Individuals at Risk
Cyber Privacy
Family finds hidden camera livestreaming from their Airbnb in Ireland: After arriving at their Airbnb in Cork, Ireland, a family from New Zealand made an unsettling discovery: a hidden camera, livestreaming from the living room. CNN, April 5, 2019
Identity Theft
Georgia Tech reveals data breach, 1.3 million records exposed: The Georgia Institute of Technology has revealed a data breach which has potentially exposed information belonging to 1.3 million employees and students. ZDNet, April 4, 2019
The New Equifax Boss Wants to Make Amends. We Have Some Questions: Mark Begor thinks Equifax can be the consumer-friendly credit bureau. So where are our free credit reports, automatic credit freezes for babies and consistent straight talk? The New York Times, April 4, 2019
Identity Theft: Act Now to Protect Yourself: Identity thieves are more skilled at their nefarious craft than ever. Kiplinger, April 4, 2019
Credit Card Fraud
The Latest Big Data Breach Should Make You Rethink How You Pay For Everything: Last Friday, the restaurant group Earl Enterprises confirmed that over two million credit cards were compromised in a breach affecting diners at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! and other restaurants between May 2018 and March 2019. Forbes, April 4, 2019
Cyber Update
Consumer routers targeted by DNS hijacking attackers: Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks. HelpNetSecurity, April 5, 2019
Cyber Defense
Is your hard drive exposed online?: Over 13,500 internet-connected storage devices have been exposed online by users who failed to set access passwords for them, it emerged last week. Naked Security, April 3, 2019
Cyber Warning
Razer Laptops Shipped With Massive Firmware Vulnerabilities: Razer got its start making gaming-oriented peripherals like keyboards and mice, but it expanded into laptops a few years ago. The company’s Blade laptops still have that gamer aesthetic paired with powerful hardware. However, they also have a nasty security vulnerability that could let hackers implant malware on your system. ExtremeTech, April 5, 2019
Game of Thrones has the most malware of any pirated TV show: If you’re not worried about breaking the law when you pirate Game of Thrones, then at least worry about breaking your computer. CNet, April 2, 2019
Cyber Humor
Information Security Management in the Organization
Information Security Management and Governance
Don’t Start Believin’: Top Cybersecurity Myths Debunked: Cybersecurity is a paramount concern for all companies today. Despite the growing number of security measures being adopted by businesses, the number of cyberattacks is still surging. With advancing technologies that can be leveraged by hackers, cyberattacks are continuing to increase in terms of severity, damage, and sophistication. While cyberattacks are impossible to completely prevent against, they can still be controlled and minimized with proper security measures. But there is one vulnerability you are probably not aware of: Believing in cybersecurity myths also acts as the major reason for the growing security threats and attacks. Here are some of the most common cybersecurity myths and misconceptions, and the sooner you stop thinking they are true the safer you will be. TechGenix, April 5, 2019
Cybersecurity in the C-Suite
Vulnerability Management: What it is. Why you need it. Given the important role of aggressive vulnerability management in an effective information security management program, you would think that IT departments and the IT / MSP vendor community would keep the networks they manage well-patched and updated. Unfortunately, this doesn’t seem to be the case. … The prudent executive will want to gain assurance that IT is effectively managing this critical IT security management function Executive Guide: IT Security Management, Citadel Information Group, April 3, 2019
Stressed to Impress: Evolving Threats Raise the Stakes on Shared Security Culture: Cybersecurity experts are working longer hours and tackling more complex challenges as threat landscapes continue to evolve. Survey data from Farsight Security found that more than half of security professionals work weekends and nearly 30 percent work 10 or more hours a day. But companies still face a jobs shortfall: As reported by TechCrunch, research from (ISC)2 suggests a jobs gap of more than 3 million positions worldwide. SecurityIntelligence, April 5, 2019
Overstate Your Cybersecurity at Your Peril – Lessons from the Equifax Data Breach: Looking back with the perspective of two years, the Equifax data breach still has many lessons to teach us. Unfortunately, some of the most important lessons are masked by the extremes of the errors that characterized the original breach, which include insider trading by top executives after the breach was discovered but before it was disclosed. That, combined with the length of time the company withheld news of the breach, and the irony that its entire business model is built on security, may lure some observers into believing that the incident is unique, and they could never screw things up as magnificently. Robert Braun, JMBM CyberSecurity Lawyer Forum, April 3, 2019
Cyber Defense
German drugmaker Bayer Detects and Covertly Monitors Cyber Attack – Before It Removes Threat: German drugmaker Bayer has contained a cyber attack it believes was hatched in China, the company said, highlighting the risk of data theft and disruption faced by big business. Insurance Journal, April 3, 2019
How hackers use ransomware to hide data breaches and other attacks: Most ransomware is used simply to make money. However, it can also be used as part of an attacker’s exit strategy to wipe out forensic evidence of a more serious breach. CSO, April 2, 2019
Cyber Talent
The Cybersecurity Workforce Shortage Is a Big Problem. You Can Help Girl Scouts Solve It: As CEO of Girl Scouts of the USA, I know the importance of having a cybersecurity workforce that protects our personal information, the systems that we depend on, and our national defense. This workforce must have the technical skills and a spirit of civic responsibility to be the STEM visionaries our society needs. Security Boulevard, April 5, 2019
Cybersecurity in Society
Cyber Crime
Facebook Let Dozens of Cybercrime Groups Operate in Plain Sight: FACEBOOK’S FAILURE TO moderate bad behavior on the sprawling online world it created, what with political trolls, extremist content, and livestreamed acts of horrific violence, has received a torrent of criticism. But researchers have found that the social media giant is also failing to police a far more basic and decades-old internet problem among its users: plain old cybercrime. Wired, April 5, 2019
Cyber Attack
Norsk Hydro’s Production Near Normal after Cyber Attack: Production at Norwegian aluminum maker Norsk Hydro was back to near normal after a cyber attack last month, the company said on Friday. Claims Journal, April 5, 2019
Know Your Enemy
Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware. Operators of the Necurs botnet are using US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals: A threat group with possible connections to the operators of the notorious Necurs botnet has employed what security vendor Bromium this week described as an Amazon-style fulfillment model to host and distribute malware on behalf of other cybercriminals. DarkReading, April 4, 2019
Cyber Freedom
The Cybersecurity 202: States gear up for 2020 election security even as report shows they spent just a fraction of $380 million in available election security money before midterms: Congress scrambled in early 2018 to deliver a surge in election security money before the midterms. But it turns out that states only spent about 8 percent of the $380 million Congress approved by the time the elections rolled around. The Washington Post, April 5, 2019
National Cybersecurity
Malware Arrest Exposes Security Gaps at Trump’s Mar-a-Lago Club: WASHINGTON — The arrest of a Chinese woman who carried a malware-laced device into Mar-a-Lago, President Trump’s Florida resort, has exposed porous security at the private club and escalating tensions between Secret Service agents and the resort’s staff members, who vet guest lists and allow people onto the sprawling grounds. The New York Times, April 3, 2019
Chinese woman carrying thumb drive with malware arrested at Trump’s Mar-a-Lago resort: Secret Service agents arrested a Chinese woman after she bypassed layers of security and gained access to the reception area of President Trump’s Florida resort this past weekend, saying they found she was carrying two passports and a thumb drive containing malicious software, according to court documents. The Washington Post, April 2, 2019
Cyber Law
New Bill From Elizabeth Warren Proposes Potential Jail Time for CEOs for Massive Consumer Data Breaches. Warren says: “Personal accountability is the only way to ensure that executives at corporations will think twice before ignoring the law.”: On Wednesday, Sen. Elizabeth Warren unveiled a new bill that—among other ways of expanding criminal liability for what she describes as “any corporate executive who negligently oversees a giant company causing severe harm to U.S. families”—proposes the possibility of jail time for execs of companies that fail to protect consumers from certain kinds of data breaches. Slate, April 5, 2019
Cyber Medical
Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists: Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks. The Washington Post, April 3, 2019
Health Care’s Huge Cybersecurity Problem. Cyberattacks aren’t just going after data: The patient lying on the emergency room table in front of Paul Pugsley was having a stroke. Time was running out. Pugsley, an emergency medicine resident at Maricopa Medical Center, knew he needed to send the patient for a CT scan. The Verge, April 4, 2019
Cyber Enforcement
Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico: An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations. KrebsOnSecurity, April 4, 2019
Canadian Police Raid ‘Orcus RAT’ Author: Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a Remote Access Trojan. KrebsOnSecurity, April 2, 2019
Man Behind Fatal ‘Swatting’ Gets 20 Years: Tyler Barriss, a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. KrebsOnSecurity, April 2, 2019
Cyber Research
Cryptography That Can’t Be Hacked: Researchers have just released hacker-proof cryptographic code — programs with the same level of invincibility as a mathematical proof. QuantaMagazine, April 2, 2019
SecureTheVillage Calendar
Financial Services Cybersecurity Roundtable – April 2019
Vendor Management Interactive Discussion: How Banks Can Help Non-Bank SMBs Raise the Bar in Managing Vendor Risk
April 12 @ 8:00 am – 10:00 am
Webinar: SecureTheVillage May Webinar
CCPA, Part 2: Data Privacy Management
May 2 @ 10:00 am – 11:00 am
Webinar: SecureTheVillage June Webinar
CCPA, Part 3: Minimum Reasonable Security Practices
June 6 @ 10:00 am – 11:00 am
Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am
The post Cybersecurity News of the Week, April 7, 2019 appeared first on Citadel Information Group.
from Citadel Information Group
via Citadel Information Group