Cybersecurity News of the Week, January 6, 2019

Cybersecurity News of the Week, January 6, 2019


Individuals at Risk

Cyber Privacy

Some Android apps share data with Facebook, regardless of whether you have an account or not: Some Android apps are sending data to Facebook, regardless of whether users have an account on the social network or not, new research warns. FOX, January 2, 2019

Privacy International hits out at unconsented Facebook tracking within apps: Popular apps like Kayak and Duolingo are firing off users’ Google ad IDs to Facebook the moment apps are launched. ZDNet, January 2, 2019

Facebook Data Scandals Stoke Criticism That a Privacy Watchdog Too Rarely Bites: Last spring, soon after Facebook acknowledged that the data of tens of millions of its users had improperly been obtained by the political consulting firm Cambridge Analytica, a top enforcement official at the Federal Trade Commission drafted a memo about the prospect of disciplining the social network. The New York Times, December 30, 2018

Turning Off Facebook Location Tracking Doesn’t Stop It From Tracking Your Location: Aleksandra Korolova has turned off Facebook’s access to her location in every way that she can. She has turned off location history in the Facebook app and told her iPhone that she “Never” wants the app to get her location. She doesn’t “check-in” to places and doesn’t list her current city on her profile. Gizmodo, December 18, 2018

Cyber Breach

‘Town of Salem’ game suffers data breach exposing 7.6 million user details. Game maker has yet to alert users outside a short forum post: A hacker has stolen the personal details of 7.6 million users of browser-based game the “Town of Salem,” BlankMediaGames (BMG) admitted yesterday in a blog post. ZDNet, January 3, 2019

Cyber Defense

5 ways to keep your money safe from hackers in 2019: If 2018 taught us anything, it was that it’s just a matter of time before hackers come across our personal information online. MarketWatch, January 3, 2019

Make sure your router is up-to-date and patched: Vulnerabilities in routers are an easy target for hackers – and attacks are becoming more destructive. Cyber criminals are only scratching the surface when it comes to exploiting vulnerabilities in routers to conduct hacking campaigns – and the worst is yet to come, with attackers set to use compromised devices for a wider variety of malicious activities. ZDNet, January 2, 2019

Cyber Warning

Password Manager Users Exposed After Privacy Snafu. Albine admits millions of Blur customers may have been affected after sensitive information left unprotected: Data on over two million users of a password manager tool has been publicly exposed in another cloud storage misconfiguration incident. InfoSecurity, January 3, 2019

Researchers claim serious vulnerabilities in hardware cryptocurrency wallets: Some of the most popular cryptocurrency hardware wallets were found to be vulnerable to firmware, side-channel, microcontroller and supply-chain attacks, although manufacturers are maintaining their products are secure. SC Media, January 2, 2019

Beware the Cyber-Den of Crypto-Thieves: When investors store unsecured cryptocurrency accounts on the internet, it’s like leaving the bank vault open. That’s what a Chicago-based tech specialist learned after he was fleeced of $55,000 in bitcoin and other cryptocurrencies in various fraud schemes that made digital coins vanish from his accounts. Real Clear Investigations, December 31, 2018

Information Security Management in the Organization

Information Security Management and Governance

Harness the NIST CSF to boost your security and compliance. The NIST Cybersecurity Framework (CSF) is a crowdsourced set of best practices to help you analyze your cyber risk posture and work towards improving it: The cybersecurity threat and the need to ensure compliance continue to loom large in the business world. Boards and management want to know the current status of their cybersecurity posture, but it can prove difficult to get straight answers. CSO, January 2, 2019

Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies: 2018 has been the year of privacy. News of Facebook’s exposure of tens of millions of user accounts to data firm Cambridge Analytica broke in March — a scandal that was only compounded by recent news that the tech giant shared even more private data through hidden agreements with other companies. Then in May, the European Union’s General Data Protection Regulation, the world’s most stringent privacy law, came into effect. By the end of the year, even Apple’s and Microsoft’s CEOs were calling for new national privacy standards in the United States. Harvard Business Review, January 3, 2019

Cyber Defense

Strong email security requires smart users and modern technology: Before the phish gets its way, it is essential to have email security down pat. Lee Sustar looks at how tech and face-to-face education improve your defenses. SC Media, December 28, 2018

Cyber Insurance

FTC publishes basic cyberinsurance guidance for small and medium-sized organizations: Cyberinsurance might be the only way to truly survive a full-blown cyberattack. Before small business owners shop for cyberinsurance, they should check out these guidelines from the FTC. TechRepublic, January 2, 2019

Cybersecurity in Society

Cyber Attack

Hacker Breaks Dublin Tram’s Website, Demands Ransom of One Bitcoin. Claims Tram company ignored security weaknesses he emailed them, threatens to publicize their security incompetence if they don’t pay up: Riders of Dublin’s tram system Luas will have to navigate their commute without the aid of the service’s website on Thursday. The site is down following a hack by someone who mostly appears to be worried about calling attention to security holes. Gizmodo, January 3, 2018

What is Ryuk, the malware believed to have hit the Los Angeles Times?:Malware comes in many forms. Bad links can lead to obnoxious adware that unleashes a plague of pop-ups. Nefarious attachments can hijack your processor for a bitcoin-mining botnet. LA Times, January 1, 2019

Cyberattack from outside the U.S. hits newspapers across the country, preventing distribution, source says: What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country. LA Times, December 29, 2018

Cyber Threat

Newsmaker Interview: Bruce Schneier on Physical Cyber Threats and His New Book “Click Here to Kill Everybody”: Bruce Schneier discusses the clash between critical infrastructure and cyber threats. ThreatPost, January 2, 2018

Cyber Freedom

Redefining Critical Infrastructure for the Age of Disinformation. In era of tighter privacy laws, it’s important to create an online environment that uses threat intelligence to defeat disinformation campaigns and bolster democracy: When we think of critical infrastructure in the cyber context, we tend to think about industrial control systems for power plants and water treatment facilities, or the electronic ballet box. But in today’s environment, when disinformation is a major threat vector to our national security, it’s important to expand these preconceptions. DarkReading, January 3, 2019

The Constitution of Knowledge: Long before Donald Trump began his political career, he explained his attitude toward truth with characteristic brazenness. In a 2004 television interview with Chris Matthews on MSNBC, he marveled at the Republicans’ successful attacks on the wartime heroism of Senator John Kerry, the Democrats’ presidential candidate. “[I]t’s almost coming out that [George W.] Bush is a war hero and Kerry isn’t,” Trump said, admiringly. “I think that could be the greatest spin I’ve ever seen.” Matthews then asked about Vice President Dick Cheney’s insinuations that Kerry’s election would lead to a devastating attack on the United States. “Well,” replied Trump, “it’s a terrible statement unless he gets away with it.” With that extraordinary declaration, Trump showed himself to be an attentive student of disinformation and its operative principle: Reality is what you can get away with. National Affairs, Fall 2018

National Cybersecurity

Did IoT cyberattacks cause NY power transformers to explode?: Officials blamed a power surge for the blackout on Dec. 28th that left LaGuardia airport in the dark for about 45 minutes, grounding flights. A look at the trend of power outages at American airports shows a disturbing pattern and possibly sinister cause. Network World, January 3, 2019

Cyber Government

Local Governments, Ransomware, And The Public Risk: Ransomware attacks against utilities and local governments are on the rise around the country. For example, just after Baltimore’s 9-1-1 emergency response system went offline in March, the city of Atlanta ground to a halt because of a ransomware attack in April. By October, the city of West Haven, Connecticut was struggling to regain access to 23 of its servers, while financial servers in the city of Muscatine, Iowa were also targeted by the malicious software. And in North Carolina, Onslow County’s water utility was crippled by ransomware, only two weeks after Hurricane Florence brought epic flooding to the region. ITSM, January 2, 2019

Cyber Congratulations

Happy 9th Birthday to our #1 cybersecurity newsletter, KrebsOnSecurity! Thanks Brian. We at Citadel Information Group and SecureTheVillage are grateful for all you do to keep us informed: Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of! KrebsOnSecurity, December 29, 2018

Cyber Humor

SecureTheVillage Calendar

Webinar: Managing Cyber-Risk and Insurance. January 17, 2019 @ 10:00 am – 11:00 am


The post Cybersecurity News of the Week, January 6, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group