Individuals at Risk
Identity Theft
Research report says more than 1M children were identity theft victims in 2017. Direct cost burdens to affected families estimated at $540M. Average victim age: 12: How did your toddler rack up thousands of dollars in charges on an unfamiliar credit card?It’s not Junior’s fault if identity thieves have stolen your child’s identity and used it for fraudulent purchases. The Journal Times, September 28, 2018
Cyber Breach — Facebook
Facebook Was Hacked. 3 Things You Should Do After the Breach: The social networking giant said attackers had exploited a weakness that enabled them to hijack the accounts of nearly 50 million users. Here are some tips for securing your account. The New York Times, September 28, 2018
How to hack Facebook videos appear on YouTube and are viewed thousands of times after data breach which hit 50million users. YouTube videos teach hackers how to hijack Facebook accounts: Video tutorials are being hosted on YouTube showing hackers how to hijack Facebook accounts using a tactic which led to 50 million users having their personal data compromised. DailyMail, September 28, 2018
Facebook Security Bug Affects as Many as 90M Users. Vulnerability Gave Hackers Ability to Take Over User Accounts: Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. KrebsOnSecurity, September 28, 2018
Cyber Defense
Windows 10 security: Here’s how we’re hitting back at fileless malware, says Microsoft: Microsoft has been working on an answer to some clever new techniques used in penetration-testing kits to bypass Windows Defender Advanced Threat Protection (ATP), its key security platform for protecting Windows 10 in the enterprise. ZDNet, September 28, 2018
Cyber Warning
Another social engineering reminder as hackers found taking over high volume Instagram accounts, stealing passwords, and holding accounts hostage: Hackers have hijacked the accounts of at least four high profile Instagrammers recently, locking them out and demanding a bitcoin ransom. But Instagram is silent. Motherboard, September 28, 2018
Android password managers vulnerable to phishing apps. Several leading Android-based password managers can be fooled into auto-filling login credentials on behalf of fake phishing apps: Researchers have discovered that several leading Android-based password managers can be fooled into entering login credentials into fake phishing apps. NakedSecurity, September 28, 2018
Beware of Hurricane Florence Relief Scams: If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. KrebsOnSecurity, September 24, 2018
15th annual National Cybersecurity Awareness Month — Everyone Has a Role to Play
The 15th Annual National Cybersecurity Awareness Month Launches on October 1. The National Cyber Security Alliance Encourages Everyone to Be #CyberAware and Share Responsibility in Protecting Our Online Lives: The 15th annual National Cybersecurity Awareness Month (NCSAM) is fast approaching. Oct. 1 kicks off of this month-long campaign devoted to educating everyone about the roles they play in helping to safeguard the internet. NCSAM 2018 will remind all internet users that practicing online safety is “Our Shared Responsibility,” and digital citizens need to support this collective mission. In addition, NCSAM 2018 will shine a spotlight on the importance of building a strong cybersecurity workforce to help better protect families, communities, businesses and the country’s infrastructure. PR Newswire, September 5, 2018
Information Security Management in the Organization
Information Security Management and Governance
An investigation into how cyber ready businesses really are: The more cyber ready a business becomes, the better its overall business outcomes. Vodafone’s Cyber Ready Barometer notes 48% of cyber ready businesses are reporting more than 5% increases in annual revenue as well as high stakeholder trust levels. Despite this, the research also shows that only 24% of businesses globally could reasonably call themselves cyber ready. HelpNetSecurity, September 28, 2018
Cyber Warning
FBI warns companies about hackers increasingly abusing Remote Desktop (RDP) connections. Millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks: In a public service announcement published today by the US Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), the FBI is warning companies about the dangers of leaving RDP endpoints exposed online. ZDNet, September 27, 2018
Cyber Fraud
Payments Fraud Survey shows record 78% of treasury organizations were hit with payments fraud in 2017. Biggest weakness found to be staff complacency and false belief that ‘it can’t happen here.’: Much has changed since the early 20th century bank robber Willie Sutton, when asked why he chose his targets, reportedly said, “Because that’s where the money is.” Criminals are now using tools Sutton couldn’t have dreamed of, but their philosophy in choosing targets remains pretty true to his. Treasury & Risk, September 25, 2018
Cybersecurity Culture
4 Traits of a Cyber-Resilient Culture. Companies with a solid track record of cybersecurity share these practices and characteristics: Attend enough security conferences and you’re bound to hear solemn advice about the importance of building a strong security culture across an enterprise. But what exactly does that mean? And how can it be accomplished? The leaders at (ISC)2 recently endeavored to define what it means to build a resilient cybersecurity culture. They put together a survey of tech leaders at 250 companies with a solid cybersecurity track record to get an idea of the common traits, practices, and thought processes among security-focused organizations. DarkReading, September 28, 2018
Secure The Human
How Data Security Improves When You Engage Employees in the Process. When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users’ risky behaviors: Even with best-in-class data breach protection and prevention technology, strong security and privacy practices start internally — with your employees. There are several ways to go about this, but based on my work in the field for over 10 years, the most effective ways to lower a company’s risk exposure begin and end with a positive approach. Here are three examples: DarkReading, September 28, 2018
10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company: Smart leaders know that their entire team needs to be well-educated on the importance and best practices of cybersecurity if they hope to protect their data. Unfortunately, this is easier said than done, especially when it comes to training your non-tech employees. Using too much jargon and technical terms will only disengage them, leaving them less prepared and less vigilant. Forbes, September 26, 2018
Cyber Fine
SEC fines Voya $1M for cybersecurity failures: Almost eight years after the Identity Theft Red Flags rule went into effect, the SEC announced its first enforcement of the law. Financial Planning, September 26, 2018
Cybersecurity in Society
Cyber Crime
Cybercriminals Hit Port of San Diego with Ransomware, Demand Bitcoin: It has not been smooth sailing for the Port of San Diego’s IT department this week following a cybersecurity breach. CCN, September 29, 2018
Cyber Freedom
European Union lawmakers appear set this month to demand audits of Facebook by Europe’s cybersecurity agency and data protection authority in the wake of the Cambridge Analytica scandal: A draft resolution submitted Thursday to the EU Parliament’s civil liberties and justice committee urged Facebook to accept “a full and independent audit of its platform investigating data protection and security of personal data.” ABC, September 28, 2018
Pegasus malware spreading at an alarming rate. Pegasus appears to be in use by countries with dubious human rights records & histories of abusive behavior by state security services. Malware said to infect Android and iPhone devices: Pegasus malware has been on the minds of security researchers due to its rapid spread at an alarming rate worldwide. The malware has been active since at least 2016 when it was discovered to be infecting Android and iPhone devices. According to research done by Citizen Lab, the malware has now spread to at least 45 countries, namely the following: techgenix, September 28, 2018
Building a Cybersecurity Culture in the Campaign Space: It’s a stark reality for campaigns: the threat of a cybersecurity breach is ever present, and that means the need to embrace better security protocols from top to bottom. Campaigns and Elections. September 28, 2018
Congress poised to allow DHS to take the lead on federal cybersecurity, says Washington Post: After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority. The Washington Post, September 25, 2018
National Cybersecurity
DOD, White House Release Cybersecurity Strategies. Both strategies recognize the vital nature of necessary American action in cyberspace to defend its interests: With the United States engaged in a “long-term strategic competition” with China and Russia, which are mounting persistent cyber attack campaigns that pose long-term risks to America, the U.S. military will act to deter aggression, cyber or otherwise, according to a new policy, known as the Department of Defense Cyber Strategy, from the U.S. Department of Defense. AFCEA, September 27,
White House National Cyber Strategy: An Analysis. Security Experts Examine Administration’s Document and Rhetoric: A national cybersecurity strategy document released by the White House last week – along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures – are getting mixed reviews from cybersecurity experts. BankInfoSecurity, September 26, 2018
Know Your Enemy
Russia’s Elite Hackers Discovered Using Advanced Malware That’s Very Hard to Fix: The Fancy Bear hacking group has plenty of tools at its disposal, as evidenced by its attacks against the Democratic National Committee, the Pyeongchang Olympics, and plenty more. But cybersecurity firm ESET appears to have caught the elite Russian team using a technique so advanced, it hadn’t ever been seen in the wild until now. Wired, September 27, 2018
Cyber Defense
AT&T, Ericsson Team Up to Provide Cybersecurity Certification for IoT: AT&T and Ericsson are joining forces to offer comprehensive testing to help safeguard IoT devices from growing cybersecurity threats. The Fast Mode, September 28, 2018
Cyber Law
California becomes first state with Internet of Things cybersecurity law. Starting 1/1/20, IoT devices connecting to Internet must have “reasonable” security features to prevent unauthorized access, modification, or information disclosure: California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August. The Verge, September 28, 2018
Cyber Medical
FDA’s Cybersecurity Unit Would Set Up CyberMed Safety Board: The FDA’s proposed cybersecurity unit would help establish the public-private CyberMed Safety Board mentioned in the FDA’s medical device safety action plan issued in April. HealthITSecurity, September 28, 2018
SecureTheVillage Calendar
Webinar: Managing Security of the IT Infrastructure. October 4 @ 10:00 am – 11:00 am.
Financial Services Cybersecurity Roundtable. October 12 @ 8:00 am – 10:00 am.
Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.
Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 1 @ 10:00 am – 11:00 am.
Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am
Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am