Cybersecurity News of the Week, March 17, 2019

Cybersecurity News of the Week, March 17, 2019


Individuals at Risk

Cyber Privacy

Data-Collecting IOT Teapot, Teplo 2.0. Gathering information from the consumer, their environment, and their desired tea selection, the Teplo 2.0 can brew tea perfectly suited for everybody: Gathering information from the consumer, their environment, and their desired tea selection, the Teplo 2.0 can brew tea perfectly suited for everybody. The IOT teapot may seem very niche, but tea-drinkers will be impressed. And the brand’s founder says the surveying process (which is now automated) is a deeply rooted aspect of traditional tea making and drinking. Cool Hunting, March 14, 2019

More than 600,000 Michigan residents may have had their information compromised in ransomware-related breach at Detroit-based Wolverine Solutions Group: A ransomware attack last fall on a company that provides billing and other business services to health plans and hospitals resulted in a breach affecting more than 600,000 individuals, according to Michigan state officials. BankInfoSecurity, March 13, 2019

An email marketing company left 809 million records exposed online. 150GB database included mortgage amounts, info on credit ratings: By this point, you’ve hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected Internet backwaters. But increased awareness hasn’t slowed the problem. In fact, it’s only grown bigger—and more confounding. ars technica, March 9, 2019

Cyber Privacy – Facebook

A New Privacy Constitution for Facebook. Mark Zuckerberg wants to fix the social network. Here’s what he’ll need to do: Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that “frankly we don’t currently have a strong reputation for building privacy protective services.” Schneier On Security, March 8, 2019

Cyber Update

Patch Tuesday, March 2019 Edition: Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users. KrebsOnSecurity, March 13, 2019

Cyber Defense

70% Of Android Antivirus Apps Are Fake, Won’t Detect Malware: Two-thirds of all Android antivirus apps are useless and fail to detect malware, according to an expert study by an Austrian organization that is specialized in testing antivirus products. International Business Times, March 15, 2019

Delete These Malware-Laden Apps From Your Android Right Now: Digital security researchers have discovered a previously unknown type of ad-serving malware in more than 200 Android apps, some of which have been downloaded by millions of users. The AdWare, which security firm Check Point calls “SimBad,” creates a backdoor and allows its creator to install additional programs, according to TechCrunch. The firm notified Google of the vulnerability, and the apps have all been pulled from the Google Play Store. It’s still on us, however, to delete these apps from our phones. LifeHacker, March 14, 2019

Cyber Warning

Bootleg Ariana Grande Album Used to Spread Malware Via WinRAR Flaw: The rigged copy of ‘Thank U, Next’ was designed to exploit a newly discovered flaw in WinRAR, a popular file compression tool. Unpacking the album with vulnerable versions of WinRAR can secretly deliver malware to your PC’s Startup Folder. PCMag, March 15, 2019

Cyber Humor

Information Security Management in the Organization

Information Security Management and Governance

What to include in an enterprise cybersecurity plan. #RSA interview with Steve Martino of Cisco. Preparing for incidents and training staff top the list: At RSA 2019, TechRepublic Senior Editor Alison DeNisco Rayome spoke with Steve Martino of Cisco about the top cybersecurity threats businesses are facing, and how to help employees improve their security posture. The following is an edited transcript of the interview. TechRepublic, March 11, 2019

Cybersecurity in the C-Suite

Study Finds CEOs Make More Money After Cyber Breaches. While affected companies lose an average of $3.86 million per intrusion, the CEO generally makes out just fine, according to a newly released Warwick Business School study: It’s a headline that dominates our tech-driven world: A major company suddenly must warn its customers that their data may have been compromised in a cyberattack. Names, addresses, even credit card and Social Security numbers are seemingly up for grabs in a constant game of digital cops and robbers. Business News Daily, March 15,

Cyber Privacy

Data Protection Trends: What GDPR And Other Regulations Mean For 2019 And Beyond: As we journey through the opening months of 2019, the effects of 2018 on privacy continue to play a significant role. This is perhaps most apparent in the introduction of new laws and regulations to provide consumers with greater control over how their personal data is collected and used. Forbes, March 14, 2019

Complying with the California Consumer Privacy Act in 5 (more or less) Not So Easy Steps: Part 1 – the Data Map: It is estimated that more than 500,000 companies are subject to the California Consumer Privacy Act (CCPA), many of them smaller and mid-size business, where the detailed requirements of the Act – disclosure and notice procedures, opt-out rights, updating privacy policies, and revising vendor agreements – is daunting. So where should a business begin in its efforts to meet the Act’s requirements? Robert Braun, JMBM Cybersecurity Lawyer Forum, March 11, 2019

Unintended inferences: The biggest threat to data privacy and cybersecurity: Find out why data privacy breaches and scandals (think Facebook, Marriott, and Yahoo), artificial intelligence, and analytics have implications for how your business manages cybersecurity. TechRepublic, March 10, 2019

Cyber Attack

IMAP-Based Attacks Compromising Email Accounts at ‘Unprecedented Scale.’ Password-spraying attacks target insecure legacy protocols circumventing multi-factor authentication (MFA). Microsoft Office 365 & G Suite accounts breached: Attackers mounting password-spraying campaigns are turning to the legacy Internet Message Access Protocol (IMAP) to avoid multi-factor authentication obstacles – thus more easily compromising cloud-based accounts. ThreatPost, March 14, 2019

Cyber Defense

Will We See the Rise of Vaporworms in 2019? The evolution of the new and difficult-to-detect category of fileless attacks may soon take an insidious turn with the development of what some researchers are calling vaporworms: As the name suggests, fileless malware differs from conventional malware in that it doesn’t require a file to be created and saved on a computer. Instead, it leverages scripts or even legitimate running processes to inject itself directly into a device’s memory. But what’s on the horizon for this emerging threat? SecurityIntelligence, March 15, 2019

Your secret weapon against cyberattacks? Hire someone who has been through it before. Having someone on board who has been there already can help your company prepare better for the inevitable attack: For many organisations around the world, it increasingly feels like it’s a case of when they fall victim to a cyberattack, not if they’re targeted in a campaign by hackers. ZDNet, March 15, 2019

Cyber Talent

Navigating a challenging cybersecurity skills landscape. Organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyberthreat landscape: As much as tools and technology evolve in the cybersecurity industry, organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyberthreat landscape. CSO, March 12, 2019

Cybersecurity in Society

Cyber Privacy

Why the Debate Over Privacy Can’t Rely on Tech Giants: Ever since the Cambridge Analytica scandal last summer, consumer data privacy has been a hot topic in Congress. The witness table has been dominated by the biggest platforms, with those in lockstep with the tech giants earning the vast majority of attention. However, this week marked the first time that opposing views had a chance to fight back. The Senate Judiciary committee held a hearing called GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation, and unlike previous hearings, this hearing featured two groups of panelists with contradictory viewpoints. EFF, March 15, 2019

Cyber Crime

How Hackers Pulled Off a $20 Million Mexican Bank Heist: In January 2018 a group of hackers, now thought to be working for the North Korean state-sponsored group Lazarus, attempted to steal $110 million from the Mexican commercial bank Bancomext. That effort failed. But just a few months later, a smaller yet still elaborate series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here’s how they did it. Wired, March 15, 2019

A new rash of highly covert card-skimming malware infects ecommerce sites: The rash of e-commerce sites infected with card-skimming malware is showing no signs of abating. Researchers on Thursday revealed that seven sites—with more than 500,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase. ars technica, March 14, 2019

Ad Network Sizmek Probes Account Breach: Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. KrebsOnSecurity, March 13, 2019

Point of sale malware campaign targets hospitality and entertainment businesses. Credit card data-stealing attacks use a technique rarely deployed in POS malware to help avoid detection – and are thought to have been operating since 2016: A newly-discovered cybercrime campaign is targeting restaurants, cinemas and other retailers in the entertainment and hospitality industries with point-of-sale (POS) malware in an ongoing effort to steal credit card information from customers. ZDNet, March 13, 2019

Cyberattack with ransom demand has disrupted Boston public defenders Agency for weeks: A cyberattack on the agency overseeing public defenders has caused a weekslong slowdown, disabling e-mail systems, delaying some hearings, and hanging up payments for the private attorneys who represent clients. Boston Globe, March 12, 2019

Cyber Freedom

The Cybersecurity 202: DARPA has a plan to making voting machines far more secure: The Pentagon research agency that played a key role in inventing GPS and the Internet has a plan to make voting machines far more secure against hackers. The Washington Post, March 15, 2019

The rise of tech-worker activism. Video: Leigh Honeywell created Never Again pledge, signed by hundreds of tech workers, which was a direct response to President Trump’s openness to tracking Muslims in the US using big data: In this episode of Ars Technica Live, we spoke with Leigh Honeywell, a security engineer who has worked at several large tech companies as well as the ACLU. She’s been at the forefront of worker organizing in the tech industry, organizing protests against data-driven profiling and founding Hackerspaces in both Canada and the United States. Recently, she founded the company Tall Poppy to protect tech workers from abuse online. ars technica, March 3, 2019

National Cybersecurity

US warns of sophisticated cyberattacks from Russia, China: WASHINGTON — Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee on Wednesday. The Washington Post, March 13, 2019

Cyber Politics

Is Beto O’Rourke the First Hacker Presidential Candidate?: As the Texas Democrat enters the race for president, members of a group famous for “hactivism” come forward for the first time to claim him as one of their own. There may be no better time to be an American politician rebelling against business as usual. But is the United States ready for O’Rourke’s teenage exploits? Reuters, March 15, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage April Webinar
The California Consumer Privacy Act
April 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – April 2019
April 12 @ 8:00 am – 10:00 am

Webinar: SecureTheVillage May Webinar
May 2 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage June Webinar
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am

The post Cybersecurity News of the Week, March 17, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group