Cybersecurity News of the Week, January 27, 2019

Cybersecurity News of the Week, January 27, 2019


Individuals at Risk

Data Privacy Day

Get involved in Data Privacy Day, Jan 26!! An international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust: Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action. StaySafeOnline, Jan 26, 2019

Cyber Privacy

Watch a Hacker Access Nest Cameras and Demand People Subscribe to PewDiePie. Nest’s weak password requirements helped him pull off the hack: A hacker was able to speak through and watch people through their Nest home security cameras by cracking weak logins and gaining access to their Nest profiles. From there, he was able to see what the camera sees, speak through its speakers, and access any part of the user’s account. Motherboard, January 25, 2019

Your digital identity has three layers, and you can only protect one of them: Your online profile is less a reflection of you than a caricature. Whether you like it or not, commercial and public actors tend to trust the string of 1s and 0s that represent you more than the story you tell them. When filing a credit application at a bank or being recruited for a job, your social network, credit-card history, and postal address can be viewed as immutable facts more credible than your opinion. QZ, January 25, 2019

More than 24 million financial and banking documents – representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S. – found online after a server security lapse: Remember that massive data leak of mortgage and loan data we reported on Wednesday? TechCrunch, January 24, 2019

Cyber Warning

Razy Malware Attacks Browser Extensions to Steal Cryptocurrency: The malware targets victims in multiple, sneaky ways as they move around the web. ThreatPost, January 25, 2019

This malware uses debt to prey on banking victims: Redaman uses screen capture and keylogging to grab the credentials required to break into online bank accounts. ZDNet, January 25, 2019

Beware of Exit Map Spam Pushing GandCrab v5.1 Ransomware: A new malspam campaign pretending to be the current emergency exit map for the recipient’s building is being used to install the GandCrab Ransomware. These spam emails contain malicious Word documents that download and install the infection from a remote computer. BleepingComputer, January 24, 2019

Malware in Ad-Based Images Targets Mac Users: Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted. ThreatPost, January 23, 2019

Information Security Management in the Organization

Cyber Leadership

The Success of Your Business Depends on Digital Trust. Here Is How to Measure It: Most people can name a recent example of online data being compromised, and consumers have become more concerned about how organizations protect their data. Whether the data in question is a physical location, credit card numbers or buying preferences, modern, tech-savvy consumers are thinking long and hard about digital trust risks and the privacy of their data. SecurityIntelligence, January 16, 2019

Information Security Management and Governance

Q&A with Women Leaders in Cybersecurity and Privacy: In 2017, Atlanta attorney Bess Hinson founded the Atlanta Women in Cybersecurity Roundtable, an invitation-only initiative to provide community and resources to advance women in cybersecurity in Atlanta. Here, we speak with some of those women leaders about their biggest security and privacy challenges and why women are pursing legal and other roles in the cybersecurity and privacy field., January 25, 2019

Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms. Many organizations find that getting their data privacy house in order is paying off: It’s been less than a year since the General Data Protection Regulation (GDPR) officially took effect, but a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year. DarkReading, January 24, 2019

5 Tips for Updating a Cybersecurity Incident Response Plan: In a crisis, a good plan is a roadmap forward, but too many organizations let theirs gather dust. BizTech, January 22, 2019

Why CISOs and Boards Should Work Together to Improve Cybersecurity Disclosure: Just how well are organizations informing stakeholders about cyber risks? As 2018 drew to a close, that was the question that EY sought to answer in its “Cybersecurity Disclosure Benchmarking” report. EY looked at how Fortune 100 organizations are sharing information related to cybersecurity in their proxy statements and 10-K filings, specifically analyzing these documents for the following: SecurityIntelligence, January 21, 2019

EY Report – Cybersecurity disclosure benchmarking: As cybersecurity threats evolve and risks become more complex and widespread, focus on corporate disclosures in public filings on the subject likely will intensify. EY, 2019

Cybersecurity maturity model lays out four readiness levels: To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company’s ability to effectively detect, understand and contain breaches. TechTarget, January 2019

Cyber Defense

New Phobos ransomware exploits weak security to hit targets around the world: Ransomware strain has many similarities with one of the most damaging ransomware families. ZDNet, January 21, 2019

Secure The Human

Can you spot the phish? Take Google’s test: Google’s technology incubator Jigsaw has revealed a quiz that tests users’ abilities to identify phishing attacks. In asking you to distinguish legitimate emails from phishing scams, the test reveals some of the most common scenarios that fraudsters use with a view to stealing your finances, data or identity. It comes complete with to-the-point explanations as to why this or that message is, or is not, a phishing attack. WeLiveSecurity, January 24, 2019

Cyber Leak

BlackRock’s data leak mostly strikes LPL advisers: Data on about 20,000 financial advisers was posted inadvertently, including 12,000 at LPL Financial. InvestmentNews, January 22, 2019

Cyber Insurance

The smart home market is the new frontier of cybercrime: Revenue in the smart home market is expected to reach $27.24 billion in 2019, according to global analytics firm Statista. Furthermore, Statista projects the global smart home market to show a compound annual growth rate of 13.2% between 2019 and 2023, reaching a market value of $44.8 billion by 2023. Insurance Business Magazine, January 22, 2019

Cyber Talent

Everybody hates cybersecurity professionals: What’s the worst job you’ve ever had? I’ll start. When I was 20, I spent six long months working as a Sharepoint developer for a massive UK-wide charity. Our team was small and horrendously overstretched, and I often helped out with helpdesk calls, where I’d inevitably spend much of my time explaining our stringent password requirements to disgruntled non-technical staff. The Next Web, January 25, 2019

Girl Scouts Can Now Earn Cool Cybersecurity Skills Badges: Girls Scouts are known for their patch-adorned vests. Now, they’ll be able to earn cybersecurity skills badges, thanks to Hewlett Packard Enterprise (HPE)., January 24, 2019

Here’s how we can tackle the growing cybersecurity skills gap: More organizations than ever are conducting business online. An expanding digital footprint and increasingly sophisticated cyber attacks have created a growing urgency to secure that data and the resources organizations are deploying. WE Forum, January 23, 2019

The 10 Most Valuable Cybersecurity Certifications To Get In 2019: Certifications focused on security strategy and risk management continue to top the pay scale, but network security and hacking investigation certifications are becoming more profitable. CRN, January 4, 2019

Cybersecurity in Society

National Cybersecurity

Huge Trove of Leaked Russian Documents Is Published by Transparency Advocates: A group of transparency advocates on Friday posted a mammoth collection of hacked and leaked documents from inside Russia, a release widely viewed as a sort of symbolic counterstrike against Russia’s dissemination of hacked emails to influence the American presidential election in 2016. The New York Times, January 25, 2019

Microsoft President Brad Smith urges Trump administration to stand with democracies in cyberspace. Says at Davos that 2019 is the year for democracies to band together in cyberspace: Smith called on the administration during a panel discussion at the World Economic Forum in Davos to endorse the “Paris Call,” a statement of principles outlining acceptable behavior in cyberspace that’s been signed by more than 60 governments and more than 100 other organizations. The United States is notably absent. The Washington Post, January 25, 2019

Analysis | The Cybersecurity 202: FBI cyber investigations hit hard by shutdown: The partial government shutdown is hampering the FBI’s ability to investigate and prosecute cyber criminals and to combat digital national security threats, current and former agents said Tuesday. The Washington Post, January 23, 2019

How the U.S. Govt. Shutdown Harms Security: The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come. KrebsOnSecurity, January 23, 2019

Cyber Crime

Cybersecurity Barometer: Cybercrime’s impact on privacy and security. New study by ESET shows the majority of Americans fear the misuse of their personal data supplied to websites, and view cybercrime as a threat to their country: Seventy percent of Americans surveyed by ESET are worried about the misuse of personal data supplied to websites when banking or shopping online, and an overwhelming majority of Americans now see cybercrime as a threat to their country, one that is getting worse. These are some of the key findings of the ESET Cybersecurity Barometer, a survey that polled 3,500 adults in North America (2,500 in the US and 1,000 in Canada). WeLiveSecurity, January 24, 2019

2019’s First Data Breach: It Took Less than 24 Hours: The first data breach of 2019 was reported less than 24 hours into the New Year. CBR, January 2, 2019

Cyber Defense

Security researchers take down 100,000 malware sites over the last ten months. The vast majority of malware links hosted payloads for the Emotet and Gozi trojans, and the GandCrab ransomware: Over the last ten months, security researchers filed abuse reports with web hosting providers and have taken down nearly 100,000 URLs that were used to distribute malware, said today, a non-profit cybersecurity organization. ZDNet, January 22, 2019

Cyber Law

When Is a Hacker a Whistle-Blower? In Football Leaks Case, a Hungarian Judge Will Decide: Over the past four years, some of the most damning secrets of the professional soccer industry have been exposed by a deluge of leaks that have shined an unflattering light on some of the sport’s most popular clubs, players and coaches. The New York Times, January 23, 2019

Cyber Lawsuit

Former Yahoo officers & directors agree to pay $29 million to settle shareholder lawsuit that they breached their fiduciary duties in their handling of customer data during a series of cyberattacks from 2013 until 2016: Shareholders haven’t been successful in holding companies accountable for data breaches. That changed in the first month of 2019. The New York Times, January 23, 2019

Cyber Regulation

European Data Protection Authorities (DPAs) received 95K complaints re personal data mishandling & companies reported record number of 42K data breaches since General Data Protection Regulation (GDPR) took effect in May 2018: A European Commission Statement says that Data Protection Authorities (DPAs) across Europe received 95,180 complaints regarding the mishandling of personal data and companies reported a record number of 41,502 data breaches since the General Data Protection Regulation (GDPR) was enacted on 25 May 2018. BleepingComputer, January 25, 2019

Cyber Enforcement

Three Charged for Working With Serial Swatter: The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost a Kansas man his life. KrebsOnSecurity, January 25, 2019


Over 4 percent of all Monero was mined by malware botnets. Academics say malware authors might have cashed out at least $57 million worth of Monero over the course of the last four years: An estimated 4.32 percent of all the Monero cryptocurrency currently in circulation has been mined by botnets and cyber-criminal operations, according to a study published earlier this month by academics in Spain and the UK. ZDNet, January 21, 2019

Cyber Miscellany

It’s Now Clear None of the Supposed Benefits of Killing Net Neutrality Are Real: Network investment is down, layoffs abound, and networks are falling apart. This isn’t the glorious future Ajit Pai promised. Motherboard, January 24, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage February Webinar
February 7 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – February 2019
February 8 @ 8:00 am – 10:00 am

Join SecureTheVillage at Daily Journal’s Cybersecurity/Privacy Forum 2019
February 26 @ 8:00 am5:00 pm

Webinar: SecureTheVillage March Webinar
March 7 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, January 27, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group