Cyber Security News of the Week, August 13, 2017

Cyber Security News of the Week, August 13, 2017

Individuals at Risk

Cyber Update

Google Patches 10 Critical Bugs in August Android Security Bulletin: Google patched 10 critical remote code execution bugs in its August Android Security Bulletin issued Monday. ThreatPost, August 8, 2017

Mozilla Fixes 29 Vulnerabilities in Firefox, Makes Flash Click-To-Activate: Mozilla fixed three critical vulnerabilities when it released Firefox 55 on Tuesday, including bugs that could have triggered a crash of the browser and allowed for the execution of arbitrary code. ThreatPost, August 9, 2017

Critical Security Fixes from Adobe, Microsoft: Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. KrebsOnSecurity, August 8, 2017

Cyber Defense

Five Cybersecurity Tips for Your Summer Vacation: Whether you’re hitting the same old beach town or taking a cycling tour of Provence, follow these Top Five steps to stay cyber secure while soaking up the sun. ITSP Magazine

Information Security Management in the Organization

Information Security Management and Governance

Culture Change Metaphor: Teach everyone to avoid a hot stove and you have no-cost burn care: It’s ironic: when global threats are in the news every day, their ubiquity makes them easy to ignore.” Robert Braun, co-chair of the Cybersecurity and Privacy Law Group, Jeffer Mangels Butler & Mitchell and SecureTheVillage Leadership Council. Cyber Security Lawyer Forum, August 3, 2017

New analysis shows cyber-breach has large impact on stock price: When it comes to thinking about cyber-attacks, many of the folks running businesses are relying on a heavy combination of faith (“it won’t happen to us”), reliance on cyber-insurance (“any losses will be covered”), and the unfounded belief that the long-term consequences won’t be that bad (“if it does happen, we’ll be back in business in no time”). ITSP Magazine, August 7, 2017

Data Breach Cost Calculator – IBM Security & Ponemon Institute: Companies face the constant, rising threat of data breaches each year. However, the cost of a data breach differs for every organization. How much would it cost yours? IBM Security, 2017

Cyber Awareness

Social cybersecurity: Influence people, make friends and keep them safe: Jason Hong talks about Carnegie Mellon’s work in social cybersecurity, a new discipline that uses techniques from social psychology to improve our ability to be secure online. Tech Target, August 2017

Cyber Warning

IRS Warns Tax Preparers of Fake Software Update Scheme that Steals Passwords: Just in time for the seasonal upgrading of tax software, the IRS is warning of phishing emails that try to trick tax professionals into downloading software updates, but in fact steer victims into divulging login credentials. BankInfoSecuirty, August 9, 2017

Cyber Defense

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management: Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. Security Intelligence, August 9, 2017

Most of what we know about passwords is wrong, and how businesses should respond: Bill Burr, who wrote the guidelines for modern password standards, claims that he gave the wrong advice on how people should go about creating passwords. TechRepublic, August 9, 2017

10 bad habits cybersecurity professionals must break: Cybersecurity workers face many challenges on the job. Here are 10 bad habits they must avoid in order to be most effective. TechRepublic, August 10, 2017

Beware of Security by Press Release: The DirectDefense – Carbon Black Brouhaha: On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “security by press release.” KrebsOnSecurity, August 10, 2017

“White Hat” Hackers: Privileged Accounts Provide Fastest Access to Sensitive, Critical Data: Nearly 75 percent state traditional perimeter security firewalls and antivirus are now irrelevant or obsolete. DarkReading, August 9, 2017

Protecting Personal Information: A Practical Guide for Business – FTC: Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees. Federal Trade Commission

Cyber Law

Nationwide Insurance Breach Settlement Agreement: $5.5 million & stronger security management practices: Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals. BankInfoSecurity, August 9, 2017

Cyber Talent

Majority of MSPs struggle to find enough cybersecurity pros to hire: Two out of three managed service providers (MSPs) suffer from a shortage of qualified cybersecurity staff—leading to challenges keeping customers safe from ransomware attacks, according to a report from Kaspersky Lab, released Wednesday. TechRepublic, August 10, 2017

Five strategies to address the cybersecurity skills shortage: The ability to detect and respond to threats is greatly impeded by a lack of cybersecurity skills and staff. CSO, August 10, 2017

Cyber Security in Society

HBO Cyber Attack

Game of Thrones stars’ personal details leaked as HBO hackers demand ransom: Hackers of US television network HBO have released personal phone numbers of Game of Thrones actors, emails and scripts in the latest dump of data stolen from the company, and are demanding a multimillion-dollar ransom to prevent the release of whole TV shows and further emails. The Guardian, August 8, 2017

Watch the ransom video hackers sent to HBO (set to Game of Thrones music): HBO is at the center of a massive cyberattack putting 1.5 terabytes of valuable intellectual property and private information at risk. Mashable, August 9, 2017

HBO Hackers Leak Email From Network That Offers Them $250,000: The email dated July 27 indicates a negotiation between the network and the hackers. Hollywood Reporter, August 10, 2017

Know Your Enemy

Hackers & Pirate Websites Conspire In Malware Extortion Schemes: Hackers have become an inescapable part of the Hollywood narrative, on and off the screen. Deadline, August 8, 2017

Russia’s ‘Fancy Bear’ Hackers Used Leaked NSA Tool to Target Hotel Guests: Since as early as last fall, the Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks, according to a new report from security firm FireEye, which has closely tracked the group’s intrusions, including its breach of the Democratic National Committee ahead of last year’s election. Wired, August 11, 2017

Cyber Freedom

Voting Machine “White-Hat” Hackers Have 5 Tips to Save the Next Election: American Democracy depends on the sanctity of the vote. Wired, August 6, 2017

National Cyber Security

A Vulnerable Castle in Cyberspace … Embracing the ‘information warfare’ mindset: The topic of cybersecurity seems to affect just about everything these days. US News, August 11, 2017

Financial Cyber Security

Uptick in Malware Targets the Banking Community: A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. DarkReading, August 9, 2017

Cyber Medical

DHS Warning: Vulnerabilities Found in Some Siemens Medical Imaging Devices Open Door to Hackers: The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could enable hackers to “remotely execute arbitrary code.” BankInfoSecurity, August 8, 2017

Cyber Sunshine

Alleged sextortionist caught after FBI plants malware on video of victim: A Bakersfield, Calif. man who allegedly tried to extort pornographic video footage from underage victims was tracked down and apprehended after investigators secretly hid malware on a digital video file sent from the intended victim’s computer, according to a criminal complaint filed in Indiana. SC Media, August 10, 2017

Alleged vDOS Operators Arrested, Charged — Krebs on Security: Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges. KrebsOnSecurity, August 09, 2017

 SecureTheVillage Calendar

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: SecureTheVillage and Citadel President Stan Stahl will speak on High-Performance Information Security Management & Leadership Teams. August 17, 2017, 7:30 -10AM. Datastream, Glendale.

National Assn of Corporate Directors — Southern California Chapter: Join SecureTheVillage and Citadel President Stan Stahl, the National Cyber Forensics Training Alliance (NCFTA) CEO and former secret service agent Matt Lavigna, Apria Healthcare’s CISO Jerry Sto. Thomas and former SaaS CEO and PwC Partner, Bob Zukis. Learn about Southern California’s unique risks and local efforts to fight cybercrime. September 6, Noon Luncheon, California Club.

PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club

SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard


The post Cyber Security News of the Week, August 13, 2017 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group