Cybersecurity News of the Week, December 23, 2018

Cybersecurity News of the Week, December 23, 2018

Happy Holidays from Citadel Information Group

Best Wishes for a Cybersecure 2019

Individuals at Risk

Cyber Privacy

5 Ways Facebook Shared Your Data. For years, Facebook gave many large technology companies special access to users’ information. Here’s how it worked: Facebook for years gave major tech companies, including Yahoo and Netflix, greater access to people’s data than it disclosed, a New York Times investigation found. The partnerships helped Facebook draw new users, ramp up its advertising revenue and embed itself on sites across the web. The New York Times, December 19 2018

How to Delete Facebook. Lost faith in Facebook after data leakages, breaches and too much noise? Here’s a guide to breaking up with the social network and its photo-sharing app for good: You may have decided enough is enough: It’s time to delete Facebook. The New York Times, December 19, 2018

Facebook’s Data Sharing and Privacy Rules: 5 Takeaways From Our Investigation: You are the product: That is the deal many Silicon Valley companies offer to consumers. The users get free search engines, social media accounts and smartphone apps, and the companies use the personal data they collect — your searches, “likes,” phone numbers and friends — to target and sell advertising. The New York Times, December 18, 2018

Identity Theft

4 Simple Steps to Help Protect Against Identity Theft. Taking a few proactive measures now can potentially save you from a lot of headaches later. [Spoiler Alert: Freezing Your Credit is #1]: Since the advent of the internet and the ability to do all of our shopping online, identity theft has become an ever-increasing problem. Kiplinger, December 20, 2018

Cyber Update

Microsoft Issues Emergency Fix for IE Zero Day: Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. KrebsOnSecurity, December 19, 2018

Cyber Defense

Reminder that different sites need different passwords as Fortnite hackers are making a fortune from reselling stolen accounts accessed from passwords harvested from other breaches: Teenage hackers have been making a fortune from selling stolen accounts for the popular online game Fortnite, it emerged this week. NakedSecurity, December 21, 2018

Reminder: No Defense is Foolproof. Amnesty International Reports Hackers Have Found a Way to Bypass Gmail Two-Factor Authentication: Two-factor authentification has been hailed as a significant move forward in providing online security, letting us log in with confidence to sites such as Gmail. Websites that once required an insecure password now need a complex password with a second form of authentication from a mobile device, or implement other two-factor systems. However, as with everything, two-factor authentication isn’t impervious to flaws, and a new report by Amnesty International details how hackers have been phishing two-factor codes. DigitalTrends, December 20, 2018

Information Security Management in the Organization

Cyber Leadership

A Chief Security Concern for Executive Teams: Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough. KrebsOnSecurity, December 18, 2018

Information Security Management and Governance

Maybe we have the cybersecurity we deserve. Companies have focused more on making the consumer recovery process from fraud and data breaches easier than on better security. Most people seem OK with that: Three-hundred and twenty-seven million Marriott user accounts compromised. 100 million at Quora. 148 million from Equifax. Those all pale in comparison to the 3 billion user accounts compromised from Yahoo in 2013. CSO, December 20, 2018

Top 10 cybersecurity trends for 2019: A leading and influential figure in the IT channel, Ian Kilpatrick now heads up the Nuvias Cyber Security Practice. He has overall responsibility for cyber security strategy, as well as being a Nuvias board member. Kilpatrick reveals his top ten cybersecurity predictions that he believes executives should watch out for in 2019….Gigabit, December 20, 2018

A Poster Child Reminder that Compliant Does Not Mean Security. Equifax was certified ISO 27001 compliant by its auditor EY’s CertifyPoint even with its weak network security management practices: Equifax Inc. used a consulting arm of its auditor to certify that its information-security risks were under control — a possible conflict for a company that missed the system vulnerability that gave cybercriminals access to the personal information of 143 million consumers. MarketWatch, December 20, 2018

Cyber Threat

Cryptocoin mining malware grew 4,000 percent in 2018: As the number of ransomware families continues to decline, malicious cryptocurrency miners have exploded over the past year. ZDNet, December 19, 2018

Cyber Defense

How to prevent wire-transfer fraud: Tips for SMBs: The information garnered by cybercriminals during a phishing attack is sometimes used to perpetrate costly fraudulent wire transfers. Learn how to prevent the initial phishing scams. TechRepublic, December 21, 2018

Cyber Update

Huawei Router Flaw Leaks Default Credential Status: It makes it simple for attackers to find devices to take over and add to botnets. ThreatPost, December 20, 2018

Secure The Human

MSU finds certain personality traits can make you more susceptible to cybercrime: New research from Michigan State University says those with certain personality traits are more likely to fall victim to cybercrime involving Trojans, viruses, and malware. WLNS, December 19, 2018

Cyber Talent

Patriot Strategies And SANS Institute Partner To Support Inaugural Federal Cybersecurity Reskilling Academy: Patriot Strategies LLC is pleased to announce their support in assessing, training and certifying federal employees for the Federal Cybersecurity Reskilling Academy (FCRA). This pilot is a partnership with Office of Management and Budget, the Department of Education, and the CIO Council. Patriot Strategies is also proud to welcome the SANS Institute, which will provide training support for this exciting initiative. PRNewswire, December 20, 2018

Cybersecurity in Society

National Cybersecurity

The Cybersecurity 202: International cooperation on China hacking could be signal for 2019: Want to know how the Trump administration will tackle hacking by foreign powers in 2019? The Justice Department gave a big hint Thursday when it coordinated with allies to condemn a Chinese government-backed hacking group that targeted a global collection of government agencies and companies. The New York Times, December 21, 2018

China hacked HPE, IBM and then attacked clients: Hackers working on behalf of China’s Ministry of State Security breached the networks of Hewlett Packard Enterprise Co and IBM, then used the access to hack into their clients’ computers, according to five sources familiar with the attacks. Reuters, December 20, 2018

U.S. Accuses Chinese Nationals of Infiltrating Corporate and Government Technology: WASHINGTON — The Trump administration ramped up its pressure campaign on Beijing on Thursday, as the Justice Department accused two Chinese nationals with ties to the country’s Ministry of State Security of infiltrating the biggest providers of internet services and boring into government computer systems, including a major Department of Energy laboratory. The New York Times, December 20, 2018

Chinese government hackers penetrated EU communications network, cybersecurity firm concludes. The breach allowed them to eavesdrop on diplomats, trade unions and think tanks: Chinese government hackers have been eavesdropping on diplomats, trade unions and think tanks in Europe, a cybersecurity firm revealed Wednesday, adding to the growing list of grievances the West has with Beijing over its digital espionage activities. Politico, December 19, 2018

Hacked European Cables Reveal a World of Anxiety About Trump, Russia and Iran: Hackers infiltrated the European Union’s diplomatic communications network for years, downloading thousands of cables that reveal concerns about an unpredictable Trump administration and struggles to deal with Russia and China and the risk that Iran would revive its nuclear program. The New York Times, December 18, 2018

Cyber Privacy

Facebook’s Ongoing Privacy Crises: What Happens Next After a Disastrous 2018?: Facebook investors, alarmed by the social giant’s latest privacy problems, pushed the stock down more than 7% on Dec. 19 — wiping out around $30 billion in market value. The stock was essentially flat on Thursday as the market assessed the fallout. Variety, December 20, 2018

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants. Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed: For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews. The New Yor Times, December 18, 2018

Know Your Enemy

Automated Cyber Attacks Are the Next Big Threat. Ever Hear of ‘Review Bombing’?: If you think hacks are bad now, just wait a few more years– because “the machines” are coming. Entrepreneru, December 21, 2018

Cyber Freedom

The Cybersecurity Stories We Were Jealous of in 2018: These are the best stories on hacking and information security that we wish we had reported and written ourselves. Motherboard, December 21, 2018

Cyber Attack

Shamoon data-wiping malware believed to be the work of Iranian hackers. Researchers say the Iranian hacker group APT33 is responsible for recent attacks in the Middle East and Europe: A spate of recent attacks involving the Shamoon data-wiper malware family has been attributed to the Iranian hacking group APT33. ZDNet, December 20, 2018

Cyber Law

Top cybersecurity legislation of 2019: 2018 may go down as the year the EU’s GDPR went into effect but legislators domestically kept busy introducing and passing legislation meant to bolster the U.S.’s cybersecurity and privacy postures. SC Media, December 21, 2018

Financial Cybersecurity

Finra updates cybersecurity best practices report. The report goes into greater depth and detail to help broker-dealers improve their security practices: Though brokers say cybersecurity is one of their top priorities, the Financial Industry Regulatory Authority Inc. says it still sees a lot of problematic practices at firms. Investment News, December 20, 2018

Cyber Enforcement

Feds Charge Three in Mass Seizure of Attack-for-hire Services: Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline. KrebsOnSecurity, December 20, 2018

SecureTheVillage Calendar

Webinar: Managing Cyber-Risk and Insurance. January 17, 2019 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, December 23, 2018 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group