Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cyber Security News of the Week, March 27, 2016

March 26, 2016 by Stan Stahl Ph.D.

Cyber Security News of the Week, March 27, 2016

Individuals at Risk

Identity Theft

Facebook’s testing a feature that alerts you if someone’s impersonating you: Facebook’s real-name policy requires people “to provide the name they use in real life; that way, you always know who you’re connecting with.” NakedSecurity, March 25, 2016

White Hat Hackers Hit 12 American Hospitals To Prove Patient Life ‘Extremely Vulnerable’: A two-year research project into the security of 12 hospitals and a variety of medical technologies has concluded that patient health is “extremely vulnerable” to digital attacks. Forbes, February 23, 2016

Cyber Update

GOOGLE FIXES FOUR CRITICAL VULNERABILITIES IN LATEST CHROME BUILD: Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. ThreatPost, March 25, 2016

EMERGENCY JAVA PATCH RE-ISSUED FOR 2013 VULNERABILITY: Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. ThreatPost, March 24, 2016

Google rushes out emergency fix for Android rooting exploit but most phones remain at risk: Google rushes out emergency fix for Android rooting exploit but most phones remain at risk. ZDNet, March 21, 2016

Cyber Danger

OS X ZERO DAY BYPASSES NATIVE SIP PROTECTION: System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. ThreatPost, March 25, 2016

Cyber Fraud

Phishing Victims Muddle Tax Fraud Fight: Many U.S. citizens are bound to experience delays in getting their tax returns processed this year, thanks largely to more stringent controls enacted by Uncle Sam and the states to block fraudulent tax refund requests filed by identity thieves. A steady drip of corporate data breaches involving phished employee W-2 information is adding to the backlog, as is an apparent mass adoption by ID thieves of professional tax services for processing large numbers of phony refund requests. KrebsOnSecurity, March 24, 2016

Information Security Management in the Organization

Cyber Crime

7 Iranians Indicted for DDoS Attacks Against U.S. Banks: The Justice Department has unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government, including the Iranian Revolutionary Guard Corps, a branch of Iran’s armed forces – who are suspected of conducting distributed denial-of-service attacks against dozens of American banks as well as attempting to seize control of Bowman Dam outside New York City. BankInfoSecurity, March 24, 2016

Crooks Steal, Sell Verizon Enterprise Customer Data: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant that gets called in to help Fortune 500’s respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned. March 24, 2016

Ransomware plagues Kentucky hospital, forces total system shutdown: In yet another large-scale ransomware attack, Henderson, Kentucky-based Methodist Hospital has announced an “internal state of emergency,” according to Krebs on Security, after numerous files on its computer systems were savaged by encryption. The way ransomware works, all of the documents involved will be held for ransom, awaiting the hospital’s payment, hence the name. DigitalTrends, March 23, 2016

Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection: A Kentucky hospital says it is operating in an “internal state of emergency” after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up. KrebsOnSecurity, March 22, 2016

2 more Southland hospitals attacked by hackers using ransomware: Two more Southern California hospitals have been attacked by hackers who infiltrated their computer systems with ransomware and demanded payment to unlock the data, officials said. LA Times, March 22, 2016

Breach Report 2016 | State of California – Department of Justice – Kamala D. Harris Attorney General: The California Constitution guarantees every Californian the “inalienable right” to privacy. To ensure that protection, California has been on the cutting edge, adopting the strongest and most sophisticated consumer privacy laws in the United States. But California’s fast-changing economy requires our constant vigilance to ensure that privacy and security protections keep pace with innovation and new threats. Each day, millions of Californians log on to the internet to conduct business, do homework, purchase goods and services, control devices in their homes, play games, and connect with loved ones. Technology such as smartphones, the “internet of things,” wearable devices, and big data are transforming our lives at a rapid pace, while exponentially increasing the amount of personal information that is collected, used, and shared. At the same time, with data becoming more ubiquitous and valuable, the black market for stolen information also continues to expand, increasing the likelihood of hacking by cyber criminals. CALIFORNIA DATA BREACH REPORT, February 2016

Cyber Defense

8 tips for preventing ransomware: Chances are you know someone, or some organization, who has suffered a ransomware attack – it could be your local police department, a small business, big hospital, or someone in your family. NakedSecurity, March 24, 2016

MICROSOFT DEPLOYS MACRO BLOCKING FEATURE IN OFFICE TO CURB MALWARE: If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. ThreatPost, March 24, 2016

What Adele’s Photo Hack Says About Cybersecurity: Bank robbery and medical information theft have moved to the Internet, so it is disappointing but not surprising that criminal invasions of personal privacy have followed suit. British pop star Adele just fell victim to a targeted breach of her private pregnancy photos, echoing the theft of hundreds of sensitive celebrity photos in 2014, including nude photos of Jennifer Lawrence and photos of Harry Styles and Kendall Jenner vacationing in St. Barts. Fortune, March 24, 2016

Advanced Persistent Bot activity on the rise: Bad bots are used by fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. HelpNetSecurity, March 24, 2016

Cyber Security Management – C Suite

Ransomware Attacks Surge; So Now What?: Ransomware attacks against hospitals and other organizations are becoming commonplace this year, with at least five incidents revealed in recent weeks. BankInfoSecurity, March 23, 2016

Cyber Awareness

Even security experts fail to spot phishing emails, finds report: An online phishing quiz conducted by Intel Security found that 97 percent of people failed to correctly identify all of the sample emails in the test. SCMagazine, May 19, 2015

Cyber Insurance

Cyber Insurance: Why is Growth Stymied?: A dearth of actuarial data stymies the growth of the cyber insurance market, industry experts told Congress at a March 22 hearing. BankInfoSecurity, March 22, 2016

Cyber Security in Society

Cyber Privacy

Gmail’s encryption warning spurs 25 percent increase in encrypted inbound emails: Google’s efforts to keep users safe might be forcing other email providers to make better security decisions. In February, the company started flagging unencrypted emails, allowing Gmail users to know whether they’re sending emails to, or receiving emails from, providers that don’t support TLS encryption. Since then, the amount of inbound mail sent over an encrypted connection to Gmail users has increased by 25 percent, Google explained in a blog post released today. TheVerge, March 24, 2016

iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage: Jonathan Zdziarski, a leading independent Apple iOS security researcher and forensics expert, has a theory about the FBI’s newly discovered potential route into the iPhone 5C used by San Bernardino shooter Syed Farook. In a blog post, Zdziarski wrote that the technique the FBI is planning to use to get around having to compel Apple to help bypass the phone’s security is likely a method called NAND mirroring—a hardware-based approach that, while effective, is far from the “golden key” software the FBI had sought. ars technica, March 23, 2016

F.B.I. Clash With Apple Loosed a Torrent of Possible Ways to Hack an iPhone: SAN FRANCISCO — For weeks, the United States government has said that the only way to open an iPhone used by a gunman in a mass shooting was to get Apple’s help, a position that set off a clash between the technology giant and law enforcement. The New York Times, March 23, 2016

Cyber Attack

Certified Ethical Hacker website caught spreading crypto ransomware: For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers. ars technica, March 24, 2016

Financial Cyber Security

Banks failing with password management, but why?: A recent study shows some terrifying results: banks in the U.S. often have less secure password policies in place than do social media websites. Specifically, the study found that 35 percent of the test group appear to have a significant weakness in their password policies used by their customers to access their accounts and manage their money. HelpNetSecurity, March 25, 2016

Small banks face the greatest risk from hackers: Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines. But the Federal Reserve Bank of Boston and other regulators worry that smaller banks, with less robust cybersecurity, provide easier targets for criminals, terrorists, and foreign states seeking to infiltrate the US financial system. BostonGlobe, March 24, 2016

Bank password policies are often substandard, study finds: A study of 17 major US banks shows that six of them have weak password handling and that their password procedures are weaker than most social websites. HelpNetSecurity, March 4, 2016

Critical Infrastructure

Water treatment plant hacked, chemical mix changed for tap supplies: Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, we’re told. TheRegister, March 24, 2016

The Most Vulnerable Ransomware Targets Are the Institutions We Rely On Most: Earlier this month a Los Angeles hospital became yet another victim of ransomware—a type of cyber attack where hackers encrypt data on individuals’ or institutions’ computers and demand a ransom to unlock the information. A few weeks later the Los Angeles County Department of Health Services reportedly suffered a similar fate. These are just two cases in a rising tide of ransomware hacks, and experts predict the problem is only going to get worse. Unfortunately, it turns out that some of easiest ransomware attack targets are the critical establishments that we rely on most. Scientific American, March 23, 2016

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy