Individuals at Risk
Cyber Update
Patch Tuesday, August 2018 Edition: Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “zero-day” flaws that attackers were already exploiting before Microsoft issued patches to fix them. KrebsOnSecurity, August 15, 2018
Cyber Defense
ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’: An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers. ThreatPost, August 17, 2018
Hanging Up on Mobile in the Name of Security: An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely. KrebsOnSecurity, August 16, 2018
Information Security Management in the Organization
Information Security Management and Governance
The Future Has Arrived: How CEOs Can Navigate Through Digital Bewilderment … A 2020 perspective: Information security threats are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty, as they grapple with complex technology, data proliferation, increased regulation, and a debilitating skills shortage. Cbief Executive, August 17, 2018
Bring These Security Metrics to Your Next Budget Meeting With the Board: Just about every chief information security officer (CISO) has a common objective when it comes to making a case for security: proving a return on investment (ROI) and obtaining the budget needed to provide the best defense in the future. If the case is for security ROI, it must rely on metrics.“You can’t own a problem if you don’t measure it,” Jason Christopher, chief technology officer (CTO) at cyber risk optimization firm Axio Global, Inc., wrote in a post for Forbes. “If you’re not measuring it, then there’s no way to address it.” SecurityIntelligence, August 17, 2018
Report: Mid-sized businesses lose more to cybercrime than large or small ones. Average loss more than $400,000 for US companies with 200 to 1,000 employees: A new report on cybercrime shows mid-market companies — 500 to 999 employees — experience greater losses than smaller or larger ones. TNW, August 10, 2018
Cyber Defense
How to Protect Your Organization From Insider Threats: Technology becomes outdated in the blink of an eye. Similarly, a new security system deployed today to secure infrastructure or data is almost inherently going to be less secure tomorrow. In an era of fast communication, there are lots of people eager to break new technology — to find vulnerabilities and weaknesses in systems, ethically or unethically.However, it’s not always malicious actors outside the organization who are at fault. Insider threats are a real danger as well and should not be overlooked. SecurityIntelligence, August 17, 2018
The five components of a successful incident response program: According to IBM’s 2018 Cost of a Data Breach study, the impact of a data breach on an organization averages $3.86 million, though more serious “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often boils down to the effectiveness and speed of the incident response process. ITSP Magazine, August 17, 2018
AI for cybersecurity is a hot new thing—and a dangerous gamble: Machine learning and artificial intelligence can help guard against cyberattacks, but hackers can foil security algorithms by targeting the data they train on and the warning flags they look for. MIT Technology Review, August 11, 2018
Top 6 Application Security Must Dos with Limited Resources: The vast majority of application security teams are under resourced, if resourced at all. Application security (AppSec) teams should scale with development teams, but this rarely happens. So, given this disadvantage, how can you make your applications safe and be effective with application security? The only way application security scales given limited resources is shifting responsibility back to the developers. Medium, June 21, 2018
Think like a hacker: How to protect your business from cyber attacks: Businesses cannot afford to neglect cyber security in 2018. A recent report published by Beaming found that UK businesses are attacked online every 2.5 minutes, with the average firm suffering from 52,596 cyber-attacks between April and June 2018. Bytestart.co.uk, 2018
Secure The Human
Email Security Best Practices to Help You Reel In the Threat of Phishing: Understanding and implementing email security best practices has never been more important, but enterprises around the globe are still struggling. Despite its age and pervasive use, email is still one of the top attack vectors when it comes to security breaches. SecurityIntelligence, August 16, 2018
Cybersecurity Awareness Must Generate From The Top: In a cybersecurity situation, your first line of defense may be to call the CTO, but planning and prevention is really an enterprise-wide responsibility. When executives acknowledge that cybersecurity should be integral to the overall strategy of an organization, a culture is created where security isn’t just a cost center or required set of checkboxes, but rather a game plan to better enable the business. Chief Executive, April 12, 2018
Cyber Talent
#Blackhat2018: Cybersecurity’s insidious new threat: workforce stress: The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new “community” track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. MIT Technology Review, August 7, 2018
A sign of the times: CSULB will offer cybersecurity minor for the first time this fall: Employees don’t have to be tech geniuses to know how to protect their company’s data—and that’s the goal of the new minor in cybersecurity at Cal State Long Beach. Long Beach Post, July 19, 2018
Cybersecurity in Society
Cyber Crime
‘Hacky hack hack’: Teen arrested for breaking into Apple’s network: An Australian teenager may have found it amusing enough when he managed to break into Apple’s mainframe to name a folder full of stolen Apple files “hacky hack hack,” but law enforcement has not found it funny. TechRepublic, August 17, 2018
Lessons from Hollywood Cybercrimes: Combating Online Predators: Everyone has emails and other digital information that they consider to be no one’s business except their own. Our emails contain everything from tax returns to intimate photos meant only for someone special. Imagine the horror if a hacker infiltrated an email account belonging to someone you knew and made those emails public. Imagine the horror if it happened to you. Berkeley Journal of Entertainment and Sports Law, July 1, 2018
Cyber Freedom
NBC claims Bill Nelson wasn’t making things up when he said Russians hacked Florida election systems: WASHINGTON — Sen. Bill Nelson, a Florida Democrat, has reaped the political whirlwind in the 10 days since he proclaimed that Russian hackers had “penetrated” some of his state’s county voting systems.The governor of Florida, Rick Scott, a Republican who is running against Nelson for his U.S. Senate seat this fall, has blasted his claim as irresponsible. The top Florida elections official, also a Republican, said he had seen no indication it’s true. And The Washington Post weighed in Friday with a 2,717-word fact check that all but accused Nelson — without evidence — of making it up. NBC News, August 17, 2018
Documents Reveal Successful Cyberattack in California Congressional Race: WASHINGTON — FBI agents in California and Washington, D.C., have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is a staunch supporter of President Trump. RollingStone, August 15, 2018
#Blackhat2018: Smartphones or pen and paper? Cybersecurity experts split on tech in voting: LAS VEGAS — Some of the brightest minds in cybersecurity want the U.S. voting system to embrace technology. Others want to keep tech as far away as possible. ABC News, August 10, 2018
Financial Cybersecurity
Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning: On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries. KrebsOnSecurity, August 17, 2018
FBI Warns of ‘Unlimited’ ATM Cashout Blitz: The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. KrebsOnSecurity, August 12, 2018
Content Security
MPAA Updates Content Security Best Practices to Align With Trusted Partner Network: As part of its dynamic improvement efforts, the Motion Picture Association of America (MPAA) has announced the first update of its Content Security Best Practices since the formation of the Trusted Partner Network (TPN), which was launched in April in a joint venture with the Content Delivery and Security Association (CDSA), to raise and standardize the quality of assessors and to improve efficiency by reducing wasteful duplicative audits. MESA, August 16, 2018
Cyber Regulation
Ajit Pai grilled by lawmakers on why FCC spread “myth” of DDoS attack: An FCC Inspector General (IG) investigation found that the FCC lied to members of Congress multiple times in letters that answered questions about DDoS attacks that never happened. Pai’s FCC claimed for more than a year that a May 2017 outage in the public comments system was caused by multiple DDoS attacks. In reality, the FCC system crashed because it was unable to handle an influx of comments triggered by comedian John Oliver asking viewers of his program Last Week Tonight to oppose Pai’s net neutrality repeal. Ars Technica, August 14, 2018
Critical Infrastructure
Hacking The Electric Grid Is Damned Hard: The nightmare is easy enough to imagine. Nefarious baddies sit in a dark room, illuminated by the green glow of a computer screen. Meanwhile, technicians watch in horror from somewhere in the Midwest as they lose control of their electrical systems. And, suddenly, hundreds of thousands, even millions of Americans are plunged into darkness. FiveThirtyEight, August 13, 2018
Cryptocurrency
Bitcoin developer finds potentially crippling security flaw in Bitcoin Cash: Another massive security vulnerability in a major cryptocurrency has been discovered, just sitting there, waiting to be exploited – and this time around it’s Bitcoin Cash. Its blockchain was open to being jammed with a toxic block that would have caused complete consensus failure. The bad block would have split the cryptocurrency in two, halting transactions and crippling its utility and price. TNW, August 10, 2018
SecureTheVillage Calendar
Webinar: Securing the Human. September 6 @ 10:00 am – 11:00 am. Stan’s Guests: Attorney Robert Braun, Jeffer Mangels Butler & Mitchell, Co-chair of the Firm’s Cybersecurity and Privacy Group, Member of SecureTheVillage Leadership Council; Kimberly Pease, Vice President, Citadel Information Group.
Webinar: Managing Security of the IT Infrastructure. October 4 @ 10:00 am – 11:00 am.
Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture.