Individuals at Risk
Cyber Privacy
Hacker talks to baby through Nest security cam, jacks up thermostat: If the internet’s army of creeps isn’t busy blasting bogus warnings about fake nuclear warhead missiles through people’s Nest security cameras, they’re trying to parboil kids by jacking up the Nest thermostat. NakedSecurity, February 1, 2019
Apple Apologizes For iPhone Facetime Bug And Thanks 14-Year-Old Who Discovered It: Apple has apologized for the Facetime bug that could allow some users to hear audio before their call had been accepted. Forbes, February 1, 2019
FaceTime Is Eroding Trust in Tech. Privacy paranoiacs have been totally vindicated: “Why do you keep calling me with FaceTime instead of, you know, normal calls?” my Georgia Tech colleague Charles Isbell asked me the other week. “I don’t even mean to,” I answered. “For some reason, it just does it that way!” The Atlantic, January 29, 2019
How Taylor Swift became a cybersecurity icon: In the wake of Apple’s FaceTime privacy bug, we should learn from the superstar who predicted such breaches. The Guardian, January 29, 2019
Cyber Defense
Another important reminder to use different passwords on different sites as hacker cache of 2.2 billion login / password records surfaces: When hackers breached companies like Dropbox and LinkedIn in recent years—stealing 71 million and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year’s phone book. Wired, January 30, 2019
Information Security Management in the Organization
Cyber Defense
Why you need to use DMARC and SPF on mail servers to prevent phishing and fraud: Open-source, industry standard specifications are available to protect your business, but real-world deployment is still lower than optimal. TechRepublic, February 1, 2019
From SMEs to major firms, how will ransomware attacks evolve this year?: Ransomware is a growing threat to businesses, but there are steps you can take to protect your enterprise. SiliconRepublic, January 31, 2019
What cybersecurity pros can learn from TSA PreCheck: Airport security screening has long been a painful and time-consuming process, but that began to change when the Transportation Security Agency’s TSA PreCheck program launched in 2011. As one of the first mainstream examples of risk-adaptive security, TSA PreCheck leverages known user behaviors to deliver a more targeted and efficient security screening process. GCN, January 31, 2019
Massive vulnerability means lost email password can lead to hacked Microsoft Exchange Server, worse: A massive security hole has been found which means most Microsoft Exchange Servers 2013 and above can be hacked to give criminals full Domain Controller admin privileges, allowing them to create accounts on the target server and come and go at will. MSPowerUser, January 29, 2019
Cyber Talent
The Shutdown’s Impact on Cybersecurity Talent: Meet Jane Doe. Jane is 25 years old, grew up in Anywhere, USA and has been working as a cybersecurity analyst for the U.S. government since she graduated college three and a half years ago. She decided to accept a job at the Department of Homeland Security working for the Cyber and Infrastructure Security Agency because of the training they offer, her interest in cybersecurity, the desire to serve her country, and the ability to do meaningful work. She lives in the Washington, D.C. area where the current supply/demand ratio for cybersecurity workers is extremely low. Jane was recently promoted to a GS12 position and is currently making approximately $82,000 per year. She loves her work but is sometimes frustrated with the government bureaucracy. NextGov, February 1, 2019
Cybersecurity in Society
Cyber Privacy
Privacy: Several States Consider New Laws. After California Takes Bold Action, Other States Ponder Privacy Protection Measures: Several U.S. states, including Oregon, North Carolina, Virginia and Washington, are considering new legislation to shore up consumer data privacy laws in the wake of California passing strict privacy requirements last year. BankInfoSecurity, January 31, 2019
Cyber Attack
New Insurance Industry Study Finds Global Ransomware Attack Could Cost $193 Billion with 86% of Losses Uninsured: A major global ransomware attack could cost organizations an estimated $193bn, with those in the US worst affected, according to a new cyber-risk report. InfoSecurity Magazine, January 30, 2019
Know Your Enemy
Bullish on cybercrime: As the U.S. economy takes investors on a wild ride, turning all the usual indicators topsy-turvy and sparking concern that the bear will usurp the bull, one market seems to be on a perpetual upswing. SC Media, February 1, 2019
Cybercrime black markets: Dark web services and their prices: The cybercrime industry cost the world three trillion dollars in 2015 and it is predicted that this amount will rise to six trillion by 2021, according to this 2018 Cybersecurity Ventures post. When we say cost, we are talking about all the expenses incurred in the aftermath of an incident. In a ransomware attack, for example, it is not only the payment of the ransom that counts, but also all the costs of the subsequent loss of productivity, improvements to security policies, investments in technology, and damage to the company’s image, just to name a few. WeLiveSecurity, January 31, 2019
Cyber Freedom
US: Mueller Evidence Used in Disinformation Campaign: WASHINGTON — Federal prosecutors say confidential material from the Russia investigation was altered and released online as part of a disinformation campaign to discredit special counsel Robert Mueller’s probe, according to a court filing Wednesday. The New York Times, January 30, 2019
Defending Democratic Mechanisms and Institutions against Information Attacks: To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may damage democracy as a whole. Schneier on Security, January 28, 2019
Dear 2020 candidates, cybersecurity chief is your most important hire. Don’t screw it up: All candidates should know they are targets to hackers trying to expose confidential information and cause chaos, not just for them but for democracy. USA Today, January 14, 2019
National Cybersecurity
The Cybersecurity 202: U.S. should counter Russia and China hacking with its own influence operations, think tank says: A right-of-center Washington think tank has a novel recommendation for how the Trump administration can push back on Russian and Chinese hacking and disinformation campaigns: Strike back with its own information warfare operations. The Washington Post, February 1, 2019
Pentagon taking action to boost cybersecurity down the supply chain: The Department of Defense is making a push to enhance its cybersecurity by certifying and strengthening the cyber-hygiene and capabilities of small businesses that are several steps removed from the Pentagon in the contracting process. FedScoop, January 31, 2019
The Cybersecurity 202: U.S. adversaries are raising their cyber game, intel officials warn: All four of the United States’ main global adversaries are investing heavily in offensive cyber capabilities and are more likely to use digital attacks to gain a strategic advantage, Director of National Intelligence Dan Coats told lawmakers Tuesday. The Washington Post, January 30, 2019
Cyber Gov
The Curious Case of a Kentucky Cybersecurity Contract: When Secretary of State Alison Lundergan Grimes hired a firm called CyberScout to address the state’s election security, she was putting her faith in a company that had never tackled such a challenge and had drawn opposition from her staff. They questioned both the hiring process — and the results. ProPublica, February 1, 2019
Cyber NYC initiative strives to make New York a cybersecurity hub: New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city’s cybersecurity workforce while helping companies drive cybersecurity innovation. SearchSecurity, February 1, 2019
Cyber Law
Hacker discloses Magyar Telekom vulnerabilities, faces jail term: An ethical hacker who reported serious vulnerabilities in Magyar Telekom has been arrested and faces years behind bars for “disturbing a public utility.” ZDNet, February 1, 2019
Cyber Regulation
Final Implementation Deadline Approaching for New York’s Cybersecurity Regulation: The final implementation period for the New York Department of Financial Services’ (DFS) cybersecurity regulation covering DFS-regulated entities and licensed individuals ends March 1, 2019. Insurance Journal, February 1, 2019
Cyber Medical
Cybersecurity coalition calls for integrating medical device, health IT security initiatives: Healthcare and Public Health Sector Coordinating Council issued a new report saying infosec demands cross-sector collaboration. HealthcareITNews, January 30, 2019
Critical Infrastructure
Deloitte: Managing cyber risk in the electric power sector. Emerging threats to supply chain and industrial control systems.: The power sector is one of the most frequently targeted and first to respond to cyber threats with mandatory controls. But threats continue to evolve, reaching into industrial control systems and supply chains, and requiring even greater efforts to manage risk. DeloitteInsights, January 31, 2019
Cyber Enforcement
Hacker Who Stole $5 Million By SIM Swapping Gets 10 Years in Prison: A 20-year-old college student who was accused of stealing more than $5 million in cryptocurrency in a slew of SIM hijacking attacks is the first person to be sentenced for the crime. Motherboard, February 1, 2019
250 Webstresser Users to Face Legal Action: More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency. KrebsOnSecurity, February 1, 2019
Blockchain
An Overview of Blockchain Cybersecurity Risks and Issues: Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of privacy laws and regulations then be sure to check out “Cybersecurity Tech Basics: Blockchain Technology Cyber Risks and Issues” and learn more about these issues.” SteptoeCyberblog, January 30, 2019
Cyber Research
AI May Soon Defeat Biometric Security, Even Facial Recognition Software: It’s time to face a stark reality: Threat actors will soon gain access to artificial intelligence (AI) tools that will enable them to defeat multiple forms of authentication — from passwords to biometric security systems and even facial recognition software — identify targets on networks and evade detection. And they’ll be able to do all of this on a massive scale. SecurityIntelligence, January 31, 2019
Cyber Humor
SecureTheVillage Calendar
Webinar: SecureTheVillage February Webinar
February 7 @ 10:00 am – 11:00 am
Financial Services Cybersecurity Roundtable – February 2019
February 8 @ 8:00 am – 10:00 am
Join SecureTheVillage at Daily Journal’s Cybersecurity/Privacy Forum 2019
February 26 @ 8:00 am – 5:00 pm
Webinar: SecureTheVillage March Webinar
March 7 @ 10:00 am – 11:00 am
The post Cybersecurity News of the Week, February 3, 2019 appeared first on Citadel Information Group.
from Citadel Information Group
via Citadel Information Group