Cybersecurity News of the Week, March 3, 2019

Cybersecurity News of the Week, March 3, 2019

Individuals at Risk

National Consumer Protection Week

National Consumer Protection Week: National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.

Cyber Privacy

Video-based social platform TikTok pays record $5.7M fine to settle claims it illegally collected data from children, the Federal Trade Commission announced on Thursday: The FTC said the $5.7 million penalty was the largest ever settlement for a children’s privacy issue. TikTok, formerly known as, was accused of knowingly tracking data from underage users without obtaining parental consent, as required by law. Fox, February 28, 2019

Major Vulnerability in Amazon’s Ring Video Doorbell Found: Unencrypted transmission of audio and/or video footage to the Ring application allows for undetectable arbitrary surveillance and injection of counterfeit traffic, compromising home security and putting family members at risk. PRNewswire, February 27, 2019

Cyber Fraud

Xfinity irresponsibly using 0000 as default PIN, hacker steals customer’s phone number and buys a Mac: In the latest episode of consumers affected by tech companies’ security flaws, Comcast’s Xfinity Mobile wireless service was found to be setting customer PINs by default to 0000. As reported by The Washington Post (via The Verge) one of the users who had their phone number stolen because of Xfinity’s weak PIN default even saw a hacker purchase an Apple computer with his credit card. 9to5Mac, February 28, 2019

Information Security Management in the Organization

Cyber Defense

5 Essential Cybersecurity Practices for Small Business Owners: We live in a time when major data breaches make news headlines on an almost daily basis. B2C, February 27, 2019

3 things you’ll need to protect yourself against advanced ransomware: Ransomware is more advanced than ever – and it shows no signs of slowing. Here’s what you need to do to protect yourself and your business. TechTalks, February 27, 2019

Cyber Update

Cisco: Patch routers now against massive 9.8/10-severity security hole. Cisco tells businesses to install updates six months after researchers reported a critical security flaw: Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network. ZDNet, February 28, 2019

Cyber Attack

Fake Google reCAPTCHA used to hide Android banking malware. The phishing campaign impersonates Google in attacks against banking institutions and their users: Researchers have documented a recent phishing campaign targeting online banking users which masquerades as Google in its attempt to steal valuable credentials. ZDNet, February 22, 2019


RSA Conference 2019 Guide: Insider Tips From an RSAC 2018 Survivor: The RSA Conference doesn’t openly advertise itself as the largest cybersecurity event, but it is certainly among the most overwhelming. That’s a matter of opinion, but it’s the opinion of many who survived last year’s conference. SecurityIntelligence, February 26, 2019

Secure The Human

A Culture Of Safety: How HR Can Partner With IT To Improve Cybersecurity: Cyberattacks have been a risk for businesses since the dawn of computer technology. As hackers have become more advanced, however, their ability to reach and potentially misuse employee data has created an unprecedented risk in today’s workplaces. As of Q2 2018, on report showed a 47% increase in cyberattack incidents over Q2 2017. Forbes, February 28, 2019

5 ways employees can weaken your cybersecurity defenses: Cybersecurity may begin with putting in place measures like spam filters, fraud detection software, multi-factor authentication and file encryption. But it doesn’t end there. BizJournals, February 28, 2019

Cyber Humor

Cybersecurity in Society

Cyber Privacy

Dow Jones Watchlist of risky businesses exposed on public server: Yet more sensitive data has been left lying around in the cloud. NakedSecurity, March 1, 2019

Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action: On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of a consumer’s rights under the CCPA. This would materially increase the risk to businesses of class action litigation from failures to comply with the privacy standards in the new law. Alston&Bird, February 27, 2019

Cyber Risk

The Cybersecurity 202: These are the four parts of the economy most vulnerable to cyberattack, according to Moody’s. Lenders should consider cybersecurity before making loans, new report says: Across the world, there are four specific industry sectors at the highest risk of being devastated by cyberattacks. They also hold a big chunk of the world’s debt — to the tune of $11.7 trillion. The Washington Post, February 28, 2019

Cyber Crime

Crypto Mining Service Coinhive to Call it Quits: Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month. KrebsOnSecurity, February 27, 2019

The hacker’s paradise: Social networks net criminals $3bn a year in illicit profits. Threat actors making use of social media networks in the same ways as today’s businesses when it comes to sales, marketing, and recruitment: Many of us at some point or another have used a social network. They can help us connect and retain relationships with each other no matter where we are in the world, but they can also be a source of harassment, trolling, and an overall negative and stressful digital environment. ZDNet, February 26, 2019

Hacker steals $7.7 million in EOS cryptocurrency after blacklist snafu: One of 21 EOS blacklist maintainers failed to update its list, allowing the hacker to make off with the stolen funds. ZDNet, February 26, 2019

Payroll Provider Gives Extortionists a Payday: Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers. KrebsOnSecurity, February 23, 2019

Cyber Espionage

A cyber espionage campaign is targeting national security think tanks and academic institutions in the US in what’s believed to be an intelligence gathering operation by a hacking group working out of North Korea: A series of spear-phishing attacks using fake emails with malicious attachments attempts to deliver a new family of malware, which researchers at Palo Alto Networks have identified and dubbed BabyShark. The campaign started in November and remained active at least into the new year. ZDNet, February 22, 2019

Cyber Freedom

State election officials opt for 2020 voting machines vulnerable to hacking: The new machines still pose unacceptable risks in an election that U.S. intelligence officials expect to be a prime target for disruption by countries such as Russia and China. Politico, March 1, 2019

The Cybersecurity 202: Georgia election security fight tees up national debate on paper ballots: Georgia’s own election security fight is teeing up a national debate over the most secure and accurate way for citizens to cast ballots. The Washington Post, March 1, 2019

U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms: The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the Kremlin’s operations against the United States are not cost-free. The Washington Post, February 27, 2019

DNC issues cybersecurity guidance for 2020 election. “Whether you work on a campaign, in a state party, or are a student, small business owner, or CEO of a Fortune 100 company, you should download and complete this checklist,” says DNC CSO: The news is filled with stories about intrusions and foreign governments hacking into just about everything with an internet connection. Many people ask the DNC what they can do to stay secure. On a regular basis I have people call me asking what sort of firewall to buy, or how to tune their routers. While I have thoughts on those topics, I tell people to focus on the simple things that make the most common attacks much harder. Medium, February 22, 2019

The Cybersecurity 202: California wants to let political candidates use campaign cash to secure their devices: As hackers target California campaigns, the state wants to let political candidates use some of their campaign funds to secure personal phones and computers. The Washington Post, February 22, 2019

National Cybersecurity

Cybersecurity threats to US infrastructure warrant ‘moonshot’ response: Serious threats to U.S. infrastructure, and especially to the electrical grid, have grown significantly in the past year and, as National Intelligence Director Dan Coats reiterated to Congress recently, “the warning lights are blinking red.” The Hill, February 26, 2019

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison. He and colleague convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials: A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men — a former Russian cyber intelligence official and an executive at Russian security firm Kaspersky Lab — were reportedly prosecuted for their part in an investigation into Pavel Vrublevsky, a convicted cybercriminal who ran one of the world’s biggest spam networks and was a major focus of my 2014 book, Spam Nation. KrebsOnSecurity, February 22, 2019

Missing from the 2019 Missile Defense Review: Cybersecurity: The 2019 Missile Defense Review promises to create US “missile defense programs to counter the expanding missile threats posed by rogue states and revisionist powers to us, our allies, and partners, including ballistic and cruise missiles, and hypersonic vehicles.” It expands the role of current defense systems that defend against global threats, while pursuing unproven technology. But one important criterion for US missile defenses is entirely absent from the Missile Defense Review: cybersecurity. Bulletin of the Atomic Scientists, February 22, 2019

Cyber Enforcement

Booter Boss Interviewed in 2014 Pleads Guilty: A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son’s online activities. KrebsOnSecurity, February 28, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage March Webinar
SecureTheHuman: Beyond Awareness Training. Turning People into Cyber Guardians.
March 7 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage April Webinar
April 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – April 2019
April 12 @ 8:00 am – 10:00 am

Webinar: SecureTheVillage May Webinar
May 2 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage June Webinar
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am

The post Cybersecurity News of the Week, March 3, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group