Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, August 19, 2018

August 19, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, August 19, 2018

Individuals at Risk

Cyber Update

Patch Tuesday, August 2018 Edition: Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “zero-day” flaws that attackers were already exploiting before Microsoft issued patches to fix them. KrebsOnSecurity, August 15, 2018

Cyber Defense

ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’: An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers. ThreatPost, August 17, 2018

Hanging Up on Mobile in the Name of Security: An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely. KrebsOnSecurity, August 16, 2018

Information Security Management in the Organization

Information Security Management and Governance

The Future Has Arrived: How CEOs Can Navigate Through Digital Bewilderment … A 2020 perspective: Information security threats are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty, as they grapple with complex technology, data proliferation, increased regulation, and a debilitating skills shortage. Cbief Executive, August 17, 2018

Bring These Security Metrics to Your Next Budget Meeting With the Board: Just about every chief information security officer (CISO) has a common objective when it comes to making a case for security: proving a return on investment (ROI) and obtaining the budget needed to provide the best defense in the future. If the case is for security ROI, it must rely on metrics.“You can’t own a problem if you don’t measure it,” Jason Christopher, chief technology officer (CTO) at cyber risk optimization firm Axio Global, Inc., wrote in a post for Forbes. “If you’re not measuring it, then there’s no way to address it.” SecurityIntelligence, August 17, 2018

Report: Mid-sized businesses lose more to cybercrime than large or small ones. Average loss more than $400,000 for US companies with 200 to 1,000 employees: A new report on cybercrime shows mid-market companies — 500 to 999 employees — experience greater losses than smaller or larger ones. TNW, August 10, 2018

Cyber Defense

How to Protect Your Organization From Insider Threats: Technology becomes outdated in the blink of an eye. Similarly, a new security system deployed today to secure infrastructure or data is almost inherently going to be less secure tomorrow. In an era of fast communication, there are lots of people eager to break new technology — to find vulnerabilities and weaknesses in systems, ethically or unethically.However, it’s not always malicious actors outside the organization who are at fault. Insider threats are a real danger as well and should not be overlooked. SecurityIntelligence, August 17, 2018

The five components of a successful incident response program: According to IBM’s 2018 Cost of a Data Breach study, the impact of a data breach on an organization averages $3.86 million, though more serious “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often boils down to the effectiveness and speed of the incident response process. ITSP Magazine, August 17, 2018

AI for cybersecurity is a hot new thing—and a dangerous gamble: Machine learning and artificial intelligence can help guard against cyberattacks, but hackers can foil security algorithms by targeting the data they train on and the warning flags they look for. MIT Technology Review, August 11, 2018

Top 6 Application Security Must Dos with Limited Resources: The vast majority of application security teams are under resourced, if resourced at all. Application security (AppSec) teams should scale with development teams, but this rarely happens. So, given this disadvantage, how can you make your applications safe and be effective with application security? The only way application security scales given limited resources is shifting responsibility back to the developers. Medium, June 21, 2018

Think like a hacker: How to protect your business from cyber attacks: Businesses cannot afford to neglect cyber security in 2018. A recent report published by Beaming found that UK businesses are attacked online every 2.5 minutes, with the average firm suffering from 52,596 cyber-attacks between April and June 2018. Bytestart.co.uk, 2018

Secure The Human

Email Security Best Practices to Help You Reel In the Threat of Phishing: Understanding and implementing email security best practices has never been more important, but enterprises around the globe are still struggling. Despite its age and pervasive use, email is still one of the top attack vectors when it comes to security breaches. SecurityIntelligence, August 16, 2018

Cybersecurity Awareness Must Generate From The Top: In a cybersecurity situation, your first line of defense may be to call the CTO, but planning and prevention is really an enterprise-wide responsibility. When executives acknowledge that cybersecurity should be integral to the overall strategy of an organization, a culture is created where security isn’t just a cost center or required set of checkboxes, but rather a game plan to better enable the business. Chief Executive, April 12, 2018

Cyber Talent

#Blackhat2018: Cybersecurity’s insidious new threat: workforce stress: The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new “community” track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. MIT Technology Review, August 7, 2018

A sign of the times: CSULB will offer cybersecurity minor for the first time this fall: Employees don’t have to be tech geniuses to know how to protect their company’s data—and that’s the goal of the new minor in cybersecurity at Cal State Long Beach. Long Beach Post, July 19, 2018

Cybersecurity in Society

Cyber Crime

‘Hacky hack hack’: Teen arrested for breaking into Apple’s network: An Australian teenager may have found it amusing enough when he managed to break into Apple’s mainframe to name a folder full of stolen Apple files “hacky hack hack,” but law enforcement has not found it funny. TechRepublic, August 17, 2018

Lessons from Hollywood Cybercrimes: Combating Online Predators: Everyone has emails and other digital information that they consider to be no one’s business except their own. Our emails contain everything from tax returns to intimate photos meant only for someone special. Imagine the horror if a hacker infiltrated an email account belonging to someone you knew and made those emails public. Imagine the horror if it happened to you. Berkeley Journal of Entertainment and Sports Law, July 1, 2018

Cyber Freedom

NBC claims Bill Nelson wasn’t making things up when he said Russians hacked Florida election systems: WASHINGTON — Sen. Bill Nelson, a Florida Democrat, has reaped the political whirlwind in the 10 days since he proclaimed that Russian hackers had “penetrated” some of his state’s county voting systems.The governor of Florida, Rick Scott, a Republican who is running against Nelson for his U.S. Senate seat this fall, has blasted his claim as irresponsible. The top Florida elections official, also a Republican, said he had seen no indication it’s true. And The Washington Post weighed in Friday with a 2,717-word fact check that all but accused Nelson — without evidence — of making it up. NBC News, August 17, 2018

Documents Reveal Successful Cyberattack in California Congressional Race: WASHINGTON — FBI agents in California and Washington, D.C., have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is a staunch supporter of President Trump. RollingStone, August 15, 2018

#Blackhat2018: Smartphones or pen and paper? Cybersecurity experts split on tech in voting: LAS VEGAS — Some of the brightest minds in cybersecurity want the U.S. voting system to embrace technology. Others want to keep tech as far away as possible. ABC News, August 10, 2018

Financial Cybersecurity

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning: On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries. KrebsOnSecurity, August 17, 2018

FBI Warns of ‘Unlimited’ ATM Cashout Blitz: The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. KrebsOnSecurity, August 12, 2018

Content Security

MPAA Updates Content Security Best Practices to Align With Trusted Partner Network: As part of its dynamic improvement efforts, the Motion Picture Association of America (MPAA) has announced the first update of its Content Security Best Practices since the formation of the Trusted Partner Network (TPN), which was launched in April in a joint venture with the Content Delivery and Security Association (CDSA), to raise and standardize the quality of assessors and to improve efficiency by reducing wasteful duplicative audits. MESA, August 16, 2018

Cyber Regulation

Ajit Pai grilled by lawmakers on why FCC spread “myth” of DDoS attack: An FCC Inspector General (IG) investigation found that the FCC lied to members of Congress multiple times in letters that answered questions about DDoS attacks that never happened. Pai’s FCC claimed for more than a year that a May 2017 outage in the public comments system was caused by multiple DDoS attacks. In reality, the FCC system crashed because it was unable to handle an influx of comments triggered by comedian John Oliver asking viewers of his program Last Week Tonight to oppose Pai’s net neutrality repeal. Ars Technica, August 14, 2018

Critical Infrastructure

Hacking The Electric Grid Is Damned Hard: The nightmare is easy enough to imagine. Nefarious baddies sit in a dark room, illuminated by the green glow of a computer screen. Meanwhile, technicians watch in horror from somewhere in the Midwest as they lose control of their electrical systems. And, suddenly, hundreds of thousands, even millions of Americans are plunged into darkness. FiveThirtyEight, August 13, 2018

Cryptocurrency

Bitcoin developer finds potentially crippling security flaw in Bitcoin Cash: Another massive security vulnerability in a major cryptocurrency has been discovered, just sitting there, waiting to be exploited – and this time around it’s Bitcoin Cash. Its blockchain was open to being jammed with a toxic block that would have caused complete consensus failure. The bad block would have split the cryptocurrency in two, halting transactions and crippling its utility and price. TNW, August 10, 2018

SecureTheVillage Calendar

Webinar: Securing the Human. September 6 @ 10:00 am – 11:00 am. Stan’s Guests: Attorney Robert Braun, Jeffer Mangels Butler & Mitchell, Co-chair of the Firm’s Cybersecurity and Privacy Group, Member of SecureTheVillage Leadership Council; Kimberly Pease, Vice President, Citadel Information Group.

Webinar: Managing Security of the IT Infrastructure. October 4 @ 10:00 am – 11:00 am.

Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture.

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy