Individuals at Risk
Cyber Privacy
Think You’ve Got Nothing to Hide? Think Again — Why Data Privacy Affects Us All: We all hear about privacy, but do we really understand what this means? According to privacy law expert Robert B. Standler, privacy is “the expectation that confidential personal information disclosed in a private place will not be disclosed to third parties when that disclosure would cause either embarrassment or emotional distress to a person of reasonable sensitivities.” SecurityIntelligence, July 13, 2018
Tennessee Health Department Fails to Properly Secure Server, Exposes Sensitive Personal Information of HIV/AIDS Patients: An incident involving an unsecured database containing information about thousands of HIV/AIDS patients in Tennessee is shining a spotlight on privacy risks involving sensitive health data. BankInfoSecurity, July 12, 2018
Identity Theft
To Catch A Thief – Lessons We Can All Learn From Demi Moore’s Identity Theft Drama: The recent film Ocean’s 8 is the story of a group of thieves that steal a priceless necklace from a famous movie actress, in plain sight. A series of cons are pulled off that enable the heist to occur without the actress knowing. By the time she realizes the necklace is gone, it’s too late. The film was slick, fun and captured moviegoers’ attention. Forbes, July 13, 2018
Cyber Update
Patch Tuesday, July 2018 Edition: Microsoft and Adobe each issued security updates for their products today. Microsoft’s July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat. KrebsOnSecurity, July 20, 2018
Cyber Warning
New Twist on Sextortion Scam Uses Recipient’s Hacked Passwords: Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address. KrebsOnSecurity, July 12, 2018
Information Security Management in the Organization
Cyber Crime
Mid-market cybercrime: The digital crime wave that’s thriving under the radar: There are more than 4,000 bank robberies per year in the United States, and they almost always garner big attention beyond the towns where they happen. Fortunately, these institutions usually have the means to expeditiously recover from such criminal activity. ITSP, July 10, 2018
Cyber Defense
Unsanctioned Apps Invite Fox into Cybersecurity Hen House: In this InfoSec Insider, Tim Bandos looks at why network admins will want to keep a close watch on network traffic within the enterprise. ThreatPost, July 13, 2018
How to Solve the Developer vs. Cybersecurity Team Battle: InfoSec Insider Chris Eng tackles how companies can bring bridge the divide between software developers and cybersecurity teams to bring to market reliable and secure applications. ThreatPost, July 9, 2018
Cyber Warning
WordPress Sites Targeted in World Cup-Themed Spam Scam: Spammers using a ‘spray & pray’ approach to post comments on WordPress powered blogs, forums, says Imperva. DarkReading, July 12, 2018
Cyber Update
Cisco Patches High-Severity Bug in VoIP Phones: Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS. ThreatPost, July 12, 2018
Secure The Human
6 top tips to make cybersecurity training more fun: How do you keep your team engaged and alert to evolving cybersecurity threats? Mark Stevens of Digital Guardian has some tips. SiliconRepublic, July 10, 2018
A Field Guide to “Social Engineering” Cyber Scams: Any hobbyist will tell you that a proper guide is a must to mastering a craft. However, a hobby is a part-time occupation; most of us know that our businesses need full-time attention. Because cybersecurity threats can impact core business activities, addressing those threats, especially those known as “social engineering” and cyber scams, is not a mere pastime — it’s a full-time job. Robert Braun, Co-chair of Cybersecurity and Privacy Law Group, Jeffer Mangels Butler & Mitchell. Member of SecureTheVillage Leadership Council. Cybersecurity Lawyer Forum, July 10, 2018
NIST National Initiative for Cybersecurity Education (NICE) Seeks Comments on Draft Workforce Management Guidebook: Cybersecurity is Everyone’s Job: The human is the greatest vulnerability in any organization. … This guidebook provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity. It can be read as a complete guide, or by each business function as standalone guides. This is about turning the organization’s greatest vulnerability—its people—into the organization’s greatest asset. The NICE Working Group Workforce Management Subgroup is requesting feedback on this document during the public comment period, which ends July 31, 2018. NIST, 2018
Cyber Talent
What the birds can teach us about building a diverse cybersecurity team: When you hear the term birds of a feather do you finish the sentence and say flock together? Do you think of like-minded people spending time together? I had written an article on the topic a while ago with the focus of hiring and retaining top talent in general. But this time I am turning the focus to cybersecurity and the female gap since it has been a hot topic in the cybersecurity field and the primary focus for researchers and organizations for the past few years. EC-Council, July 13, 2018
Building the Next Generation of Cybersecurity Talent: Everyone in the cybersecurity space can agree that we are in the midst of an enormous skills shortage. ISACA predicts that we will be short two million cybersecurity professionals by 2019. InfoSecurity, July 13, 2018
Cyber Compliance
ICYMI | What CPAs Need to Know about New York’s New Cybersecurity Requirements: New York State recently adopted a “first-in-the-nation” set of cybersecurity compliance requirements that impact any businesses or organizations that report to the Department of Financial Services (DFS). Effective March 1, 23 NYCRR 500 is meant to anticipate, address, and thwart cybercriminals by requiring “each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.” CPA Journal, July 2018
Coordination Game: The Global Cybersecurity Legal Ecosystem and Business Obligations for Data Protection: Practices adopted to comply with U.S. breach notification and cybersecurity obligations may not be sufficient in other international jurisdictions. Law.com, July 10, 2018
Cybersecurity in Society
Cyber Crime
RiskIQ: Ticketmaster Hackers Compromised Widely Used Tools: The criminal group behind the recent data breach at certain Ticketmaster websites may have also scooped up payment card and personal details from those using the company’s sites in Australia, New Zealand, Turkey and Hungary, according to RiskIQ, which says the group’s digital payment card skimmers may also affect as many as 800 other e-commerce sites. BankInfoSecurity, July 12, 2018
Cyber Defense
IRS makes summertime push for tax pro cybersecurity; says cybersecurity a major issue for tax preparers, as cybercriminals increasingly targeting tax professionals in effort to get client data for use tax fraud and identity theft: The Internal Revenue Service and its partners in the Security Summit, which include state tax agencies and the private sector tax industry, have started a summertime awareness campaign to encourage tax professionals to secure their client data, with a newly expanded guide. Accounting Today, July 10, 2018
Cyber Defense
IRS makes summertime push for tax pro cybersecurity; says cybersecurity a major issue for tax preparers, as cybercriminals increasingly targeting tax professionals in effort to get client data for use tax fraud and identity theft: The Internal Revenue Service and its partners in the Security Summit, which include state tax agencies and the private sector tax industry, have started a summertime awareness campaign to encourage tax professionals to secure their client data, with a newly expanded guide. Accounting Today, July 10, 2018
Cyber Freedom
Maryland told its voter registration vendor financed by Russian oligarch: Top Maryland officials say the FBI told them this week that the state’s voter registration platform was purchased by a Russian oligarch in 2015, without state officials knowing. The FBI did not indicate a breach occurred, but state officials say they’re moving forward with a full review. CBS, July 13, 2018
‘Warning Lights Are Blinking Red,’ Top Intelligence Officer Says of Russian Attacks: WASHINGTON — The nation’s top intelligence officer said on Friday that the persistent danger of Russian cyberattacks today was akin to the warnings the United States had of stepped-up terror threats ahead of the Sept. 11, 2001, attacks. The New York Times, July 13, 2018
U.S. cybersecurity “not in a good place” for 2018, 2020 elections, says NYT’s David Sanger: Because the U.S. never took the steps necessary to respond to Russian meddling in the 2016 presidential election, the U.S. is “not in a good place” on cybersecurity, says David Sanger, national security reporter for The New York Times. CBS, July 13, 2018
Lawmakers, tech vendors fight over election cybersecurity efforts: Amid ongoing reports of foreign digital meddling in domestic elections, U.S. lawmakers are butting heads with the nation’s largest voting technology companies. CyberScoop, July 12, 2018
Election security legislation may be gaining steam in Congress: Momentum may finally be building in Congress to take new action to secure the elections from cyberthreats as the midterms approach. The Washington Post, Cybersecurity 202, July 12, 2018
Would Asking People To Hack America’s Election Systems Make Them More Safe?: There are four months until the midterm elections, and the security of state election systems remains a concern. The clock is ticking to ferret out problems and fix them before Nov. 6. Websites associated with voting continue to have poor cybersecurity hygiene, even after the revelation that hackers probed the systems of 21 states in the lead-up to the 2016 election. And while Congress has increased the funds available to states to improve their election systems, many are still jumping through bureaucratic hoops to actually access the money. FiveThirtyEight, July 12, 2018
Twitter’s fake account purge can help turn the tide against influence campaigns: Twitter is finally taking a flamethrower to fake and suspicious accounts, following months of public criticism that it wasn’t doing enough to crack down on the bots and trolls that used the platform to spread disinformation during the 2016 election. The Washington Post, Cybersecurity 202, July 9, 2019
Cyber Freedom – Russian Investigation
Russian Hackers Kept DNC Backdoor Longer Than Anyone Knew: The indictment Friday of 12 Russian military officers for the election hacks against the DNC and Hillary Clinton’s campaign lends a surprising new detail to the 2016 election interference timeline: The Kremlin’s hackers apparently still maintained a foothold in the DNC’s network four months after the Democrats announced that they’d locked the intruders out. Daily Beast, July 13, 2018
12 Russian Agents Indicted in Mueller Investigation: WASHINGTON — The special counsel investigating Russian interference in the 2016 election issued an indictment of 12 Russian intelligence officers on Friday in the hacking of the Democratic National Committee and the Clinton presidential campaign. The indictment came only three days before President Trump was planning to meet with President Vladimir V. Putin of Russia in Helsinki, Finland. The New York Times, July 13, 2018
How the Russians hacked the DNC and passed its emails to WikiLeaks: On a late July day in 2016, Donald Trump, the GOP nominee for president, stood at a lectern in Florida, next to an American flag, and urged a U.S. adversary to become involved in the election campaign and find tens of thousands of emails wiped from the server of his Democratic opponent, Hillary Clinton. The Washington Post, July 13, 2018
G.R.U., Russian Spy Agency Cited by Mueller, Casts a Long Shadow: MOSCOW — The Russian intelligence officers indicted on Friday by the United States special counsel, Robert S. Mueller III, served in a branch of the Russian military formerly known as the G.R.U., which has been linked in recent years to a number of increasingly bold, even reckless operations abroad. The Washington Post, July 13, 2018
National Cybersecurity
Mystery hacker trying to sell stolen US military documents, cybersecurity researchers say: Documents that could give an enemy clues into the potential weaknesses of the Pentagon’s MQ-9 Reaper drone purportedly have been up for sale on the Internet, a cybersecurity research firm says, amid concerns about whether the U.S. military is doing enough to protect its data. FOX News, July 11, 2018
Internet of Things
Fleets Steer Dangerously Close To Cyberattack Risks. KPMG says “fleet-wide attacks represent the next big disruptive threat to the automotive industry: Exploding interest in smart cars and autonomous vehicles isn’t just changing the way the average consumer drives. The fleet management market is slated to see a $28.66 billion market valuation by 2022, driven by the need for greater efficiency, and connected vehicles have become a gateway to sophisticated management and analysis of fleet operations for managers seeking greater control and reduced costs. PYMNTS, July 13, 2018
Cyber Enforcement
New York jury convicts two men for trading on hacked press releases. Federal jury in Brooklyn convicts 2 men for their roles to make $-millions by illegally trading on corporate press releases stolen by hackers before becoming public: New York jury convicts two men for trading on hacked press releases. Federal jury in Brooklyn convicts 2 men for their roles to make $-millions by illegally trading on corporate press releases stolen by hackers before becoming public. Reuters, July 6, 2018
Former ICE General Counsel Heads to Prison for Identity Theft. Opened Fraudulent Lines of Credit and Personal Loans in the names of Aliens: A former top legal adviser to the Immigration and Customs Enforcement bureau was sentenced to 48 months in prison for wire fraud and identity theft affecting aliens, the Justice Department announced on Thursday. Governemnt Executive, June 29, 2018
Cyber Sunshine
Notorious ‘Hijack Factory’ Shunned from Web: Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company. KrebsOnSecurity, July 11, 2018
Cryptocurrency
Cybersecurity Firm Kaspersky Calls Out Cryptocurrency Scams And Thefts: Russia-based cybersecurity firm Kaspersky recently released a report highlighting 2017’s cryptocurrency “social engineering schemes,” which saw criminals net millions in cryptocurrency value. Ethereum World News, July 12, 2018
SecureTheVillage Calendar
Webinar: Information Classification and Control. August 2 @ 10:00 am – 11:00 am.
Financial Services Cybersecurity Roundtable. August 10 @ 8:00 am – 10:00 am. Speaker: Jason Smolanoff of Kroll Associates. Host: Grandpoint Bank, John Coleman
Webinar: Securing the Human. September 6 @ 10:00 am – 11:00 am.
Webinar: Managing Security of the IT Infrastructure. October 4 @ 10:00 am – 11:00 am.
Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. Register Now. Early Bird Discount through August 17th.