Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, January 21, 2018

January 21, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, January 21, 2018

Individuals at Risk

Cyber Defense

90% of Gmail users could improve their security easily, but don’t: Google has finally admitted something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification (2SV) security. Naked Security, January 19, 2018

Google removes 53 apps from official Play Store because they were spreading a new breed of Android malware named GhostTeam that could steal Facebook credentials and push ads to infected phones: Google has removed 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam that could steal Facebook credentials and push ads to infected phones. BleepingComputer, January 18, 2018

Intel Confirms Fresh Spectre, Meltdown Patch Problems: Intel says the firmware updates it developed to help protect users against Meltdown and Spectre flaws are causing stability problems in its newest chips. BankInfoSecurity, January 18, 2018

Internet of Things

Some Basic Rules for Securing Your IoT Stuff: Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldn’t begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and “smart” lightbulbs. KrebsOnSecurity, January 17, 2018

Cyber Warning

Hackers are using recent Microsoft Office vulnerabilities to distribute malware: Malware can steal passwords, bitcoin wallets, software keys, as well as carry out DDoS attacks and more — and a campaign distributing it is targeting telecommunications, insurance, and financial services. ZDNet, January 19, 2018

Hackers cast out 300% more phishing attacks via messages: This research provides a clear warning that everyone must be thorough and diligent when it comes to clicking on links, always be sceptical. CBR, January 18, 2018

Chromecast and Google Homes reportedly overloading home Wi-Fi: Users on the Google help forums and Reddit are reporting that Google Home and Google Chromecast devices are causing issues with their Wi-Fi networks. Users say hooking up these Google hardware products leads to an unstable Wi-Fi network or a network that goes down entirely. ars technica, January 17, 2018

Found: New Android malware with never-before-seen spying capabilities: Last year, researchers found what at the time was quite possibly the world’s most sophisticated espionage app ever written for the Android mobile operating system. Now, in a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording and other features that have never been seen in the wild before. ars technica, January 16, 2018

MaMi malware targets Mac OS X DNS settings: A researcher has discovered a strain of malware in the wild which targets Mac OS X users. ZDNet, January 15, 2018

Fake Meltdown/Spectre Patch Installs Malware: Cybercriminals are already taking advantage of the massive attention the recently detailed Meltdown and Spectre CPU flaws have received, in an attempt to trick users into installing malware instead, Malwarebytes warns. SecurityWeek, January 15, 2018

Information Security Management in the Organization

Information Security Management and Governance

Supply Chain Cyber Attacks Illustrate Importance of Vendor Risk Management: While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security. DarkReading, January 19, 2018

Cyberattacks on Hotels — What Should Hotel Owners and Operators Do?: Almost as soon as there were data breaches, hotels became a prime target of hackers, and the hospitality industry has consistently been one of the most commonly targeted businesses. Since 2010, hotel properties ranging from major multinational corporations to single location hotels have been impacted. Robert Braun, SecureTheVillage Leadership Council, JMBM Cybersecurity Lawyer Forum, January 12, 2018

Cyber Awareness

Google’s Confusing Gmail Security Alert Looks Exactly Like a Phishing Attempt: Last week, my partner got a strange email alert from Google—or at least it looked like it came from Google. Motherboard, January 16, 2018

Staying Secure on the Road: We want you to be able to make the most of technology at all times, including when you travel. In this newsletter, we cover how you can connect to the Internet and use your devices securely on the road. SANS, February 2017

Cyber Warning

Linux and Windows Servers Targeted with RubyMiner Cryptocurrency Malware: Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers. BleepingComputer, January 15, 2018

Box users scramble as files disappear for several days: Business user file sync and sharer Box “sank” for some users late last week, who took to forums and social media complaining they could not see any of their files. TheRegister, January 15, 2018

Cyber Defense

Fujitsu will replace passwords and keycards with palm scanning for 80K employees in Japan: The new authentication method, which verifies a user based on a vein in their palm, will give employees access to buildings and desktops. TechRepublic, January 19, 2018

Meltdown-Spectre: More businesses warned off patching over stability issues: Industrial companies are being told to avoid some Meltdown and Spectre fixes after reports of problems. ZDNet, January 15, 2018

Cybersecurity in Society

Cyber Crime

Hospital Pays $55K Ransomware Demand Despite Having Backups: An Indiana hospital paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations last week. BleepingComputer, January 16, 2018

OnePlus suspends credit card payments after customers report fraudulent purchases: OnePlus has temporarily shut down credit card payments on its website following reports that customers’ payment details were stolen after they bought goods through its online store. The company says it’s disabling credit card payments “as a precaution,” but will still be accepting purchases through PayPal. OnePlus also says it’s looking for “alternative secure payment” options. TheVerge, January 16, 2018

Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter after phony emergency call to Kansas police last month triggered fatal shooting: Tyler Raj Barriss, a 25-year-old serial “swatter” whose phony emergency call to Kansas police last month triggered a fatal shooting, has been charged with involuntary manslaughter and faces up to eleven years in prison. KrebsOnSecurity, January 15, 2018

Hackers Hijack DNS Server of BlackWallet to Steal $400,000: Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and has stolen over $400,000 from users’ accounts. BleepingComputer, January 14, 2018

Cyber Danger

Cyber-attacks are a top three risk to society, alongside natural disaster and extreme weather: A report has warned that ransomware, Internet of Things hacks, and industrial attacks could be almost as big a problem as natural disasters and extreme weather. ZDNet, January 17, 2018

Cyber Privacy

iPhone’s Apple Health data used as evidence in murder trial: If you have an iPhone running iOS 6S or later, you’ve got Apple’s Health App, which accurately records steps. You’ve also got the Altimeter app, which keeps track of changes in elevation, to track how many stairs you’ve climbed. NakedSecurity, January 15, 2018

Cyber Attack

How the Triton malware shut down critical infrastructure in the Middle East: The December attack leveraged a zero-day flaw, and user error, to infect industrial equipment. TechRepublic, January 19, 2018

Know Your Enemy

North Korean Hacker Group Seen Behind Crypto Attack in South: The same North Korean hacking outfit associated with the Sony Pictures Entertainment data theft was behind attacks on South Korean cryptocurrency users and exchanges toward the end of last year, U.S.-based researchers said. Bloomberg, January 16, 2018

Cyber Freedom

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. HelpNetSecurity, January 19, 2018

National Cybersecurity

Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes: The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that country’s financial system amid its ongoing war with separatists loyal to the Kremlin. The Washington Post, January 12, 2018

 

Cyber Sunshine

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com: Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com. KrebsOnSecurity, January 15, 2018

Cryptocurrency

World’s Largest Spam Botnet Is Pumping and Dumping an Obscure Cryptocurrency: Necurs, the world’s largest spam botnet, is currently sending millions of spam emails that push an obscure cryptocurrency named Swisscoin. BleepingComputer, January 17, 2018

Cyber Miscellany

21 states sue FCC to restore net neutrality rules: Twenty-one states and the District of Columbia today kicked off a lawsuit to overturn the Federal Communications Commission’s repeal of net neutrality rules. Advocacy groups are also suing the FCC. ars technica, January 16, 2018

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy