Cybersecurity News of the Week, December 2, 2018

Cybersecurity News of the Week, December 2, 2018

Secure the Village

SecureTheVillage Awarded “Certificate of Recognition” by Los Angeles Mayor Eric Garcetti at Annual Cybersecure LA Conference: SecureTheVillage was presented with a “Certificate of Recognition” by Los Angeles Mayor Eric Garcetti for its leadership, effort, and contributions in making the City of Los Angeles safer from cyber-criminals. PRLog, November 27, 2018

Individuals at Risk

Cyber Privacy

Popular massage-booking app in UK leaks information on 309,000 customer profiles, including comments from their masseurs or masseuses on how creepy their customers are. The app’s database was left open on the Internet with no password: The app’s wide-open, no-password-required database was discovered by researcher Oliver Hough, who tipped off TechCrunch. NakedSecurity, November 28, 2018

Identity Theft

Another reminder to Freeze Your Credit as Marriott discloses massive 4-year data breach exposing personal and financial information on as many as 500 Million Guests: Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years. KrebsOnSecurity, November 30, 2018

North Carolina-based Atrium Health is notifying 2.65 million individuals of a data breach involving a cyberattack on databases hosted by a third-party billing vendor, AccuDoc. If details are confirmed by federal regulators, the incident would be the largest health data breach reported so far in 2018: In a statement issued Tuesday, Charlotte, N.C.-based Atrium Health – formerly called Carolinas HealthCare System – says certain databases containing billing information belonging to it and its managed locations may have been targeted in the attack on AccuDoc, which provides billing and other services for healthcare providers, including Atrium Health. BankInfoSecurity, November 29, 2018

Cyber Defense

A free decryption tool is available for Thanatos ransomware victims: ZDNet’s Danny Palmer explains the evolution of the world’s weirdest ransomware. ZDNet, November 29, 2018

How to Shop Online Like a Security Pro: ‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. KrebsOnSecurity, November 23, 2018

Cyber Warning

Maybe you were once advised to “look for the padlock” as a way of telling legit sites from phishing or malware traps. Unfortunately, this has never been more useless as half of all phishing sites now have the padlock: Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018. KrebsOnSecurity, November 26, 2018

Know Your Enemy

That Virus Alert on Your Computer? Scammers in India May Be Behind It: MUMBAI, India — You know the messages. They pop up on your computer screen with ominous warnings like, “Your computer has been infected with a virus. Call our toll-free number immediately for help.” The New York Times, November 28, 2018

Information Security Management in the Organization

Information Security Management and Governance

Highlights of NIST Cybersecurity Framework Version 1.1. Matthew Barrett of NIST Outlines New Components, Including Supply Chain Risk Management: The latest version of the NIST Cybersecurity Framework – Version 1.1 – includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology. BankInfoSecurity, November 29, 2018

GoDaddy Highlights Small Business Cybersecurity Challenges: Earlier this week, reports said two researchers from Bloomsberg University of Pennsylvania made their case for safe harbor rules and overall easing of regulatory penalties for small businesses hit by a cyberattack. Their argument, reports in the Wall Street Journal said, is that small businesses are held to the same standards as large corporates when they suffer a data breach — even if the small business is found to not be at fault. PYMNTS, November 28, 2018

Cyber risk measurement and the holistic cybersecurity approach: Comprehensive dashboards can accurately identify, size, and prioritize cyberthreats for treatment. Here is how to build them. Mckinsey & Company, November 2018

Cyber Risk Management

Cybersecurity and the risk function: Are your information technology, cybersecurity, and risk professionals working together as a championship team to neutralize cyberthreats and protect business value? Mckinsey & Company, November 2018

Cyber Warning

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings. #UpdateNow: Hackers can spoof messages, hijack screen controls and kick others out of meetings. ThreatPost, November 29, 2018

Cyber Talent

Cybersecurity Reskilling Academy created by White House for federal employees: The Trump administration is moving forward with plans to fill cybersecurity skills gaps in the government by launching a new program to provide hands-on training to current federal employees. FedScoop, November 30, 2018

What skills does a cybersecurity professional need?: Cyber crime is a threat to every organisation that operates internet-connected devices. It’s highly profitable, highly disruptive, and hard to police due to the transnational nature of cyberspace. PHYS.org, November 26, 2018

Cybersecurity in Society

Cyber Crime

Pro-Bernie group hacked in quarter-million-dollar email scam: The political nonprofit launched by Sen. Bernie Sanders in 2016 lost nearly a quarter-million dollars to an email scam that year, according to new tax documents obtained by POLITICO. Politico, November 28, 2018

Dell, Dunkin Donuts Reset Passwords After Incidents. The Impacts of Both Incidents Appear to Be Limited: Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents that appeared aimed at gaining access to customer accounts. BankInfoSecurity, November 30, 2018

Cyber Attack

Germany Detects New Cyber Attack by Russian Hacker Group, Media Reports: German security officials have detected a fresh cyber attack on the email accounts of German lawmakers, the military and several German embassies by the Russian hacker group Snake, Der Spiegel reported on Thursday. The Moscow Times, November 30, 2018

Moscow’s new cable car system infected with ransomware two days after launch: Cable car system is now back up and running after a two-day downtime. ZDNet, November 30, 2018

Cyber attack group targets UAE and Lebanese government officials. Experts warn of need for tighter security to deal with growing threat as suspects try to access police and telecoms regulator systems: Emirati government officials may have been compromised by a cyber-attack that would leave staff vulnerable to blackmail, analysts have said. The National, November 29, 2018

Cyber Defense

Inside Chronicle, Alphabet’s cybersecurity moonshot: Fifteen years ago, cybersecurity could be boiled down to a simple strategy: Secure the perimeter. Experts fought against malware and other nefarious code by implementing firewalls and other point-of-entry defenses. Since then, however, companies have moved their operations online and allowed employees to bring their own devices (BYOD) to work. The so-called perimeter has dissolved in the process, forcing security practitioners to prioritize tracking, understanding and ultimately making judgments about the information flowing both inside and outside of their company. engadget, November 30, 2018

MITRE Changes the Game in Security Product Testing. Nonprofit has published its first-ever evaluation of popular endpoint security tools – measured against its ATT&CK model: MITRE Changes the Game in Security Product Testing. Nonprofit has published its first-ever evaluation of popular endpoint security tools – measured against its ATT&CK model. DarkReading, November 29, 2018

National Cybersecurity

Small spyware contractor found selling iOS malware to several governments at very high prices, says Kaspersky Labs: Kaspersky Lab’s found evidence that a small spyware government contractor sells iOS malware, showing it may not be as rare as some people think. Motherboard, November 28, 2018

Cyber Fine

British, Dutch Regulators Fine Uber for 2016 Cyber Attack: British and Dutch regulators on Tuesday [Nov. 27] fined ride-hailing service Uber for failing to protect customers’ personal information during a 2016 cyber attack involving millions of users. InsuranceJournal, November 30, 2018

Cyber Regulation

Google’s “deceitful” location tracking is against the law, say 7 EU groups: The row over Google’s location tracking has spread to Europe. NakedSecurity, November 29, 2018

Cyber Enforcement

Two Iranians Charged in Atlanta Ransomware Attack. Prosecutors say pair attacked more than 200 victims including the cities of Atlanta and Newark, the Port of San Diego, and Presbyterian Medical Center in Los Angeles: A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations. They collected $6 million in ransoms and caused more than $30 million in losses to victims, prosecutors allege. BankInfoSecurity, November 28, 2018

Feds Charge Eight With Online Advertising Fraud. $36 Million in Digital Video Ad Fraud Tied to 3ve and Methbot Schemes: The U.S. Department of Justice on Tuesday announced that it has indicted eight individuals as part of a multiyear FBI investigation into gangs that allegedly perpetrated digital advertising fraud, in part, via botnets. BankInfoSecurity, November 28, 2018

SecureTheVillage Calendar

NCFTA Los Angeles Training. December 4 @ 8:00 am – December 6 @ 5:00 pm

Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, December 2, 2018 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group