Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, September 30, 2018

September 30, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, September 30, 2018

Individuals at Risk

Identity Theft

Research report says more than 1M children were identity theft victims in 2017. Direct cost burdens to affected families estimated at $540M. Average victim age: 12: How did your toddler rack up thousands of dollars in charges on an unfamiliar credit card?It’s not Junior’s fault if identity thieves have stolen your child’s identity and used it for fraudulent purchases. The Journal Times, September 28, 2018

Cyber Breach — Facebook

Facebook Was Hacked. 3 Things You Should Do After the Breach: The social networking giant said attackers had exploited a weakness that enabled them to hijack the accounts of nearly 50 million users. Here are some tips for securing your account. The New York Times, September 28, 2018

How to hack Facebook videos appear on YouTube and are viewed thousands of times after data breach which hit 50million users. YouTube videos teach hackers how to hijack Facebook accounts: Video tutorials are being hosted on YouTube showing hackers how to hijack Facebook accounts using a tactic which led to 50 million users having their personal data compromised. DailyMail, September 28, 2018

Facebook Security Bug Affects as Many as 90M Users. Vulnerability Gave Hackers Ability to Take Over User Accounts: Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. KrebsOnSecurity, September 28, 2018

Cyber Defense

Windows 10 security: Here’s how we’re hitting back at fileless malware, says Microsoft: Microsoft has been working on an answer to some clever new techniques used in penetration-testing kits to bypass Windows Defender Advanced Threat Protection (ATP), its key security platform for protecting Windows 10 in the enterprise. ZDNet, September 28, 2018

Cyber Warning

Another social engineering reminder as hackers found taking over high volume Instagram accounts, stealing passwords, and holding accounts hostage: Hackers have hijacked the accounts of at least four high profile Instagrammers recently, locking them out and demanding a bitcoin ransom. But Instagram is silent. Motherboard, September 28, 2018

Android password managers vulnerable to phishing apps. Several leading Android-based password managers can be fooled into auto-filling login credentials on behalf of fake phishing apps: Researchers have discovered that several leading Android-based password managers can be fooled into entering login credentials into fake phishing apps. NakedSecurity, September 28, 2018

Beware of Hurricane Florence Relief Scams: If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. KrebsOnSecurity, September 24, 2018

15th annual National Cybersecurity Awareness Month — Everyone Has a Role to Play

The 15th Annual National Cybersecurity Awareness Month Launches on October 1. The National Cyber Security Alliance Encourages Everyone to Be #CyberAware and Share Responsibility in Protecting Our Online Lives: The 15th annual National Cybersecurity Awareness Month (NCSAM) is fast approaching. Oct. 1 kicks off of this month-long campaign devoted to educating everyone about the roles they play in helping to safeguard the internet. NCSAM 2018 will remind all internet users that practicing online safety is “Our Shared Responsibility,” and digital citizens need to support this collective mission. In addition, NCSAM 2018 will shine a spotlight on the importance of building a strong cybersecurity workforce to help better protect families, communities, businesses and the country’s infrastructure. PR Newswire, September 5, 2018

Information Security Management in the Organization

Information Security Management and Governance

An investigation into how cyber ready businesses really are: The more cyber ready a business becomes, the better its overall business outcomes. Vodafone’s Cyber Ready Barometer notes 48% of cyber ready businesses are reporting more than 5% increases in annual revenue as well as high stakeholder trust levels. Despite this, the research also shows that only 24% of businesses globally could reasonably call themselves cyber ready. HelpNetSecurity, September 28, 2018

Cyber Warning

FBI warns companies about hackers increasingly abusing Remote Desktop (RDP) connections. Millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks: In a public service announcement published today by the US Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), the FBI is warning companies about the dangers of leaving RDP endpoints exposed online. ZDNet, September 27, 2018

Cyber Fraud

Payments Fraud Survey shows record 78% of treasury organizations were hit with payments fraud in 2017. Biggest weakness found to be staff complacency and false belief that ‘it can’t happen here.’: Much has changed since the early 20th century bank robber Willie Sutton, when asked why he chose his targets, reportedly said, “Because that’s where the money is.” Criminals are now using tools Sutton couldn’t have dreamed of, but their philosophy in choosing targets remains pretty true to his. Treasury & Risk, September 25, 2018

Cybersecurity Culture

4 Traits of a Cyber-Resilient Culture. Companies with a solid track record of cybersecurity share these practices and characteristics: Attend enough security conferences and you’re bound to hear solemn advice about the importance of building a strong security culture across an enterprise. But what exactly does that mean? And how can it be accomplished? The leaders at (ISC)2 recently endeavored to define what it means to build a resilient cybersecurity culture. They put together a survey of tech leaders at 250 companies with a solid cybersecurity track record to get an idea of the common traits, practices, and thought processes among security-focused organizations. DarkReading, September 28, 2018

Secure The Human

How Data Security Improves When You Engage Employees in the Process. When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users’ risky behaviors: Even with best-in-class data breach protection and prevention technology, strong security and privacy practices start internally — with your employees. There are several ways to go about this, but based on my work in the field for over 10 years, the most effective ways to lower a company’s risk exposure begin and end with a positive approach. Here are three examples: DarkReading, September 28, 2018

10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company: Smart leaders know that their entire team needs to be well-educated on the importance and best practices of cybersecurity if they hope to protect their data. Unfortunately, this is easier said than done, especially when it comes to training your non-tech employees. Using too much jargon and technical terms will only disengage them, leaving them less prepared and less vigilant. Forbes, September 26, 2018

Cyber Fine

SEC fines Voya $1M for cybersecurity failures: Almost eight years after the Identity Theft Red Flags rule went into effect, the SEC announced its first enforcement of the law. Financial Planning, September 26, 2018

Cybersecurity in Society

Cyber Crime

Cybercriminals Hit Port of San Diego with Ransomware, Demand Bitcoin: It has not been smooth sailing for the Port of San Diego’s IT department this week following a cybersecurity breach. CCN, September 29, 2018

Cyber Freedom

European Union lawmakers appear set this month to demand audits of Facebook by Europe’s cybersecurity agency and data protection authority in the wake of the Cambridge Analytica scandal: A draft resolution submitted Thursday to the EU Parliament’s civil liberties and justice committee urged Facebook to accept “a full and independent audit of its platform investigating data protection and security of personal data.” ABC, September 28, 2018

Pegasus malware spreading at an alarming rate. Pegasus appears to be in use by countries with dubious human rights records & histories of abusive behavior by state security services. Malware said to infect Android and iPhone devices: Pegasus malware has been on the minds of security researchers due to its rapid spread at an alarming rate worldwide. The malware has been active since at least 2016 when it was discovered to be infecting Android and iPhone devices. According to research done by Citizen Lab, the malware has now spread to at least 45 countries, namely the following: techgenix, September 28, 2018

Building a Cybersecurity Culture in the Campaign Space: It’s a stark reality for campaigns: the threat of a cybersecurity breach is ever present, and that means the need to embrace better security protocols from top to bottom. Campaigns and Elections. September 28, 2018

Congress poised to allow DHS to take the lead on federal cybersecurity, says Washington Post: After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority. The Washington Post, September 25, 2018

National Cybersecurity

DOD, White House Release Cybersecurity Strategies. Both strategies recognize the vital nature of necessary American action in cyberspace to defend its interests: With the United States engaged in a “long-term strategic competition” with China and Russia, which are mounting persistent cyber attack campaigns that pose long-term risks to America, the U.S. military will act to deter aggression, cyber or otherwise, according to a new policy, known as the Department of Defense Cyber Strategy, from the U.S. Department of Defense. AFCEA, September 27,

White House National Cyber Strategy: An Analysis. Security Experts Examine Administration’s Document and Rhetoric: A national cybersecurity strategy document released by the White House last week – along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures – are getting mixed reviews from cybersecurity experts. BankInfoSecurity, September 26, 2018

Know Your Enemy

Russia’s Elite Hackers Discovered Using Advanced Malware That’s Very Hard to Fix: The Fancy Bear hacking group has plenty of tools at its disposal, as evidenced by its attacks against the Democratic National Committee, the Pyeongchang Olympics, and plenty more. But cybersecurity firm ESET appears to have caught the elite Russian team using a technique so advanced, it hadn’t ever been seen in the wild until now. Wired, September 27, 2018

Cyber Defense

AT&T, Ericsson Team Up to Provide Cybersecurity Certification for IoT: AT&T and Ericsson are joining forces to offer comprehensive testing to help safeguard IoT devices from growing cybersecurity threats. The Fast Mode, September 28, 2018

Cyber Law

California becomes first state with Internet of Things cybersecurity law. Starting 1/1/20, IoT devices connecting to Internet must have “reasonable” security features to prevent unauthorized access, modification, or information disclosure: California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August. The Verge, September 28, 2018

Cyber Medical

FDA’s Cybersecurity Unit Would Set Up CyberMed Safety Board: The FDA’s proposed cybersecurity unit would help establish the public-private CyberMed Safety Board mentioned in the FDA’s medical device safety action plan issued in April. HealthITSecurity, September 28, 2018

SecureTheVillage Calendar

Webinar: Managing Security of the IT Infrastructure. October 4 @ 10:00 am – 11:00 am.

Financial Services Cybersecurity Roundtable. October 12 @ 8:00 am – 10:00 am.

Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.

Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 1 @ 10:00 am – 11:00 am.

Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy