Cybersecurity News of the Week, February 17, 2019

Individuals at Risk


Cyber Privacy

Facebook uses its apps to track users it thinks could threaten employees and offices: In early 2018, a Facebook user made a public threat on the social network against one of the company’s offices in Europe. CNBC, February 14, 2019

What Apple killing its Do Not Track feature means for online privacy: San Francisco (CNN Business)One of the internet’s biggest attempts to protect online privacy has hit a wall. CNN, February 14, 2019

Identity Theft

Hackers are stealing millions of medical records – and selling them on the dark web: As health care providers store patients’ medical records digitally, some have left their files vulnerable to being exposed – and even sold on the black market, or the internet’s dark web. One victim of medical identity theft showed us just how much damage that could do. CBS, February 14, 2019

Cyber Update

Patch Tuesday, February 2019 Edition: Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday. It also bundles fixes to quash threats relevant to end users, including critical updates for Adobe Flash Player and Microsoft Office, as well as a zero-day bug in Internet Explorer. KrebsOnSecurity, February 12, 2019

Cyber Defense

Beware of phony or misleading malware rescue web pages. A search on an unfamiliar executable file brings you to a malware rescue page that says it’s bad and you should download their software to remove. Here’s how to tell if it’s real: Scammers and adware purveyors have long used the helpful nature of the internet to get more victims. In a world where the top search engines try their best to filter out the chaff, scammers still do their best to encourage victims to install unneeded and sometimes malicious software. They often succeed by using scare tactics and misleading information. My recent experience is an example and can serve as a warning to others. CSO, February 14, 2019

What is a man-in-the-middle attack? How MitM attacks work and how to prevent them. Man-in-the-middle cyberattacks allow attackers to secretly intercept or alter communications. Detecting MitM attacks is difficult, but they are preventable: A man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data. CSO, February 13, 2019

Cybersecurity Study Takes Proactive Approach. CMU researchers use mobile users’ behavior to predict when exposure to malicious websites can occur: Meet Bob. Like many Americans, Bob likes watching sports on TV. Since the game he wants to watch isn’t being broadcast locally, Bob searches for a free online stream of the game. He finds one eventually, but only after clicking through several ad-heavy pages written in different languages. CMU, February 13, 2019

You Probably Need a Reality Check on Cybersecurity. A new survey reveals most people are confident about their ability to protect their online accounts, yet many fail to take basic security precautions: Think your online accounts are better protected than most people’s? You probably need a reality check. PC Mag, February 12, 2019

Cyber Warning

What’s behind this 1,000-character phishing URL?: Phishing sites are common, but this week the internet found a strange strain that’s a little rarer: a phishing site with a URL almost a thousand characters long. Experts have a good theory about why a scammer would go to all that trouble. NakedSecurity, February 14, 2019

Scammers Fall in Love with Valentine’s Day. nline dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks: US-CERT and Cupid don’t often keep company, but this Valentine’s Day is being marked by new threats to those seeking romance and new warnings from the federal cybersecurity group. DarkReading, February 13, 2019

Roses Are Red, Romance Scammers Make You Blue. Don’t Fall for Fraudsters or You’ll Be Poor and Brokenhearted Too: This Valentine’s Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. BankInfoSecurity, February 14, 2019

Information Security Management in the Organization

Cyber Humor

Cyber Risk Management

Aon releases 2019 cybersecurity risk report. Study highlights the need for collaboration across enterprises when dealing with cybersecurity issues: Aon has released its 2019 Cyber Security Risk Report, which details the greatest cybersecurity threats industries are facing today. Insurance Business America, February 14, 2019

Cyber Talent

Cybersecurity Mental Health Warning — 1 In 6 CISOs Now Medicate Or Use Alcohol: A new global study of cybersecurity professionals has revealed the true extent to which the stresses and pressures facing the average CISO impact upon both professional and personal life. It should come as no surprise that stress is part of the job description for the CISO, and every one of the 408 questioned for the Life Inside the Perimeter: Understanding the Modern CISO report, commissioned by Nominet, said they were indeed experiencing stress. However, that 17% said that they had turned to medication or alcohol to help deal with that stress should be a statistic that shocks us all. Forbes, February 15, 2019

Cybersecurity in Society

Cyber Privacy

The U.S. government and Facebook are negotiating a record, multibillion-dollar fine for the company’s privacy lapses: The Federal Trade Commission and Facebook are negotiating over a multi-billion dollar fine that would settle the agency’s investigation into the social media giant’s privacy practices, according to two people familiar with the probe. The Washington Post, February 14, 2019

Designing Welcome Mats to Invite User Privacy: The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data privacy. These methods are often called “Dark Patterns.” EFF, February 14, 2019

Cyber Crime

Japan’s Credit Card Fraud Debacle. Fraudsters Received 20 Percent Cash Back for Fraudulent Purchases: Do the stars sometimes perfectly align for credit card fraudsters? Late last year in Japan, that’s exactly what happened due to two events that opened a huge opportunity for abuse. BankInfoSecurity, February 13, 2019

Cyber Attack

Email Provider VFEmail Suffers ‘Catastrophic’ Hack: Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. KrebsOnSecurity, February 12, 2019

Cyber Defense

Lawmakers ask GAO to explore cybersecurity issues in defined contribution plans: The increase in retirement savings held in defined contribution plans, the ubiquity of online accounts and the large number of digital interactions between plans and service providers present “a tempting target” for criminals, two legislators wrote in a letter Tuesday to the Government Accountability Office. Pensions and Investments, February 13, 2019

Cyber Espionage

The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme: On Sept. 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyberattack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S. CNBC, February 13, 2019

Know Your Enemy

Collection of 127 Million Stolen Accounts Up for Sale on the Dark Web: A batch of 127 million records stolen from eight companies was put up for sale on the Dream Market marketplace by a seller who goes by the name of “gnosticplayers” and asking the equivalent of $14,500 in bitcoin for the entire collection. BleepingComputer, February 14, 2019

Cyber Freedom

U.S. cyber force credited with helping stop Russia from undermining midterms: Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections, with one suggesting it was largely due to U.S. Cyber Command that the Russians failed to affect the 2018 vote. The Washington Post, February 14, 2019

Cybersecurity Official: Paper Trails are Voting’s Top Issue. “If you can’t check back across the system what’s happening in the system, then you don’t really have security”: (TNS) — A top Trump administration cybersecurity official warned that voting machines must produce paper receipts to protect against hacking in the 2020 election, demonstrating wariness of a decadeslong trend toward electronic voting amid efforts by Russia and China to influence U.S. elections. GovernmentTechnology, February 14, 2019

The Cybersecurity 202: ‘We’re doubling down.’ DHS insists it’s not reducing election security efforts: The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections — not winding them down, the agency’s top cybersecurity official insists. The Washington Post, February 14, 2019

Cybersecurity for the Public Interest: The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there’s no way to provide this capability without also weakening the security of every user of those devices and communications systems. Schneier On Security, February, 2019

National Cybersecurity

Intelligence Report: Iran Presents “Increasingly Sophisticated” Cyber Threat to U.S., Allies: The Islamic Republic of Iran presents an “increasingly sophisticated” cyber espionage threat to the United States and its allies, according to the annual Worldwide Threat Assessment of the U.S. Intelligence Community. The Tower, February 14, 2019

US Air Force Veteran Charged in Iran Hacking Scheme. Monica Witt Allegedly Aided Spear-Phishing Attacks Against US Military: A former U.S. Air Force counterintelligence agent has been indicted together with four Iranians for coordinating spear-phishing campaigns that sought to compromise the computers of other U.S. intelligence agents. The charges were revealed by the U.S. Department of Justice on Wednesday. BankInfoSecurity, February 14, 2019

What the Pentagon’s new AI strategy means for cybersecurity: The new Pentagon artificial intelligence strategy serves as a roadmap for how the American military will embrace machine learning in future cyber operations, which could be a boon for companies who invest in the technology. Fifth Domain, February 14, 2019

Where cybersecurity legislation ‘goes to die’ in Congress: Wisconsin Republican Sen. Ron Johnson leads the committee with broad oversight over the nation’s most important cybersecurity issues, including protecting consumers and U.S. elections from hackers. Politico, February 11, 2019

Financial Cybersecurity

Cyber attack on Malta bank tried to transfer cash abroad: VALLETTA (Reuters) – Bank of Valletta which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its systems and shifted funds overseas. Reuters, February 13, 2019

Critical Infrastructure

Critical infrastructure security in a converged and interconnected world. The primary factors that have put our critical infrastructure at risk are directly linked to the convergence of disparate technologies: This article is in response to the release of the U.S. Government Accountability Office (GAO) study in December regarding significant weaknesses in pipeline security program management. SecurityInfoWatch, February 8, 2019

Cyber Enforcement

Bomb Threat Hoaxer Exposed by Hacked Gaming Site: Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked. KrebsOnSecurity, February 14, 2019


There’s No Good Reason to Trust Blockchain Technology. Would you rather trust a human legal system or the details of some computer code you don’t have the expertise to audit?: In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: “We have proposed a system for electronic transactions without relying on trust.” He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great promise, but it’s just not true. Yes, bitcoin eliminates certain trusted intermediaries that are inherent in other payment systems like credit cards. But you still have to trust bitcoin—and everything about it. Schneier on Security, February 9, 2019

Cyber Miscellany

FCC: Nearly half the calls you receive this year will be spam: (CNN)Nearly half the calls made to US cell phones in 2019 will be spam, according to a study by First Orion referenced in a Federal Communications Commission report Thursday. CNN, February 15, 2019

SecureTheVillage Calendar

Join SecureTheVillage at Daily Journal’s Cybersecurity/Privacy Forum 2019
February 26 @ 8:00 am5:00 pm

Webinar: SecureTheVillage March Webinar
March 7 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage April Webinar
April 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – April 2019
April 12 @ 8:00 am – 10:00 am

The post Cybersecurity News of the Week, February 17, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group