Cybersecurity News of the Week, March 10, 2019

Cybersecurity News of the Week, March 10, 2019

blog-feature-weekend-vulnerability-and-patch-report

SecureTheVillage — March Webinar

SecureTheHuman: Beyond Awareness Training. Turning People into Cyber Guardians.

Host: Stan Stahl, Ph.D., President SecureTheVillage and Citadel Information Group

Stan’s Guests:

Webinar Overview: An effective cybersecurity program depends on the behavior of people. While awareness training is a necessary component of an effective cybersecurity program, it is not sufficient. Cybersecurity takes more than periodic training programs. Cybersecurity requires turning people into cyber guardians. Join Bill, Kimberly, Barbara, and Stan for an invigorating discussion on making the critical leap from ‘cyber awareness’ to “cyber guardian.’

Individuals at Risk

Cyber Privacy

Session Recording May Pose A Threat To Your Cybersecurity: Many online companies use session recording tools to track how long users spend on their site and what they click on. But could these tools pose a threat to your cyber security? CBS, March 8, 2019

MyEquifax.com Bypasses Credit Freeze PIN: Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday. KrebsOnSecurity, March 8, 2019

How to Wipe Personal Data From Your Car: In the same way that consumer advocates and organizations like Consumer Reports advise wiping a smartphone, tablet or computer before selling, trading in or recycling, it’s important to keep in mind that newer cars with sophisticated infotainment systems accumulate much of the same sensitive digital information. This includes credit card numbers and other bank information, account names and passwords, addresses and frequently traveled routes, contacts’ names and numbers, and possibly even text messages. If you wouldn’t leave your smartphone out for a random stranger to grab and scroll through at their leisure, then it doesn’t make sense to leave that same information accessible to the next owner of your car. HowStuffWorks, March 7, 2019

Cyber Privacy – Facebook

A Privacy-Focused Vision for Social Networking by Mark Zuckerberg: My focus for the last couple of years has been understanding and addressing the biggest challenges facing Facebook. This means taking positions on important issues concerning the future of the internet. In this note, I’ll outline our vision and principles around building a privacy-focused messaging and social networking platform. There’s a lot to do here, and we’re committed to working openly and consulting with experts across society as we develop this. Facebook, March 6, 2019

A Privacy-Focused Facebook? We’ll Believe It When We See It: In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s also about competition. EFF, March 7, 2019

Yes, Actually, There Is A Lot Of Good News In Zuckerberg’s New Plans For Facebook: On Wednesday morning, there was a flurry of discussion and articles concerning Mark Zuckerberg’s giant new post, laying out a new strategy for Facebook. Having first read some of the commentary — nearly all of it someone on the spectrum from “critical” to “mocking,” I expected the actual post to have lots of problems, or just be pointlessly vague, like too much of Facebook’s public communications over the past few years. However, having read through the whole thing, it’s actually a lot more thoughtful, nuanced, and detailed than I expected — and there’s a lot that’s important in there that we should be encouraging, rather than mocking. There are still some questions raised, but rather than the kneejerk “but Facebook is pure evil” response some like to default to, I thought it might be useful to look more closely at the different aspects of what Zuckerberg is saying, where it might be really good, where it might be problematic, and where more info is necessary. TechDirt, March 7, 2019

Zuckerberg’s new privacy essay shows why Facebook needs to be broken up: Mark Zuckerberg doesn’t understand what privacy means—he can’t be trusted to define it for the rest of us. MIT Technology Review, March 7, 2019

Zuckerberg’s Privacy Manifesto is Actually About Messaging: You would be forgiven if you read Mark Zuckerberg’s Wednesday post about Facebook moving to “A Privacy-Minded Vision for Social Networking” and thought it was either a deathbed conversion, a cynical ploy to avoid regulation and reassure users, or even just an absurd musing that the company has no intention of carrying out (much like the “Clear History” feature it announced almost a year ago, which has yet to materialize). Wired, March 7, 2019

Identity Theft

Senators slam Equifax, Marriott executives for massive data breaches that put hundreds of millions at risk of identity theft and breach of privacy: Members of Congress sharply rebuked Equifax and Marriott on Thursday for failing to protect people’s personal data and prevent two of the largest security breaches in U.S. history, putting hundreds of millions at risk. The Washington Post, March 8, 2019

How to Protect Yourself From Fraud and Identity Theft: This is National Consumer Protection Week, so it’s an opportune time to dust off your consumer power skills. US News and World Report, March 6, 2019

Cyber Danger

Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise. Hackers have been refining their email phishing schemes to also nab the one-time passcode from two-factor authentication security setups, Google warns at #RSA: Don’t expect two-factor authentication to always protect your accounts. Google has noticed an unsettling increase in phishing attacks that can defeat the security setup. PC Magazine, March 7, 2019

Cyber Update

Update your Chrome browser right now – or run the risk of malware infection. Opera is also hit by this gaping zero-day vulnerability: If you’re using Google’s Chrome browser – and the vast majority of folks are – then you need to make sure it’s on the latest version, otherwise you may be vulnerable to an exploit which is out there in the wild, and can be used to deliver all sorts of nastiness. TechRadar, March 8, 2019

Cyber Defense

Check if Your Android VPN Is Collecting Personal Data: Granting permissions to apps takes a certain level of trust—trust that an app is honest about the parts of your phone’s hardware and operating system it has access to, and what it does with the data therein. Trust is especially crucial with VPN apps, the point of which is to obfuscate your mobile internet activity from unwanted data snoops. The last thing you need is an app that should be protecting your identity leaking out important information. LifeHacker, March 7, 2019

Information Security Management in the Organization

Cybersecurity in the C-Suite

How to create a transformational cybersecurity strategy: 3 paths: Enterprises must build a security strategy that is aligned with business needs. TechRepublic, March 8, 2019

The Brave New World of Cybersecurity in M&A Due Diligence: Pitfalls and Opportunities: Like poorly-behaved school children, new technologies and intellectual property are increasingly disrupting the M&A establishment. Cybersecurity has become the latest disruptive newcomer to the M&A party. Law.com. March 8, 2019

GDPR: Compliance Challenge Or Marketing Opportunity?: There has been much hand-wringing among marketers over the European Union’s recently implemented data privacy rules. Yes, they have important implications for marketers doing business in Europe. And it’s true that failure to comply can result in significant penalties. But seen in the right perspective, the European Union’s General Data Protection Regulation is actually an opportunity for marketers to deepen their customer relationships and sharpen their focus on what’s important. In fact, in its engagements for global business-to-business firms, my company has worked with marketers who are implementing GDPR and helped them connect these requirements to positive customer experience goals. Forbes, March 8, 2019

A CEO Cheat Sheet For The Cybersecurity Big One: In Warren Buffett’s 2019 shareholder letter, he called out the “Big One” alongside natural disasters as the key risks to his insurance portfolio. The “Big One” he is referring to is a cyber attack he describes as “…having disastrous consequences beyond anything insurers now contemplate.” Forbes, March 5, 2019

Cybersecurity Is Putting Customer Trust at the Center of Competition: If you’re selling a product, you’re now selling trust. HBR, March 4, 2019

Cyber Privacy

Meeting GDPR standards doesn’t guarantee Calif. privacy law compliance, experts warn: Soon to be the most restrictive privacy law in the U.S., the California Consumer Privacy Act is set to take effect in January 2020. And companies that sit back and assume their compliance with GDPR is enough to meet the new legislation’s high expectations are in for a rude awakening, warned a panel of privacy executives at RSA 2019. SC Magazine, March 8, 2019

Cookie walls don’t comply with GDPR, says Dutch DPA: Cookie walls that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as the “price” of entry to the site are not compliant with European data protection law, the Dutch data protection agency clarified yesterday. TechCrunch, March 8, 2019

GDPR: Still Plenty of Lessons to Learn: As the one year anniversary of enforcement approaches in May, the European Union’s General Data Protection Regulation continues to challenge businesses of all sizes worldwide, creating new concerns and responsibilities for the security and legal teams charged with ensuring compliance with the privacy law designed to protect Europeans’ data. BankInfoSecurity, March 7, 2019

Most Organizations Admitted to GDPR Compliance Gaps in 2018: Most organizations admitted to not being compliant with the European Union’s General Data Protection Regulation (GDPR) after it took effect last year, according to 2018 survey results from Forrester. RedmondMag, March 7, 2019

Cyber Defense

Enterprises lax about mobile security as more threats loom. Verizon’s Mobile Security Index for 2019 has more than a few findings enterprises should be worried about: Companies of all sizes are scrimping on mobile security, failing to use mobile device management, antivirus and anti-malware and practically inviting attacks, according to Verizon’s Mobile Security Index report. ZDNet, March 5, 2019

Cyber Talent

Celebrating International Women’s Day: Why We Need Better Representation of Women in Security: It’s International Women’s Day — so where are the women in cybersecurity? SecurityIntelligence, March 8, 2019

Cyber Humor

Cybersecurity in Society

Cyber Privacy

FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules: The Federal Trade Commission is seeking comment on proposed amendments to two rules that protect the privacy and security of customer information held by financial institutions. FTC, March 5, 2019

Banks won’t be able to remain on sidelines of privacy debate: September 2017 was the beginning of the end. That’s when Equifax disclosed publicly, for the first time, that nearly 150 million people had their personal information — including names, addresses and Social Security numbers— stolen from its database. AmericanBanker, March 3, 2019

Cyber Crime

Cyber attack forces Jackson County to pay $400K ransom: The Jackson County government paid online criminals about $400,000 this week following a cyber attack that crippled the county’s computer system. onlineathens, March 8, 2019

1.8 Million Users Attacked by Android Banking Malware, 300% Increase Since 2017: The number of Android users attacked by banking malware saw an alarming 300% increase in 2018, with 1.8 million of them being impacted by at least one such attack during the last year. BleepingComputer, March 8, 2019

Cyber Attack

Iranian-backed hackers stole data from U.S. government contractor. The hackers are believed to have penetrated the software giant Citrix years ago and have remained inside the company’s computer network ever since: Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the FBI and many American corporations, a cybersecurity firm told NBC News.NBC, March 8, 2019

Citrix says its network was breached by international criminals. FBI says hackers gained unauthorized access by exploiting weak passwords: Virtualization and software provider Citrix said its internal network was breached by international criminals who most likely exploited weak passwords to gain limited access before working to gain more privileged control. ars technica, March 8, 2019

Know Your Enemy

Accenture and the Ponemon Institute Report: Cost to companies from malware and “malicious insider”-related cyberattacks up 12% in 2018. Ransomware attacks up 15%. Ransomware costs up 21% to approximately $650,000 per company, on average: The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute. HelpNetSecurity, March 7, 2019

Hackers Sell Access to Bait-and-Switch Empire: Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few. KrebsOnSecurity, March 4, 2019

National Cybersecurity

The Cybersecurity 202: U.S. officials: It’s China hacking that keeps us up at night:That’s the unified message NSA, FBI and Homeland Security Department officials brought to the #RSA cybersecurity conference this week. The Washington Post, March 6, 2019

Cyber Medical

Ultrasound Machine Diagnosed with Major Security Gaps: Check Point researchers investigate security risks and point to implications for medical IoT devices. DarkReading, March 8, 2019

Cyber Enforcement

Guilty Plea in Rare HIPAA Criminal Case. Former Patient Coordinator Wrongfully Disclosed Patient Information: A former patient coordinator at UPMC, a medical center in Pittsburgh, has pleaded guilty to wrongfully disclosing health information in a rare case involving criminal prosecution for violating HIPAA. BankInfoSecurity, March 8, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage April Webinar
California Consumer Privacy Act
April 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – April 2019
April 12 @ 8:00 am – 10:00 am

Webinar: SecureTheVillage May Webinar
May 2 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage June Webinar
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am

The post Cybersecurity News of the Week, March 10, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group