Cybersecurity News of the Week, December 30, 2018

Cybersecurity News of the Week, December 30, 2018


Individuals at Risk

Cyber Privacy

Data Breach Leaks 1,000 North Korean Defectors’ Details. South Korean Resettlement Agency Breach Traces to Malware-Laden Email: South Korean officials say that personal information for 1,000 North Korean defectors has been stolen via a malware attack. BankInfoSeurity, December 28, 2018

Identity Theft

Another reminder to freeze your credit. USA Today writes “Your data was probably stolen in cyberattack in 2018 – and you should care”: When it comes to data breaches, 2018 was neither the best of times nor the worst of times. It was more a sign of the times. USA Today, December 28, 2018

Cyber Danger

18 months later WannaCry still lies dormant on thousands of computers: It has been a year and a half since the initial WannaCry ransomware outbreak, and the malware still poses a threat to thousands of computers. Recent data shows that hundreds of thousands of computers are still infected with the malicious software even though it is currently dormant. TechSpot, December 28, 2018

Cyber Defense

How to Control a Chrome Extension’s Permissions: Google promised control of each Chrome extension’s permissions back in October, and that long-promised feature finally arrived near the end of December. Extensions no longer require “all your data on the websites you visit.” How-To Geek, December 28, 2018

Cyber Warning

Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage. The home surveillance cams have hard-coded credentials. This makes patching impossible: Another day, another internet of things (IoT) issue: A design flaw in the Guardzilla home video surveillance system has been discovered that allows users to watch other homeowners’ Guardzilla videos. ThreatPost, December 28, 2018

FTC Warns of Netflix Phishing Scam Making Rounds. The scam targets Netflix users and asks for payment information: The Federal Trade Commission (FTC) is warning of a new phishing scam reeling in Netflix customers and stealing their payment information. ThreatPost, December 27, 2018

Information Security Management in the Organization

Information Security Management and Governance

2018 threw some cybersecurity curve balls but it also looked a lot like 2017…only bigger: $3.2 billion was lost to phishing attacks… 2.3 billion account credentials were compromised… A ransomware attack on the Sacramento Bee exposed the records of 19.5 million California voters. The threat of millions of dollars in GDPR fines loomed large. If ever the story of cybersecurity in 2018 is spun as a fairy tale, it likely would be Jack and the Beanstalk. Fe Fi Fo Fum. Everything this year – threats, attacks themselves and consequences – consistently seemed bigger except, possibly, spending and the pool of qualified cybersecurity pros needed to fill a growing skilled worker gap. Oh yeah, and confidence. That most definitely was in short supply. SCMagazine, December 27, 2018

Cyber Defense

8 Security Operations Center Essentials: If you’re building a security operations center (SOC) or working to ensure that the security operations team you already have in place has all its bases covered, you must make certain that you’re properly protecting your digital assets — but knowing where to start and where to focus can be a challenge. ITSP, December 21, 2018

PCI SSC publishes new data security evaluation tool and other resources to assist SMBs better secure their digital payment systems: Cash-strapped small businesses get help from the PCI SSC’s data security evaluation tool and additional resources to better understand and secure their digital payment systems. TechRepublic, December 21, 2018

A Widespread Need To Modernize Security Operations: There is a widespread need for organizations to modernize their security operations. Why? Because all the common issues we see today in cybersecurity — too few people, too many security tools, too little insight into where attacks are likely to come from and how they will be carried out — can be alleviated by modernizing operations. ITSP, December 19, 2018

Secure The Human

8 phishing emails and why you’ll fall for them (or not). One CISO’s collection of phishing emails provides insight into how the practice is evolving. That allows for better identification and prevention of phishing: Security teams are constantly trying to stay one step ahead of phishing email scammers. What pitches are they using? Who are they targeting? What strings are they pulling to get people to click on malicious links? CSO, December 27, 2018

Cybersecurity in Society

Cyber Privacy

GDPR’s impact was too soft in 2018, but next year will be different: was on May 25, when the EU implemented its General Data Protection Regulation — the ominous GDPR. The ambitious legislation is the toughest privacy and security law in the world and was meant to guarantee users better control over their over their personal data. TheNextWeb, December 29, 2018

The Year of the GDPR: 2018’s Most Famous Privacy Regulation in Review: To the extent that 260-page regulations can ever be said to be “famous,” Europe’s General Data Protection Regulation (GDPR) certainly had its moment in limelight in 2018. When it came into force on May 25, it was heralded by a flurry of emails from tech companies, desperate to re-establish their absolutely bona-fide relationships with your email address before the regulations’ stricter rules around user consent came into force. EFF, December 28, 2018

We’re all Just Starting to Realize the Power of Personal Data: It’s no secret that companies like Facebook and Google scoop up personal information to serve users ads. But if anything became clear this year, it’s that consumers have a lot more to learn about what happens to their data online—how it’s gathered, who gets to look at it, and what it’s worth. Wired, December 28, 2018

Cyber Breach

2018: A Banner Year for Breaches: Where to start? In 2018 the mantra became “another day, another data breach.” As a result, consumers and researchers alike are feeling “breach fatigue” and getting a bit numb to the headline. But the reality is, cybercriminals are going after personal information, credit card info and passwords every single day. The sheer number of data exposures we saw this year – through hacks, misconfigurations and other human error – should be setting off alarm bells for everyone. Companies and individuals shouldn’t tune out, but should rather leap into the breach, as it were, with proactive security practices to safeguard the information they’re in charge of. ThreatPost, December 24, 2018

Cyber Defense

2018: The Year Machine Intelligence Arrived in Cybersecurity: Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year – setting the stage for growing intelligence in security automation for 2019. DarkReading, December 27, 2018

Machine Learning Will Transform How We Detect Software Vulnerabilities: No one doubts that artificial intelligence (AI) and machine learning will transform cybersecurity. We just don’t know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders — and the resultant arms race between the two — I want to talk about software vulnerabilities. Schneier on Security, December 18, 2018

Cyber Freedom

The Year Without the Open Internet Order: 2018 Year in Review: In the waning hours of 2017, the Federal Communications Commission voted to repeal the 2015 Open Internet Order, ending net neutrality protections for the millions of Americans who support them. The fallout of that decision continued all throughout 2018, with attempts to reverse the FCC in Congress, new state laws and governor executive orders written to secure state-level protections, court cases, and ever-increasing evidence that a world without the Open Internet Order is simply a worse one. EFF, December 23, 2018

National Cybersecurity

Someone is trying to take entire countries offline and cybersecurity experts say ‘it’s a matter of time because it’s really easy: Gatwick Airport is Britain’s second busiest by passenger volume, and Europe’s eighth. And yet it was brought to a standstill for two days by two people and a single drone. BusinessInsider, December 22, 2018

Cyber Enforcement

Hacked Mt. Gox Bitcoin Exchange Chief Maintains Innocence. Prosecutors in Japan Seek 10-Year Embezzlement Sentence for Mark Karpeles: Mark Karpeles, the head of the former Mt. Gox bitcoin exchange in Tokyo, has continued to maintain his innocence during the closing arguments in an embezzlement trial against him, Japanese broadcaster NHK reports. BankInfoSeurity, December 28, 2018

Fake News

Toxic Data: How ‘Deepfakes’ Threaten Cybersecurity. The joining of ‘deep learning’ and ‘fake news’ makes it possible to create audio and video of real people saying words they never spoke or things they never did.: “Fake news” is one of the most widely used phrases of our times. Never has there been such focus on the importance of being able to trust and validate the authenticity of shared information. But its lesser-understood counterpart, “deepfake,” poses a much more insidious threat to the cybersecurity landscape — far more dangerous than a simple hack or data breach. DarkReading, December 27, 2018

SecureTheVillage Calendar

Webinar: Managing Cyber-Risk and Insurance. January 17, 2019 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, December 30, 2018 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group