Individuals at Risk
Cyber Privacy
Google wants to track you in real life – privacy group says, ‘No way!’: There’s a long-term marketing bugaboo that Google has plans to fix: how to convince its clients that their ad dollars are turning into sweet payola. NakedSecurity, August 4, 2017
Cyber Defense
Mozilla sets up private, encrypted file sharing service for large files: Mozilla has launched an online service for private sharing of encrypted files between two users. It’s called Send, and it’s meant to ensure users’ shared files do not remain online forever. HelpNetSecurity, August 4, 2017
Flash Player is Dead, Long Live Flash Player!: Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020. KrebsOnSecurity, August 2, 2017
Backup and Recovery – Securing the Human: If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidently delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way you can rebuild your digital life. In this newsletter, we explain what backups are, how to back up your data, and how to develop a simple strategy that’s right for you. SANS, August 2017
Cyber Warning
iOS users beware: You’re the biggest target for mobile phishing attacks: Phishing continues to be a problem, and attacks are moving away from the email inbox. A new report found that iOS is the biggest target, with most attacks coming from game apps. TechRepublic, August 4, 2017
How Cyber Criminals Are Targeting You Through Text Messages: Cyber criminals are increasingly targeting victims through a text message scam called “smishing” that can infect your smartphone and let thieves steal your personal information. NBC, July 20, 2017
Information Security Management in the Organization
Information Security Management and Governance
How to Budget Cybersecurity Spending At Your Firm: Businesses understand today that poor cybersecurity protocols are not just a security risk, but a financial and reputational risk which can cost firms greatly whether through a data breach or ransomware. As a result, global cybersecurity spending is set to reach new highs in 2017, with global spending on informational security to reach $90 billion in 2017 and $113 billion by 2020. AccountingWeb, August 4, 2017
Separation of duties and IT security: Muddied responsibilities create unwanted risk and conflicts of interest. New regulations such as GDPR now require that you pay more attention to roles and duties on your security team. CSO, August 3, 2017
Cyber Warning
Business Email Compromise: The Cybercrime Scheme That Attacks Email Accounts And Your Bank Accounts: Cybercrime is ever present, and there is one particular fraud we all should be aware of—particularly anyone who sends or receives bank wiring instructions or the funds themselves. The fraud involves the hacking or impersonating of email accounts, it might be called business email compromise (BEC) fraud, CEO fraud, or CFO fraud, and it demonstrates that criminal participants are infinitely adaptable in pursuit of profitable schemes. Cybercrime is not always a technical attack, but often about social engineering—tricking a person into performing an action—which means we need to stay informed, be alert, and exercise sound judgment. Huffington Post, August 3, 2017
Cyber Defense
Amazon reaches out to AWS customers with bad security before the crooks do: We’ve read plenty of stories recently about the accidental exposure of data stored in the cloud because of users’ poor configuration choices. NakedSecurity, August 4, 2017
New Survey. Same Old Story. Poor Network Security Hygiene & Inadequate User Awareness Makes it Easy for Hackers: The level of security of Wi-Fi networks and user awareness regarding information security has fallen significantly; a Positive Technologies security audit says mostly due to common vulnerabilities not needing much skill to implement. SC Magazine, August 4, 2017
Cyber Talent
What Women in Cybersecurity Really Think About Their Careers: New survey conducted by a female security pro of other female security pros dispels a few myths. DarkReading, August 4, 2017
Cyber Security in Society
Cyber Crime
Someone has emptied the ransom accounts from the WannaCry attack: For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone has moved it. CNN, August 3, 2017
Cyber Attack
Spoiler Alert: Hackers Are Gunning for Hollywood (Guest Column): The 2014 hack at Sony Pictures Entertainment was a watershed moment for the entertainment industry. This week, yet another targeted attack — this one against HBO — reminds us that cybercriminals continue to target Hollywood. Variety, August 4, 2017
HBO Hack: New Threat Promises Emails to Be Released Sunday: An email purported to be from the hacker or hackers behind the HBO breach is making a fresh wave of threats against the network. While the sender of the email, received by The Hollywood Reporter, appeared to use a pseudonym, the sender offered evidence of hacked materials to buttress the claim. Hollywood Reporter, August 3, 2017
HBO says full email system likely not compromised in data breach: HBO is the latest victim of a large-scale security breach, and the company is still investigating just how big it is. CNN, August 3, 2017
HBO Hack: Insiders Fear Leaked Emails as FBI Joins Investigation: The company is reeling from a sophisticated cyberattack that potentially compromised seven times the amount of data stolen in the Sony hack as the FBI investigates potential culprits. Hollywood Reporter, August 2, 2017
HBO hacked: Upcoming episodes, Game of Thrones data leaked online: HBO has joined the ranks of Hollywood entertainment companies to suffer a major cyber attack. Entertainment Weekly, July 31, 2017
Cyber Freedom
DEF CON Hackers Got Into Many Voting Machines and an E-Poll Book: How long will defenders of America’s electronic voting systems ignore the present danger hacking presents to U.S. elections? Alternet, August 2, 2017
“White Hat” Hackers easily break into voting machines at security conference: When the password for a voting machine is “abcde” and can’t be changed, the integrity of our democracy might be in trouble. CNet, July 30, 2017
National Cyber Security
States Take a Comprehensive Approach to Improving Cybersecurity: The National Governors Association has been focused on engaging states when it comes to cybersecurity, and now a multistate compact stands as another positive sign of progress. Governemnt Technology, August 3, 2017
White House officials tricked by email prankster: (CNN)A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited. CNN, August 1, 2017
Internet of Things
New Bill Seeks Basic IoT Security Standards: Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices. KrebsOnSecurity, August 1, 2017
Cyber Research
Arrest of WannaCry researcher sends chill through security community: The Wednesday arrest of cybersecurity researcher Marcus Hutchins is sending chills through the cyber community. The Hill, August 4, 2017
SecureTheVillage Calendar
Cyber Security Awareness Presented by Marcum LLP, DiamondIT, LBW Insurance & Citadel Information Group: Speakers Include: David Rice, COO of DiamondIT; Stan Stahl, President of Citadel Information Group / President of SecureTheVillage; Howard Miller, Senior Vice President of LBW Insurance. Event Date: August 10, 2017, 4 – 7 PM.
SecureTheVillage Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. Event Date: August 11, 2017, 7;30 – 10AM
SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. Event Date: August 17, 2017, 7:30 -10AM
The post Cyber Security News of the Week, August 6, 2017 appeared first on Citadel Information Group.
from Citadel Information Group
via Citadel Information Group