Cyber Security News of the Week, June 11, 2017

Cyber Security News of the Week, June 11, 2017

Individuals at Risk

Cyber Defense

Google game teaches kids about online safety: Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder. HelpNetSecurity, June 9, 2017

Cyber Warning

Say hello to Dvmap: The first Android malware with code injection: A powerful Android trojan with novel code injection features that posed as a game was distributed through the Google Play Store before its recent removal. The Register, June 9, 2017

Hackers exploit Intel chip management ‘feature’ to bypass security & install malware onto computers: Advanced attackers operating in Southeast Asia are abusing a feature in Intel chips to quietly load malware and exploits onto compromised machines. ThreatPost, June 9, 2017

Novel ‘mouse hovering’ malware delivery scheme in PowerPoint identified: Cybercriminals have started using a new technique to infect computers that only requires a victim place their cursor over a malicious hyperlink for the malware to be injected. SCMagazine, June 8, 2017

Information Security Management in the Organization

Information Security Management and Governance

Are Businesses Shortchanging Cybersecurity Or Shortchanging Change Itself?: At a recent private gathering of cybersecurity professionals, I watched how the conversation gravitated toward an analysis of two interesting facts: First, according to a survey commissioned by Gartner (paywall), businesses are increasing their cybersecurity budgets at a rate of 18%; second, data breaches increased at a rate of more than 40% from 2015 to 2016, based on a Bloomberg report. Forbes, June 9, 2017

Ponemon Study: While data breach has significant brand impact, 66% of IT says “not our responsibility”: Centrify, the leader in securing hybrid enterprises through the power of identity services, commissioned a new Ponemon research study that revealed data security breaches can negatively impact an entire organization — including sales, marketing and IT — and have a significant negative impact on company finances and shareholder value. Specifically, the study found that the stock value index of 113 companies declined an average of five percent the day the breach was disclosed and experienced up to a seven percent customer churn. What’s more, thirty-one percent of consumers impacted by a breach stated they discontinued their relationship with an organization that experienced a data breach. And while the study found a data breach has a significant impact on brand reputation, a surprising 66 percent of IT practitioners don’t believe their company’s brand is their responsibility. Centrify, May 15, 2017

Cyber Awareness

Successful Security? Stop Blaming Users: To encourage individuals to improve their security practices, begin by not blaming them. BankInfoSecurity, June 9, 2017

The Cybersecurity Brand: Nudging Towards Security (Touchpoints) – Part 5: What is a touchpoint? A touch point is a point of contact or interaction. Be it any organization, the Information Security team has a lot of user touch points. A few examples are classroom presentations, brown bag sessions, town halls, computer based training, awareness emails, newsletters, security forums and meetings, Intranet microsites, webinars, posters and screensavers. SANS, June 6, 2017

Cyber Defense

Your Information Isn’t Being Hacked, It’s Being Neglected: To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems. DarkReading, June 9, 2017

Don’t Wait for the Next WannaCry — IT Depts Need to Update SMB Protocol: Much has been written about WannaCry, and the security community has learned countless valuable lessons from the unprecedented ransomware attack. One thing that is seldom mentioned, however, is how to protect your infrastructure against future Server Message Block (SMB) exploits. SecurityIntelligence, June 9, 2017

BitSight Study: Outdated systems significantly increase likelihood of breach. Patch. Patch. Patch.: BitSight analyzed more than 35,000 companies from industries across the globe over the last year, to better understand the usage of outdated computer operating systems and Internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches. The data shows that there are large gaps in asset management programs across the globe. HelpNetSecurity, June 9, 2017

Cyber Update

VMware Patches Critical Vulnerabilities in vSphere Data Protection: VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the virtual appliance, among other outcomes. ThreatPost, June 8, 2017

Cyber Insurance

How To Streamline The Cybersecurity Insurance Process: If you’ve ever suffered through the application process for cybersecurity insurance, you know that “suffered” is the right word because of a triple whammy. ITSP Magazine, June 2017

Cyber Career

Looking for a job in cybersecurity? Healthcare hiring is about to pick up: While the crisis in cybersecurity staffing grows, healthcare IT and HR executives could be in a good position to lure cybersecurity talent. HealthcareITNews, June 8, 2017

Cyber Security in Society

Know Your Enemy

Bitcoin Experts to Congress: Overseas Exchanges Are Enabling Cybercrime: Bitcoin and blockchain experts are urging US lawmakers to ramp up pressure on unlicensed offshore exchanges. CoinDesk, June 9, 2017

Move Over, Mirai: Persirai Now the Top IP Camera Botnet: The success of the massive Mirai botnet-enabled DDoS attacks of last year has spawned a lot of me-too malware designed to break into and exploit vulnerable Internet of Things devices. DarkReading, June 8, 2017

Russia is struggling to keep its cybercrime groups on a tight leash: Russia’s control of cybercrime groups that have come to play a part in its espionage activity is crumbling, according to Cybereason. The Register, June 6, 2017

You’ll never guess where Russian spies are hiding their control servers: A Russian-speaking hacking group that, for years, has targeted governments around the world is experimenting with a clever new method that uses social media sites to conceal espionage malware once it infects a network of interest. ars technica, June 6, 2017

Following the Money Hobbled vDOS Attack-for-Hire Service: A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. KrebsOnSecurity, June 6, 2017

National Cyber Security

Comey: Hundreds of Organizations Targeted by Russia: Former FBI Director’s James Comey’s testimony before the Senate Intelligence Committee on Thursday affirmed Russia’s cyber interference with the 2016 U.S. presidential election. While largely quiet about the ongoing investigation, Comey trickled a handful of new details that contribute to a broader picture of Russian hacking. BankInfoSecurity, June 9, 2017

Cyber Medical

Task force tells Congress health IT security is in critical condition: A congressionally mandated healthcare industry task force has published the findings of its investigation into the state of health information systems security, and the diagnosis is dire. ars technica, June 8, 2017

Critical Infrastructure

Infrastructure Software Vulnerabilities Raise Concern Among Cybersecurity Experts: (TNS) — Vulnerabilities in software that automates everything from factories to traffic lights has become the nation’s top cybersecurity threat, an agent on the FBI’s Denver Cyber Task Force said Thursday in Colorado Springs. Government Technology, June 9, 2017

Internet of Things

Why Car Companies Are Hiring Computer Security Experts: It started about seven years ago. Iran’s top nuclear scientists were being assassinated in a string of similar attacks: Assailants on motorcycles were pulling up to their moving cars, attaching magnetic bombs and detonating them after the motorcyclists had fled the scene. The New York Times, June 7, 2017

Fake News

Want Instagram likes? Now you can buy popularity from a vending machine: I was talking to an IT headhunter the other day who’s been slaving away on his YouTube channel, filling it with tutorials full of career tips that are really quite helpful, albeit woefully under-Liked. NakedSecurity, June 9, 2017

Al-Jazeera claims to be victim of cyber attack as Qatar crisis continues: Broadcaster targeted after hackers planted “fake news” on Qatar’s state news service. ars technica, June 8, 2017

Qatar investigation finds state news agency hacked: foreign ministry: A preliminary investigation has confirmed that Qatar’s state news agency was hacked, and false statements attributed to the country’s ruler were posted that helped ignite a rift with other Gulf states, the Qatari foreign ministry said on Wednesday. Reuters, June 7, 2017

The post Cyber Security News of the Week, June 11, 2017 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group