Citadel – WhiteHat Webinar
Secure Application Development: The CISO’s Role: In this high-value webinar, Stan Stahl, President of Citadel Information Group, joins John Atkinson, VP, strategic alliances and channels at WhiteHat Security, to discuss the unique challenges of secure application development and how the CISO’s big-picture culture-crossing perspective can marry with the details provided by WhiteHat’s tools to develop secure applications faster, better and cheaper.
Individuals at Risk
Cyber Privacy
Massive WWE Leak Exposes 3 Million Wrestling Fans’ Addresses, Ethnicities And More: WWE fans take note: an IT error may have left your personal information open to anyone, including addresses, educational background, earnings and ethnicity. Forbes, July 6, 2017
Cyber Update
Google Patches Critical ‘Broadpwn’ Bug in July Android Security Update: Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. ThreatPost, July 6, 2017
Cyber Defense
What is two factor authentication and why should you use it?: Over the past few years you may have heard a number of companies, app makers and service providers announce that they’re launching two factor verification or two factor authentication, often abbreviated to 2FV. If you ever wondered what the heck it even is, or whether it’s worth using, we’ll attempt to answer your questions in this feature. Pocklet-Lint, July 7, 2017
Gaming Online Safely & Securely: Online gaming is a great way to have fun; however, it also comes with its own set of unique risks. In this newsletter, we cover what you and your family can do to protect yourselves when gaming online. SANS, July 2017
Cyber Warning
Why streaming Kodi boxes pose a serious malware threat: When new streaming devices, such as the Amazon Firestick and Apple TV, were first introduced, many were intrigued by the ease by which they could watch “over the top” content from the Internet, such as Netflix or Hulu, on their living room televisions. Help Net Security, July 7, 2017
SpyDealer Android malware steals data from Facebook, Skype, other apps: Malware targeting Android devices has been discovered exfiltrating data from over 40 apps including Facebook, WhatsApp, Skype and others. SC Magazine, July 7, 2017
Information Security Management in the Organization
Information Security Management and Governance
What CEOs Should Know About Cybersecurity: If you are a typical CEO, a discussion about cybersecurity probably makes you a bit tense. It’s a deeply technical topic, the risks are varied and difficult to quantify, and there are many vendors and experts continuously beating the drum that you are not doing enough or that your organization may be open to catastrophic attack. Forbes, July 3, 2017
Seriously?! Can You Not Do That? | Chapter 1 – Bad Habits and InfoSec Apathy: People generally don’t think about security. While some organizations have put together InfoSec training programs to raise awareness, if this instruction is only attended a single time so they can tick a box for compliance, then the employees will likely forget what they’ve learned when it matters most. Ultimately, it comes down to habit: employees do what they do because that’s how they’ve always done it. It’s what they need to do in order to get their job done, qualify for that bonus or raise or shave off a few minutes so they can make it to their kid’s soccer match. ITSP Magazine, July 2017
Cyber Defense
Decryption Key to Original Petya Ransomware Released: The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya/ExPetr outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted files. ThreatPost, July 7, 2017
Five crucial ways to help keep a system safe from harm: We’re living in an incredible age of technology, invention and innovation. It’s hard to imagine that just a short time ago we couldn’t order groceries for delivery from our phones, or ask into the air any question, to be answered immediately by a robot sitting on a countertop. “Okay, Google — what do I have to do today?” HelpNetSecurity, July 6, 2017
Cyber Insurance
Next cyber-attack could cost insurers $2.5 billion: Cybercrime insurers largely avoided costly claims from the recent attacks that hit businesses around the globe. The next global virus could change that. “It’s exceptionally likely that we will see an event over the next months that will seriously affect insurers,” Graeme Newman, chief innovation officer at CFC Underwriting, said in an interview. The Economic Times, July 8, 2017
Cyber Security in Society
Cyber Crime
B&B Theatres Hit in 2-Year Credit Card Breach: B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who said they suspected the cinema chain has been leaking customer credit card data to cyber thieves for the past two years. KrebsOnSecurity, July 7, 2017
Sabre Says Stolen Credentials Led to Breach: Travel industry giant Sabre said Wednesday an intruder using stolen account credentials for its widely used reservations software had access to payment card details and personal information over a seven-month period. But it declined to say how many people are affected. BankInfoSecurity, July 6, 2017
CopyCat Malware Infected 14M Android Devices, Stole $1.5M in 2016: A family of Android malware was so successful that at its peak, over the course of two months last year, it infected 14 million devices and rooted more than half of them, roughly eight million devices. ThreatPost, July 6, 2017
Cyber Attack
Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak: The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed. ars technica, July 5, 2017
Cyber Defense
These are the good ol’ days of cybersecurity: One thing is an absolute truism of cybersecurity: it is one of the fastest changing realms currently known to humanity, and one that we are unable to predict. Cybersecurity is like earthquakes. We know that one is coming sometime in the future, but we don’t know where or when it will hit, what magnitude it will be, or what kind of destruction it will bring. CSO, July 6, 2017
Know Your Enemy
Hacking the State of the ISIS Cyber Caliphate: Researchers say Islamic State’s United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise. DarkReading, July 6, 2017
Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?: In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things (IoT) devices like security cameras and Internet routers for use in large-scale cyberattacks. Investigators haven’t yet released the man’s name, but news reports suggest he may be better known by the hacker handle “Bestbuy.” This post will follow a trail of clues back to one likely real-life identity of Bestbuy. KrebsOnSecurity, July 5, 2017
National Cyber Security
Half of all countries aware but lacking national plan on cybersecurity, UN agency reports: 5 July 2017 – Only about half of all countries have a cybersecurity strategy or are in the process of developing one, the United Nations telecommunications agency today reported, urging more countries to consider national policies to protect against cybercrime. UN News Centre, July 5, 2017
Cybersecurity: The cold war online by Steven Aftergood. Book Review: The Internet is under attack, and not just by hackers, thieves and spies. As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitized landscape as a transnational commons. Cyberspace is becoming a war zone in a new era of ideological combat. Nature, July 5, 2017
Cyber Law
Is it Time to Can the CAN-SPAM Act?: Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful. KrebsOnSecurity, July 2, 2017
Financial Cyber Security
So You Think You Can Spot a Skimmer?: This week marks the 50th anniversary of the automated teller machine — better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think you’re good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge. KrebsOnSecurity, June 30, 2017
Critical Infrastructure
FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators: The Department of Homeland Security and FBI have issued a joint report providing details of malware attacks targeting employees of companies that operate nuclear power plants in the US, including the Wolf Creek Nuclear Operating Corporation, The New York Times reports. The attacks have been taking place since May, as detailed in the report issued by federal officials last week and sent out to industry. ars technica, July 6, 2017
60% of InfoSec Pros Say Cyber Attack on US Critical Infrastructure Likely in Next 2 Years: SAN FRANCISCO, July 6, 2017 /PRNewswire/ — A majority of the cybersecurity industry’s most experienced professionals believe that a major breach of U.S. critical infrastructure will occur in the next two years – and they don’t believe current U.S. defense and government agencies are prepared to respond. Cision, July 6, 2017
Cyber Sunshine
Man Who Operated Cybercrime Forums Gets 9 Years in Prison:ALEXANDRIA, Va. (AP) — A California man who prosecutors say exchanged hacking tools and stolen personal information on Russian-language cybercrime forums has been sentenced to nine years in prison. US News and World Report, Jully 7, 2017
The post Cyber Security News of the Week, July 9, 2017 appeared first on Citadel Information Group.
from Citadel Information Group
via Citadel Information Group