 2017

Cyber Privacy

UK Gov’t Plans Revealed That Would Force WhatsApp to Break Its Encryption: The UK government is pretty damn serious about its secret surveillance plans. Mashable, May 5, 2017

Cyber Defense

DHS says IT vendors, healthcare organizations targeted in sophisticated new cyberattack: The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems. BankInfoSecurity, May 5, 2017

Know Your Enemy

Advanced Russian Cyber-Espionage Malware Found by Palo Alto & Fox-IT: Russian cyberspies have developed a new breed of backdoor trojan that features several novel techniques, including an API that allows attackers to reverse the C&C communications flow when needed. BleepingComputer, May 5, 2017

National Cyber Security

Macron campaign says it is the victim of massive, coordinated hacking campaign: A large trove of emails from the campaign of French presidential candidate Emmanuel Macron was posted online late on Friday, a little more than a day before voters go to the polls to choose the country’s next president in a run-off against far-right rival Marine Le Pen. CNBC, May 5, 2017

Who Is Publishing NSA and CIA Secrets, and Why?: There’s something going on inside the intelligence communities in at least two countries, and we have no idea what it is. Schneier on Security, April 27, 2017

The post Cyber Security News of the Week, May 7, 2017 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group