Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, January 7, 2018

January 7, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, January 7, 2018

Cyber Defense Special: Spectre & Meltdown

The Citadel Perspective

A fascinating week in the information security world: the discovery of three  extremely subtle bugs – vulnerabilities – in the computer chips that drive the world has everyone – properly – concerned.  What a tremendous – hopefully painless – learning lesson. So let’s lay it out.

  • What’s going on?
  • What do we do about it?
  • What does it mean?
  • Special Cybersecurity News of Week Reference Section

And now … on to the rest of this week’s Cybersecurity News:

Individuals at Risk

Cyber Privacy

​240,000 Homeland Security employees, case witnesses affected by data breach: A database used by the Department of Homeland Security’s Office of the Inspector General has been confirmed as breached, affecting 247,167 current and former employees and individuals associated with the department’s previous investigations. ZDNet, January 4, 2018

Cyber Update

Google Patches Multiple Critical, High Risk Vulnerabilities in Android: Google patched several Critical and High severity vulnerabilities as part of its Android Security Bulletin for January 2018. SecurityWeek, January 3, 2018

Cyber Defense

36 fake security apps removed from Google Play: Google has recently pulled 36 fake security apps from Google Play, after they’ve been flagged by Trend Micro researchers. HelpNetSecurity, January 4, 2018

Cyber Warning

This Android malware mimics Uber to steal your login and password: Uber users with Android smartphones are being targeted with malware that shows victims a fake version of the ride-hailing service, in order to steal their credentials. ZDNet, January 4, 2018

Windows Hello face recognition spoofed with photographs: “You are the password,” is the catchy marketing slogan Microsoft used to launch its Windows 10 Hello face authentication system in 2015. NakedSecurity, January 3, 2018

Many GPS Tracking Services Expose User Location, Other Data: Researchers discovered that many online services designed for managing location tracking devices are affected by vulnerabilities that expose potentially sensitive information. SecurityWeek, January 2, 2018

Do YOU save passwords on your browser? Major security flaw in autofill tool means your personal details and online habits could be revealed to hackers: Passwords stored on web browsers such as Google Chrome or Safari aren’t as secure as you think, according to new research. DailyMail, January 2, 2018

Information Security Management in the Organization

Information Security Management and Governance

Top Cyber Risks Businesses Should Prepare for in 2018: This year’s top six cyber risks for businesses, according to The Chertoff Group principal Adam Isles, include: increase in destructive attacks targeting industrial control systems, expansion of IoT as a threat vector, evolution in nation-state activity tradecraft, advances in identity subversion as a tactic, increased use of software subversion to bypass security controls and increase in third-party risk. Coporate Counsel, January 4, 2018

Cyber Warning

Server Cryptomix Ransomware Variant Released: The devs behind the Cryptomix ransomware just keep pushing them out. A new Cryptomix variant was released last week that appends the .SERVER extension to encrypted files and changes the contact emails used by the ransomware. BleepingComputer, January 4, 2018

Cyber Update

Critical Vulnerability Patched in phpMyAdmin: An update released just before the holidays by the developers of phpMyAdmin patches a serious vulnerability that can be exploited to perform harmful database operations by getting targeted administrators to click on specially crafted links. SecurityWeek, January 2, 2018

VMware Issues 3 Critical Patches for vSphere Data Protection: VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. ThreatPost, January 2, 2018

Cybersecurity in Society

Cyber Crime

Reddit investigating internal hack after users report stolen Bitcoin Cash tips: Another day, another wild mystery in the world of crypto. Reddit has confirmed it is investigating a possible internal security threat after several members of the Bitcoin Cash subreddit – more commonly known as /r/BTC – reported their accounts were purportedly hacked and emptied out of their funds. The Next Web, January 4, 2018

Know Your Enemy

Iranian Hackers: Sophisticated, Frustrated and a Rising Global Threat: SAN FRANCISCO — Between breaking into the email accounts of United States government officials, political dissidents and international human rights organizations, Iranian hackers liked to joke about their slow internet service, poor pay and lack of skilled colleagues. The New York Times, January 4, 2018

Ukraine called a “training ground” for Russian hacking attacks on west: Ukraine has become a “training ground” for Russian hackers wishing to perpetrate cyber-attacks on the west, a Kyiv security expert has claimed. SC Magazine, January 2, 2018

Cyber Freedom

New bill could finally get rid of paperless voting machines: A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. ars technica, January 2, 2018

Security Leadership

No Place For Passivity in Cybersecurity Leadership: By and large, the news in 2017 was not good on the cybersecurity front. Whether you follow media headlines or industry studies, attacks are up, breaches are larger and threat actors are more sophisticated than ever. Unfortunately, many organizations fail to take basic precautions to mitigate these risks. As a result, breaches often go unreported, leaving millions of customers unaware that their personal data is exposed. SecurityIntelligence, January 3, 2018

Cyber Conscious: Why Time Is Running Out for Executives With No Cybersecurity Initiatives: With the arrival of the new year comes new changes. Businesses are implementing new sales strategies, new products and services and new management teams. There is no denying that the business landscape has dynamically changed since the start of the 21st century. [Oldie but Goodie]. SecurityIntelligence, January 14, 2016

Cryptocurrency

Cybercriminals dropping Bitcoin for more private cryptocurrencies: Cybercriminals appear to be dropping bitcoin for more private cryptocurrencies as law enforcement develop new technology and techniques to monitor and match transactions to crimes. SC Magazine, January 2, 2018

Cyber Sunshine

Louisiana man busted in ‘Nigerian prince’ scam. Faces 269 counts of wire fraud and money laundering for his part in a Nigerian prince email scam: A 67-year-old Louisiana man faces 269 counts of wire fraud and money laundering for his part in a Nigerian prince email scam. SC Magazine, December 30, 2017

Cyber Miscellany

Artificial Intelligence to listen for suicidal thoughts on social media: Canada is planning a pilot project to see if Artificial Intelligence (AI) can find patterns of suicidality – i.e., suicidal thoughts or attempts, self-harm, or suicidal threats or plans – on social media before they lead to tragedy. NakedSecurity, January 4, 2018

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy