Cybersecurity News of the Week, December 16, 2018

Cybersecurity News of the Week, December 16, 2018

Individuals at Risk

Cyber Privacy

Facebook’s privacy controls have broken down yet again as bug may have exposed photos from 7M users: NEW YORK — Facebook’s privacy controls have broken down yet again, this time through a software flaw affecting nearly 7 million users who had photos exposed to a much wider audience than intended. The New York Times, December 14, 2018

How to Stop Apps From Tracking Your Location: Hundreds of apps can follow your movements and share the details with advertisers, retailers and even hedge funds. Here’s how to limit the snooping. The New York Times, December 10, 2018

Cyber Danger

Watch Android Malware Automatically Steal 1,000 Euros From a PayPal Account in Seconds: A new banking malware for Android phones allows criminals to take over control of PayPal and steal money. MotherBoard, December 11, 2018

Cyber Update

Patch Tuesday, December 2018 Edition: Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild. KrebsOnSecurity, December 11, 2018

Cyber Defense

Who Are You, Really? A Peek at the Future of Identity: Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come. DarkReading, December 14, 2018

Cyber Warning

Fake package-tracking email may have a nasty malware surprise: ‘Tis the season for online shopping, which means more people than usual are expecting packages in the mail leading up to Christmas. AJC, December 12, 2018

Information Security Management in the Organization

Cyber Leadership

‘Culture of cybersecurity complacency’ blamed for 2017 Equifax hack: A new congressional report blamed the 2017 breach at Equifax that compromised information on 148 million Americans on a “culture of cybersecurity complacency” at the credit reporting company. FCW, December 10, 2018

Information Security Management and Governance

How The Russian Hacking Scandal Could Illuminate Companies’ Cybersecurity Problems: Whether or not you were happy with the 2016 U.S. election, I think all sides can agree on this: Quite unintentionally, the election has focused this country’s attention on the dangers of computer crime and manipulation. Forbes December 13, 2018

Education Gets an ‘F’ for Cybersecurity. The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports: A new report evaluating cybersecurity for 17 US industries puts the education sector in last place, sparking concern as businesses in the space collect and store more students’ data. DarkReading, December 13, 2018

88% of organizations aren’t correctly managing access to data stored in files, according to a SailPoint report: Businesses have large identity-related gaps in their security programs, according to SailPoint’s 2018 Identity report released on Wednesday. More than half (54%) of organizations reported having an official identity program in place, but are not supporting the program with correct policies and procedures, the report found. TechRepublic, December 12, 2018

Scanning for Flaws, Scoring for Security: Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late. KrebsOnSecurity, December 12, 2018

A Layered Approach to Cybersecurity: People, Processes, and Technology: Cybercrime is an ever-present threat facing organizations of all sizes. In order to safeguard themselves against a successful data breach, IT teams must stay a step ahead of cybercriminals by defending against a barrage of increasingly-sophisticated attacks at high volumes. In Q3 of 2018 alone, FortiGuard Labs detected 1,114 exploits per firm, each representing an opportunity for a cybercriminal to infiltrate a network and exfiltrate or compromise valuable data. CSO, December 10, 2018

Cyber Threat

Crypto Illegal Mining Beating Ransomware as Top Cyber Threat: Hijacking computers to illegally mine cryptocurrencies has overtaken ransomware as the biggest cyber threat in the Middle East, Turkey and Africa, according to Kaspersky Lab. Bloomberg, December 14, 2018

Cyber Defense

The biggest phishing attacks of 2018 and how companies can prevent it in 2019. Organizations can protect themselves with the three tips below: Phishing attacks remained a rampant problem in 2018, and 2019 is already shaping up to offer more of the same. TechRepublic, December 13, 2018

Secure The Human

How one hacked laptop led to an entire network being compromised. One worker clicking on the wrong link at the wrong time resulted in a major security breach: A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organisation’s entire infrastructure. ZDNet, December 14, 2018

Cyber Talent

The 8 most in-demand cybersecurity skills for 2019: The key reason why companies are unable to locate good cybersecurity professionals is the dearth of expertise in this field. If you want to take advantage of this untapped job opportunity, you need to work on building the right skill sets. The problem is, technology is constantly evolving and cybersecurity professionals must stay updated on recent developments at all times to stay a few steps ahead of modern malicious entities. Still, considering the high demand and payout, it might be worth your while to develop the following cybersecurity skills and personal traits: TechGenix, December 14, 2018

How to fight the cybersecurity talent shortage: The global boom in online commerce has led to a cottage industry: billions of dollars in digital crime. In the past two decades, amateur hackers have grown into cyber criminals and stolen numerous passwords and money from consumers and businesses. Verizon, December 12, 2018

Cybersecurity in Society

National Cybersecurity

AI, cybersecurity, and the future of geopolitics. Brookings Institute Podcast: Artificial intelligence is now in every domain of our lives, from commerce to politics, medicine to entertainment, and global trade to geopolitics. In this episode, expert John Villasenor discusses the important intersection of AI, cybersecurity, and geopolitics. Villasenor is a nonresident senior fellow in the Center for Technology Innovation at Brookings and a professor of electrical engineering, public policy, and management, and also a visiting professor of law, at the University of California, Los Angeles. Brooking Institute, December 14, 2018

U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups: Among its customers are the Taliban, al-Shabab and Hamas. Huffington POst, December 14, 2018

Audit finds cyber vulnerabilities in U.S. missile defense system: The Army, Navy and Missile Defense Agency are failing to take basic cybersecurity steps to ensure that information on America’s ballistic missile defense system won’t fall into nefarious hands, according to a Defense Department Inspector General audit released Friday. NavyTimes, December 13, 2018

Trade group pushes voluntary cybersecurity standards for defense contractors: As the U.S. military tries to ensure its military assets are as secure as possible against cyberattack, the U.S. defense industry is gathering behind a new set of standards to spot cybersecurity laggards within its own supply chain. The Washington Post, December 13, 2018

Iran hackers seen targeting U.S. nuclear workers, defense firms and Treasury officials: LONDON (AP) — As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations. AP, December 13, 2018

Global hacking campaign targets critical infrastructure: The sophisticated campaign has targeted dozens of companies, most of which are based in the US. December 12, 2018

Cyber Freedom

FEC votes to allow lawmakers to use campaign funds for personal cybersecurity: The Federal Election Commission (FEC) on Thursday voted to allow lawmakers to use leftover campaign funds to guard their personal devices and email accounts from cyber threats. TheHill, December 13, 2018

The Cybersecurity 202: House Democrats plan to push hard on election security next Congress: House Democrats are planning a blitz of efforts to improve election security when they take control of the lower chamber next year. The Washington Post, December 14, 2018

The biggest risk to markets going into the new year is the threat of a cybersecurity attack, according to a new survey of risk managers and nonrisk professionals by the Depository Trust and Clearing Corp: The No. 1 risk to markets in 2019? It will surprise you. CNBC, December 11, 2018

Cyber Scam

How Internet Savvy are Your Leaders?: Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of. But it wasn’t until the past week that it become clear how many organizations — including towns, cities and political campaigns — actually have fallen for this brazen scam. KrebsOnSecurity, December 10, 2018

Cyber Extortion

Spammed Bomb Threat Hoax Demands Bitcoin: A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. KrebsOnSecurity, December 13, 2018

Cyber Defense

Conquering Cyber Vulnerability: Is N.Y.’s Bold Cybersecurity Venture A Model For Preventing Attacks?: Recently, the New York City Economic Development Corporation announced a new $100 million venture, Cyber NYC, with the intent to turn the city into a global cybersecurity hub. Though the goal of this program is to foster innovation and economic development, is it enough to drive the fight against persistent cyber threats? Forbes, December 11, 2018

Internet of Things

Electric Vehicle Charging Stations Open to IoT Attacks: Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. ThreatPost, December 14, 2018

SecureTheVillage Calendar

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Webinar: Managing Cyber-Risk and Insurance. January 17, 2019 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, December 16, 2018 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group