Individuals at Risk
Identity Theft
Employment-related identity theft much bigger than previously thought: The number of victims of employment-related identity theft is far larger than previously estimated and the Internal Revenue Service’s processes aren’t able to keep up, according to a new report. AccountingToday, June 22, 2017
Cyber Privacy
Republican Data Broker Exposes 198M Voter Records: Name, Address, Religion, TV Habits, Politics, etc: In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions. UpGuard, June 23, 2017
Cyber Warning
Beware this Android banking malware posing as a software update: Latest version of the mobile malware can steal login credentials from at least 40 banking, retail and social media apps. ZDNet, June 23, 2017
More Android apps from dangerous Ztorg family sneak into Google Play: For the second time this month, Google has removed Android apps from its Google Play marketplace. Google did so after a security researcher found the apps contained code that laid the groundwork for attackers to take administrative “root” control of infected devices. ars technica, June 20, 2017
Information Security Management in the Organization
Information Security Management and Governance
Talking Cyber-Risk with Executives: Explaining risk can be difficult since CISOs and execs don’t speak the same language. The key is to tailor your message for the audience. DarkReading, June 23, 2017
Wells Fargo CISO describes risk-managed approach to 4 types of cybersecurity threats: Banks have long been forced to the front lines of cybersecurity and at the 2017 Borderless Cyber event, the CISO of Wells Fargo explained how to pick your battles. TechRepublic, June 22,2017
Cybersecurity: How Business Is Protecting Itself: Business is under assault from cybercriminals like never before, and the cost to companies is exploding. Here’s what you need to know about safeguarding your digital assets. Fortune, June 22, 2017
IBM’s Etay Maor: Information security strategies to keep up with Cybercrime: IBM’s Etay Maor believes businesses must rethink their approach to cybercrime and offers suggestions for how they can protect themselves. TechRepublic, June 21, 2017
The Chief Information Security Officer: Traditionally, CPAs have considered the chief financial officer (CFO) as the guardian of a business’s organizational data. It was and remains the CFO’s responsibility to maintain a system of internal controls that provides reliance for the accuracy and integrity needed to prepare and attest to the financial statements. These statements and the accompanying opinion continue to be relied on by stakeholders when making financial decisions. The increasing use of rapidly developing technology, software obsolescence, and the change in user preference from desktop to mobile computing platforms have created the need for a new type of data guardian responsible for protecting all types of information in a digital world. The chief information security officer (CISO) is the person performing this role in many organizations and has become an important consideration for CPAs, both in traditional auditing and advisory services. CPA Journal, June 2017
Cyber Defense
Defenders use bugs in Remote Admin Trojans to hack attackers: A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors. DarkReading, June 23, 2017
Different sites need different passwords. Hackers still sell passwords from 2012 LinkedIn breach: Thousands of passwords belonging to British officials are being traded among Russian hackers, according to a report. CNet, June 22, 2017
Ready To Connect, But Is Your IP PBX Secure?: With the emergence of IP telephony in recent years, VoIP in the workplace is becoming something of the norm. Unified communications can be found in use throughout the business world, uniting branch offices across the globe, creating consolidated business platforms. ITSP Magazine, June 2017
Cyber Talent
Cybersecurity job market to suffer severe workforce shortage: The global cybercrime epidemic – predicted to cost the world $6 trillion annually by 2021 – is creating an unprecedented shortage of cybersecurity workers. CSO, June 22, 2017
Cyber Security in Society
Cyber Attack
Cyber-attack on parliament leaves MPs unable to access emails: Parliament has been hit by a “sustained and determined” cyber-attack by hackers attempting to gain access to MPs’ and their staffers’ email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords.The Guardian, June 25, 2017
Cyber Crime
New FBI Online Crime Report Indicates Few Victims Report Ransomware Attacks to FBI: Ransomware may have been the most prevalent internet threat of 2016, and WannaCry certainly made it a mainstream conversation, but that doesn’t mean people are reporting incidents to law enforcement. Threatpost, June 23, 2017
FBI: Extortion, CEO Fraud Among Top Online Fraud Complaints in 2016: Online extortion, tech support scams and phishing attacks that spoof the boss were among the most costly cyber scams reported by consumers and businesses last year, according to new figures from the FBI’s Internet Crime Complaint Center (IC3). KrebsOnSecurity, June 23, 2017
Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware: A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently. ars technica, June 19, 2017
Cyber Espionage
WikiLeaks: How the CIA infects air-gapped networks: Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected. ars technica, June 22, 2017
Know Your Enemy
Threat Intelligence Identifies Social Engineering, Malicious Spam, and Malvertising as Major Threats: Good news: Exploits kits remain in decline, thanks in large part to concerted efforts to disrupt their efficacy. Unfortunately, criminals are focusing instead on social engineering attacks – including tech-support scams – and malicious spam campaigns as malware distribution mechanisms, as noted by Brad Duncan, a threat intelligence analyst for the Unit 42 security research group at Palo Alto Networks, in a Wednesday blog post. BankInfoSecurity, June 22, 2017
Explainer: How malware gets inside your apps: Malicious software on popular mobile platforms such as iOS and Android is at best a nuisance and at worst a security threat to individuals and businesses. GCN, June 22, 2017
Why So Many Top Hackers Hail from Russia: Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs. This post explores the first part of that assumption by examining a breadth of open-source data. KrebsOnSecurity, June 22, 2017
National Cyber Security
Former Obama intelligence official: Russian hack ‘the political equivalent of 9/11’: Former President Barack Obama’s top intelligence official at the Pentagon said Saturday that the Russian interference in the 2016 elections was “the political equivalent of 9/11.” Michael Vickers, who served as Obama’s undersecretary of defense, said in an interview with NBC News that there’s little evidence of a response from the Trump administration to protect the next election. The Hill, June 24, 2017
Homeland Security official: Russian government actors tried to hack election systems in 21 states: People connected to the Russian government tried to hack election-related computer systems in 21 states, a Department of Homeland Security official testified Wednesday. The Washington Post, June 21, 2017
Cyber Law
Appellate Court to Rule on FTC’s Case vs. LabMD: The long-running data security dispute between cancer testing laboratory LabMD and the Federal Trade Commission is now in the hands of a panel of three federal appellate court judges who heard oral arguments this week. They will make a ruling later this year in the case, which dates back to 2013. BankInfoSecurity, June 22, 2017
Critical Infrastructure
Senators Push Trump for Answers on Power Grid Malware Attack: In one of his first public statements on his priorities as president, Donald Trump promised to develop a “comprehensive plan to protect America’s vital infrastructure from cyberattacks.” That has not yet materialized. And as new evidence has emerged that a piece of sophisticated malware caused a blackout in the Ukrainian capital last December, one group of senators wants answers now about the threat of Russian grid-hacking. Wired, June 22, 2017
The post Cyber Security News of the Week, June 25, 2017 appeared first on Citadel Information Group.
from Citadel Information Group
via Citadel Information Group