SecureTheVillage — Cybersecure LA 2018 — Register Now
Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.
Individuals at Risk
Cyber Privacy
Apple privacy portal lets you see everything it knows about you: A month after its most recent iPhone and Mac launches, Apple has refreshed its privacy pages. Naked Security, October 19, 2018
Cyber Defense
Using a D-Link router to connect to the Internet? Time to update as serious security flaws found in 6 D-Link router may never be patched: In May, Polish researcher Błażej Adamczyk of the Silesian University of Technology contacted D-Link to tell it he’d discovered a trio of important security flaws affecting eight of its Wi-Fi routers. Naked Security, October 19, 2018
Information Security Management in the Organization
Security Leadership
Cybersecurity Readiness Requires Top to Bottom Commitment, CompTIA Security Experts Say: Keeping data, devices and networks safe and secure requires an all-hands-on-deck mentality, from front-desk receptionists to back-office tech workers, from student interns to CEOs, and from all job roles in between, according to cybersecurity experts from the IT Security Community of CompTIA, the world’s leading technology association. PR Newswire, October 19, 2018
Secure The Human
How to Create Better Security Awareness Content for Your Employees: Human error remains one of the most formidable obstacles to enterprise security. As a result, many companies are implementing security awareness training programs. But are they doing awareness training right? SecurityIntelligence, October 19, 2018
Cybersecurity Procedures: Six Approaches For Improving Employee Buy-in: Cybersecurity is essential to keeping a company’s data private as well as the personal information of all employees — and the people the company does business with. To prevent incursions and data loss, companies regularly update software, review issues and train employees on how to use their systems safely, as well as discuss ways to avoid being tricked. Forbes, October 18, 2018
IBM Takes Cybersecurity Training on the Road: Two years ago, IBM opened one of the nation’s first commercial cybersecurity ranges in Cambridge, Mass., to let companies practice responding to simulated cyberattacks. It describes the experience as “a game of Clue mixed with a Disney roller-coaster ride.” The New York Times, October 15, 2018
Cyber Talent
At the 2018 Grace Hopper Celebration, with a national talent shortfall expected to exceed 3,000,000 cybersecurity professionals, Katie Jenkins of Liberty Mutual talks about how to attract more diverse candidates to cybersecurity roles: There’s such a demand for cybersecurity workers right now. Primarily, for two reasons: the more obvious might be that with the steep rise, sophistication, [and] volume of threats we’re trying to protect against, we need the teams to support those demands. Also, we’re seeing real opportunity for our security program, as we’re adopting more modernized technology, moving to the public cloud, and making more use of application software pipelines. We really have an ability and an opportunity to embed security, and bring automation to our security program. So that opportunity to do even more to advance our security program also demands additional talent. TechRepublic, October 19, 2018
Cybersecurity job gap grows to 3 million, says (ISC)2 report: High pay, job satisfaction and strong demand are still not enough reason to entice people to enter the cybersecurity workforce as a new study shows the workforce gap increasing to almost three million globally. SC Media, October 18, 2018
Cybersecurity in Society
Cyber Privacy
The Cybersecurity 202: U.S. tech firms slam Australian bill that could weaken encryption: Some of the biggest players in the U.S. tech industry are forcefully criticizing a bill in Australia’s legislature that would compel companies to help law enforcement access encrypted data in investigations. The Washington Post, October 19, 2018
Cyber Breach
Facebook hackers wanted to sell garbage ads not influence votes, claims report: The hackers that managed to obtain access to 30 million Facebook accounts were not acting under the orders of a foreign state, a report in the Wall Street Journal has claimed. Citing people familiar with the company’s internal investigation, the report says that the hackers were instead affiliated with a supposed “digital marketing company” and sought to make money via deceptive advertising. Facebook has so far declined to publicly comment on the identity of the hackers, citing its ongoing cooperation with the FBI as the reason for its silence. The Verge, October 18, 2018
After a month of silence, open source web hosting provider VestaCP admits its servers were compromised with DDoS malware. Passwords of customers’ customers and other information also stolen: The provider of an open-source hosting panel software admitted yesterday to a security breach during which an unknown hacker contaminated the project’s source code with malware that logs passwords, open shells, and can launch DDoS attacks. ZDNet, October 18, 2018
Facebook Eyes Spammers for Mega-Breach. Social Network Reportedly Sees No Signs of Nation-State Hackers: Facebook is eyeing spammers as being the culprits behind its recently disclosed mega-breach, The Wall Street Journal reports. BankInfoSecurity, October 18, 2018
Cyber Attack
Kaspersky says it has detected infections with DarkPulsar, alleged to have been stolen from NSA. Victims located in Russia, Iran, and Egypt; related to nuclear energy, telecommunications, IT, aerospace, and R&D: Kaspersky Lab said today that it detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). ZDNet, October 19, 2018
Know Your Enemy
The Mysterious Return of Years-Old Chinese Malware: In 2013, cybersecurity firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks. Wired, October 18, 2018
Cyber Freedom
Justice Dept. Accuses Russians of Interfering in Midterm Elections: WASHINGTON — Russians working for a close ally of President Vladimir V. Putin are engaging in an elaborate campaign of “information warfare” to interfere with the American midterm elections next month, federal prosecutors said on Friday in unsealing charges against a woman whom they labeled the project’s “chief accountant.” The New York Times, October 19, 2018
The Kingdom’s Hackers and Bots. Saudi Arabia is using cutting-edge technology to track dissidents and stifle dissent: In June of this year, Saudi dissident Omar Abdulaziz, who lives in exile in Canada, received a text message purporting to be from the courier company DHL. A package he had ordered would be delivered in a few days, it said. If he wished to track the delivery he could tap a link. FP, October 19. 2018
Campaign launched to protect ethical hackers in the Americas: The Electronic Frontier Foundation (EFF) has launched a new report aimed at protecting ethical hackers across the Americas, as part of a campaign to create a digital rights policy for those engaging in internet security research. The Daily Swig, October 19, 2018
Facebook cybersecurity executive talks election “war room,” tactics of bad actors: Facebook is unveiling a new so-called “war room” to help prevent election interference and deal with urgent threats in the upcoming midterms. The social media giant says the war room will streamline decision-making if threats emerge — though “you could never fit all the people who work on security in Facebook in one room,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told “CBS This Morning” on Thursday. CBS, October 18, 2018
National Cybersecurity
Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. BuzzFeed, October 19, 2018
Cyber Gov
On cybersecurity, many local governments still lack strategic or disruption response plans. New infographic from Public Technology Institute shows local governments increasingly adopting cybersecurity training but often lacking cyber planning: A majority of local government technology leaders have succeeded at developing training programs and culture around cybersecurity in their agencies, but still struggle to adopt plans around information security, according to recent data from the Public Technology Institute. State Scoop, October 19, 2018
Cyber Regulation
The Case For, and Against, Federal Cybersecurity Standards. Right now laws surrounding cybersecurity and privacy exist on a patchwork level across many different states. Would a singular federal standard be better?: While everyone can agree on the need for cybersecurity standards, just who should set them is a matter of some debate. Though a federal standard for privacy and cybersecurity could make it easier for tech companies to conduct their day-to-day operations, the current patchwork of state laws could provide for more stringent enforcement and better protection for consumers. LegalTechNews, October 19, 2018
Why It’s So Hard to Punish Companies for Data Breaches: It’s difficult to determine how and where companies like Facebook went wrong, which makes regulation challenging. The New York Times, October 16, 2018
Cyber Medical
FDA releases draft guidance on medical device cybersecurity: The Food and Drug Administration has released draft guidance to the healthcare industry identifying issues related to cybersecurity that manufacturers should address in the design and development of medical devices. HealthData Management, October 18 , 2018
Critical Infrastructure
BlackEnergy successor targets critical infrastructure. The hacker toolkit that crippled the electrical grid in the Ukraine in 2015 has a virulent successor – cousin to NotPetya – that is busy stalking critical infrastructure: The infamous BlackEnergy toolkit that crippled the electrical grid in the Ukraine in 2015 has a virulent successor that is busy stalking critical infrastructure industrial control systems, according to new research by cybersecurity firm ESET. FCW, October 17, 2018
Internet of Things
When fridges attack: why hackers could target the grid: The owner of a smart washer-dryer might consider a breach of the machine by hackers more inconvenient than dangerous. Yet according to new Princeton University research, cyber criminals gaining control of thousands of high-wattage networked home appliances could launch a co-ordinated attack that would shut down the power grid. Financial Times, October 17, 2018
Cryptocurrency
Report: Cryptocurrency Exchanges Lost $882 Million to Hackers. An analysis of published attacks against cryptocurrency exchanges over nearly two years shows hackers have stolen $882 million: An analysis of attacks against cryptocurrency exchanges over nearly two years shows hackers have inflicted $882 million in damages, according to Moscow-based cybersecurity firm Group-IB. BankInfoSecurity, October 18, 2018
SecureTheVillage Calendar
Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.
IEEE Fifth Annual Cybersecurity Summit. October 27 @ 8:30 am – 3:00 pm.
Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 1 @ 10:00 am – 11:00 am.
Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am
Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am
Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am