Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, October 22, 2017

October 22, 2017 by Stan Stahl Ph.D.

Cybersecurity News of the Week, October 22, 2017

Individuals at Risk

Identity Theft

IRS chief: assume your identity has been stolen: You’ve been told privacy is dead? It’s actually worse than that. Your identity has been reanimated as a zombie and it could be roaming about trying to do things without your consent. NakedSecurity, October 19, 2017

Study finds Californians most vulnerable to identity theft, fraud: Californians are hurt more by identity theft and fraud than residents of any other state, according to a newly released WalletHub study. SacramentoBee, October 18, 2017

Equifax gets a John Oliver roasting. Says Freeze Your Credit. [Video. Adult Language]: Comedian John Oliver on his HBO show “Last Week Tonight” lambasted Equifax and its response to a massive cybersecurity breach in which the personal data of 145.5 million Americans was compromised. TheHill, October 16, 2017

Cyber Defense

To Protect Children From Identity Theft, Parents Must Be Proactive: Picture a 5-year-old’s Social Security card. For identity thieves who get their hands on it, that number could be used to apply for credit cards, rent a home or get government benefits, among other uses, according to the Federal Trade Commission. And it could be years before parents discover their children’s information has been misused. NPR, October 18, 2017

Cyber Warning

Locky Ransomware Spam Infects via Microsoft Office: Attackers wielding Locky ransomware have a new trick up their sleeves: the ability to infect PCs via malicious Microsoft Word documents by using an application-linking feature built into Windows. BankInfoSecurity, October 20, 2017

Kid’s safety threatened by critical security & privacy flaws in kids’ smartwatches, report finds: Has Santa Claus, the Tooth Fairy or the agnostic Birthday Gnome ever gifted your tot a smartwatch? NakedSecurity, October 19, 2017

Cyber Warning — WiFi

KRACK Vulnerability: What You Need To Know: This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not affect HTTPS traffic, and KRACK’s discovery does not mean all Wi-Fi networks are under attack. For most people, the sanest thing to do is simply continue using wireless Internet access. Electronic Frontier Foundation, October 19, 2017

What You Should Know About the ‘KRACK’ WiFi Security Weakness: Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it. KrebsOnSecurity, October 16, 2017

How to Defend Against the KRACK Vulnerability: It was announced (Monday, 16 October, 2017) that the globally used WPA2 Wi-Fi security protocol has been broken. This standard is the most commonly used security standard used by Wi-Fi networks around the world. The attack targets (and breaks) the 4-way handshake that establishes the use of the unique encryption keys for that session. The attack is called KRACK by it’s author Mathy Vanhoef. The security community is still learning the details and understanding it’s impact, so if you can hold off on communicating about it, we would recommend it until everyone has a more complete picture. Long story short, no need to panic. However, if you need to communicate something, here are some basics. SANS, October 16, 2017

Serious flaw in WPA2 protocol lets attackers intercept passwords and much more: Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. ars technica, October 16, 2017

Information Security Management in the Organization

Information Security Management and Governance

PwC Report: 5 steps leaders can take to improve cybersecurity in their organization: Nearly half of companies do not have an overall information security strategy, according to a new report from PwC. Here’s how leaders can step up cybersecurity measures. TechRepublic, October 18, 2017

Cyber Awareness

10 Social Engineering Attacks Your End Users Need to Know About: It’s Cybersecurity Awareness Month. Make sure your users are briefed on these 10 attacker techniques that are often overlooked. DarkReading, October 19, 2017

Survey shows most workers misunderstand cybersecurity: How to improve awareness in your organization. A 2017 report from Wombat Security revealed that most US workers don’t understand concepts like ransomware and Wi-Fi security. These tips will help you improve user cybersecurity awareness. TechRepublic, October 19, 2017

Cyber Warning

Millions of high-security crypto keys crippled by newly discovered flaw: Factorization weakness lets attackers impersonate key holders and decrypt their data. ars technica, October 16, 2017

Cyber Defense

How to Talk to the C-Suite about Malware Trends: There is no simple answer to the question ‘Are we protected against the latest brand-name malware attack?’ But there is a smart one. DarkReading, October 20, 2017

Cybersecurity Lessons from Petya and WannaCry to Better Protect the Network: On May 12th, 2017, the first case of WannaCry ransomware was discovered and within a day, over 230,000 machines were estimated to have been infected in more than 150 countries. The scale and speed of this attack left the industry stunned. ITSP Magazine, October 2017

To be effective, infosec pros need to help IT understand the ‘why’ behind the checklists: Let’s face it, in the CyberSecurity profession, we like to learn things the hard way. When the term computer security first came about, it was in reaction to events occurring and not necessarily by design. Someone broke into a network/computer system and the boss pointed a finger at the first person outside his/her door and said go fix it, make it stop. With that, the first computer security pro was born; born out of necessity. ITSP Magazine, October 2017

Cyber Law

Employees Sue Home Health Provider After Phishing Breach: A class action lawsuit claims that thousands of employees of a home healthcare services firm were harmed by the disclosure of their personal information in a breach earlier this year involving a business email compromise scam. Earlier, regulators fined the company for another breach. BankInfoSecurity, October 19, 2017

Cybersecurity in Society

Cyber Privacy

Microsoft and Justice Department Will Square Off in Supreme Court Over Critical Privacy Case: The US Supreme Court has agreed to hear arguments in a critical case over data privacy, the outcome of which will likely determine how easily law enforcement can gain access to information stored in tech companies’ overseas data centers. Microsoft will go head-to-head with the Justice Department, arguing that the agency cannot use a warrant to collect emails held in Microsoft’s Ireland data center. GIZMODO, October 16, 2017

Cyber Defense

LA Chief Information Security Officer Timothy Lee Among ‘Top 17 State & Local Cybersecurity Leaders to Watch’: I am currently the chief information security officer (CISO) at the City of Los Angeles. I am responsible for overall cybersecurity strategies, policies and initiatives for America’s second largest city. I established and chaired the city’s Cyber Intrusion Command Center and founded the cybersecurity public-private partnership organization LA Cyber Lab. I implemented and direct the city’s first Integrated Security Operations Center (ISOC), which won several awards including the Center for Digital Government’s Cybersecurity Leadership and Innovation Award. Prior to this position, I served as the CISO at the Port of Los Angeles, where I established and managed the port’s cybersecurity program. I concurrently served as network and communication manager responsible for ensuring the support and delivery of the Port’s voice and data communication networks. I have a total of 20 years of experience in the information security, network and telecommunication field. I have an MBA degree and professional certifications in CISSP and PMP. I am a recipient of the 2016 StateScoop 50 Award and I have spoken at several conferences. StateScoop, October 21, 2017

Cyber Freedom

Wary of Hackers, States Move to Upgrade Voting Systems: WASHINGTON — State election officials, worried about the integrity of their voting systems, are pressing to make them more secure ahead of next year’s midterm elections. The New York Times, October 14, 2017

Cyber Law

What Cybersecurity Standard Will a Judge Use in Equifax Breach Suits?: Those affected by data breaches now have increasing opportunities to take their claims to court. Last month, in northern California’s federal district court, Judge Lucy Koh upheld the right of victims to sue Yahoo for massive breaches between 2013 and 2016. Victims of the Equifax hack, which impacted millions more than initially reported, are filing dozens of lawsuits. And in another ruling last month, Koh upheld a class of health insurance company Anthem’s data breach victims right to sue for a recently revealed second breach—shortly after Anthem was ordered to pay $115 million to victims and credit-monitors after the first incident. LawFare, October 20, 2017

Financial Cyber Security

Overlay Technique from Brazilian Banking Trojans Making Resurgence: New analysis says heavy reliance on overlays and manual remote execution of transactions being combined with more advanced features of traditional banking Trojans. DarkReading, October 20, 2017

Secure the Village

FBI to DDoS Victims: Please Come Forward: Have you been the victim of a distributed denial-of-service attack? If so, the FBI wants you to please come forward. BankInfoSecurity, October 19, 2017

Cyber Miscellany

Brian Krebs Given Prestigious ISSA’s ‘President’s Award’: KrebsOnSecurity was honored this month with the 2017 President’s Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual’s contribution to the information security profession in the area of public service. KrebsOnSecurity, October 16, 2017

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy