Cyber Security News of the Week, July 30, 2017

Cyber Security News of the Week, July 30, 2017

Individuals at Risk

Cyber Privacy

Crossing the U.S. Border? Here’s How to Securely Wipe Your Computer: Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time. Electronic Frontier Foundation, July 26, 2017

“Perverse” malware infecting hundreds of Macs remained undetected for years: A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade. ars technica, July 24, 2017

Cyber Update

Bug in top smartphones could lead to unstoppable malware, researcher says: A recently patched bug found in the chips used to provide wifi in iPhones, Samsung Galaxies and Google Nexus devices could be used to build malware which jumps unstoppably from device to device, according to Nitay Artenstein, the researcher who discovered the flaw. The Guardian, July 27, 2017

Cyber Defense

Going on holiday? Here are our tips for a security-minded trip: With August looming, we at Naked Security won’t be the only ones getting ready to head off on holiday, so with the beach in mind, we’ve come up with some tips to help you plan a safer summer holiday (and with apologies to our readers in the southern hemisphere winter!) Naked Security, July 28, 2017

How to guard against identity theft and bank fraud: Reports of data breaches involving credit card networks at stores and hotels seem to be increasing. So maybe it’s not surprising that consumers are worrying more about it happening to them, and what it might mean. Consumer Affairs, July 27, 2017

NIST Has Spoken – Death to Entropy, Love Live the Passphrase!: PMNIST has spoken, and I could not be more excited. For years the security community has inflicted one of the most painful behaviors to date, the dreaded, complex password. I’ve watched many times in horror as security researchers made fun of ordinary computer users for using simple passwords, often calling out hacked databases of passwords and bemoaning what is wrong with the world. In reality, these very same people should have taken the time to look in the mirror and see what they were inflicting on others. SANS, July 27, 2017

Information Security Management in the Organization

Information Security Management and Governance

CSO survey: 61% of boards still see security as IT issue rather than corporate governance issue: The past year has been tough for enterprise security teams. Attacks like Petya and NotPetya suggest that the impact scale is increasing dramatically. The recent leak of government-developed malware and hoarded vulnerabilities has given cybercriminals greater capabilities. IT is struggling to keep pace with the flow of important security software patches and updates, and the continued adoption of new technologies like the internet of things (IoT) creates new vulnerabilities to contend with. CSO, July 28. 2017

Cyber Defense

How the DHS responds to cyberthreats, and what businesses can learn: Any organization can fall victim to cybercrime. Learn how the DHS deals with threats and how to apply their response plan to your business. TechRepublic, July 27, 2017

Facebook’s Stamos preaches defensive security research in Black Hat keynote: LAS VEGAS — Black Hat 2017 marks the 20th anniversary of the conference and during the show’s opening keynote, Facebook CSO Alex Stamos urged the community to take advantage of the voice it had and focus on bigger problems than just those that make good presentations and to expand that focus beyond traditional defensive security efforts. SearchSecurity, July 26, 2017

Cyber Career

How to Build a Path Toward Diversity in Information Security: Hiring women and minorities only addresses half the issue for the IT security industry — the next step is retaining these workers. DarkReading, July 27, 2017

Cyber Security in Society

Cyber Crime

Google Study Quantifies Ransomware Profits: LAS VEGAS—Over the past two years, 35 unique ransomware strains earned cybercriminals $25 million, with Locky and its many variants being the most profitable. ThreatPost, July 27, 2017

Cyber Defense

State Attorneys General Appear in Anti-Piracy PSA Campaign: WASHINGTON, D.C. — A group of 15 state attorneys general have launched a public service campaign to warn consumers about the risk of malware from visiting piracy sites. Variety, July 25, 2017

Cyber Espionage

Iranian hackers used female ‘honey pot’ on social media to lure targets, finds new research: Hackers believed to be working for the Iranian government have impersonated a young female photographer on social media for more than a year, luring men working in industries strategically important to Tehran’s regional adversaries, according to new research. The Independent, July 28, 2017

Know Your Enemy

North Korea hackers ‘want cash not secrets’: North Korean hackers are increasingly trying to steal cash rather than secrets, a South Korean government-backed report suggests. BBC, July 28, 2017

The rise and rise of Cybercrime as a Service: When cybercriminals wanted to launch cyberattacks, they once had to know how to code. No longer. Bad actors can now search among any number of underground online sites to buy or lease potent cyberweapons. CSO, July 27, 2017

The Lazy Habits of Phishing Attackers: Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy. DarkReading, July 27, 2017

It’s a myth that most cyber-criminals are ‘sophisticated’: News reports and pop culture continually paint cyber-criminals as cunning and devious hackers, with almost magical computer skills. Is that actually true? BBC, July 26, 2017

Cyber Freedom

“White Hat” Hackers Scour Voting Machines for Election Bugs: LAS VEGAS — Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The New York Times, July 28, 2017

U.S. elections are an easier target for Russian hackers than once thought: When Chris Grayson pointed his Web browser in the direction of Georgia’s elections system earlier this year, what he found there shocked him. The LA Times, July 28, 2017

Over 100 cybersecurity and voting experts advise Congress on securing U.S. elections : More than 100 cybersecurity and voting experts are urging the government to make the U.S. voting system more secure. CNN, June 21, 2017

Cyber Government

IRS fails to resolve dozens of information security deficiencies, GAO says: The IRS’s ability to protect sensitive financial and taxpayer data is limited by its failure to resolve numerous information security deficiencies identified by the Government Accountability Office (GAO). The Hill, July 27, 2017

Financial Cyber Security

Hackers are making their online bank-fraud malware more powerful by copying WannaCry and Petya ransomware tricks: Hackers responsible for one of the most common forms of banking Trojans have learned lessons from the global WannaCry ransomware outbreak and the Petya cyberattack, and have equipped their malware with a worm propagation module to help it spread more efficiently. ZDNet, July 28, 2017


HIPAA “Wall of Shame” Gets Update from OCR: Yesterday, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced the launch of a newly revised HIPAA Breach Reporting Tool. The tool, commonly referred to as the “Wall of Shame,” is a publically available listing of reported breaches of unsecured protected health information (“PHI”) affecting 500 or more individuals. National Law Review, July 27, 2017

Critical Infrastructure

Should you stay awake at night worrying about hackers on the grid?: Analysis The energy sector across multiple Western countries is under intensified assault by hackers. Security experts warn that industrial systems are wide open to potential exploit once hackers secure a foothold, the most difficult part of the hacking process, using targeted phishing or similar tactics. The Register, July 28, 2017

Researchers Release Free Tool to Analyze ICS Malware: CrashOverride/Industroyer malware used against Ukraine’s power grid the inspiration for the reverse-engineering tool. DarkReading, July 27, 2017

Internet of Things

Will Blockchain Improve Internet of Things (IoT) Security?: Because the Internet of Things (IoT) is creating its own ecosystem, the biggest challenge for the industry is how companies secure and manage the exponential growth of decentralized endpoint devices. Unfortunately, most security experts only know how to defend against attacks from a centralized perspective. Most Chief Information Security Officers (CISO) only understand centralized networks and depend on choke points or linear cyber kill chains that focus on traditional perimeter and inbound security protocols to defend against malware, viruses and other attacks that inevitably overwhelm networks and damage servers, devices and workstations. One of the potential solutions available to improve the distributed nature of IoT security is blockchain. Forbes, July 28, 2017

Cyber Warning

Researchers at Black Hat show how hackers ‘could make car wash attack’: Researchers say they have found a way to hack an internet-enabled carwash and make it “attack” users. BBC, July 28, 2017

Cyber Enforcement

Feds Indict Russian Over BTC-e Bitcoin Exchange: Police in Greece on Tuesday arrested Alexander Vinnik, 38, for allegedly running a massive money laundering operation that processed $4 billion in bitcoins, many of which may be tied to the largest bitcoin exchange heist in history. BankInfoSecurity, July 27, 2017


The post Cyber Security News of the Week, July 30, 2017 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group