Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, October 21, 2018

October 21, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, October 21, 2018

SecureTheVillage — Cybersecure LA 2018 — Register Now

Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.

Individuals at Risk

Cyber Privacy

Apple privacy portal lets you see everything it knows about you: A month after its most recent iPhone and Mac launches, Apple has refreshed its privacy pages. Naked Security, October 19, 2018

Cyber Defense

Using a D-Link router to connect to the Internet? Time to update as serious security flaws found in 6 D-Link router may never be patched: In May, Polish researcher Błażej Adamczyk of the Silesian University of Technology contacted D-Link to tell it he’d discovered a trio of important security flaws affecting eight of its Wi-Fi routers. Naked Security, October 19, 2018

Information Security Management in the Organization

Security Leadership

Cybersecurity Readiness Requires Top to Bottom Commitment, CompTIA Security Experts Say: Keeping data, devices and networks safe and secure requires an all-hands-on-deck mentality, from front-desk receptionists to back-office tech workers, from student interns to CEOs, and from all job roles in between, according to cybersecurity experts from the IT Security Community of CompTIA, the world’s leading technology association. PR Newswire, October 19, 2018

Secure The Human

How to Create Better Security Awareness Content for Your Employees: Human error remains one of the most formidable obstacles to enterprise security. As a result, many companies are implementing security awareness training programs. But are they doing awareness training right? SecurityIntelligence, October 19, 2018

Cybersecurity Procedures: Six Approaches For Improving Employee Buy-in: Cybersecurity is essential to keeping a company’s data private as well as the personal information of all employees — and the people the company does business with. To prevent incursions and data loss, companies regularly update software, review issues and train employees on how to use their systems safely, as well as discuss ways to avoid being tricked. Forbes, October 18, 2018

IBM Takes Cybersecurity Training on the Road: Two years ago, IBM opened one of the nation’s first commercial cybersecurity ranges in Cambridge, Mass., to let companies practice responding to simulated cyberattacks. It describes the experience as “a game of Clue mixed with a Disney roller-coaster ride.” The New York Times, October 15, 2018

Cyber Talent

At the 2018 Grace Hopper Celebration, with a national talent shortfall expected to exceed 3,000,000 cybersecurity professionals, Katie Jenkins of Liberty Mutual talks about how to attract more diverse candidates to cybersecurity roles: There’s such a demand for cybersecurity workers right now. Primarily, for two reasons: the more obvious might be that with the steep rise, sophistication, [and] volume of threats we’re trying to protect against, we need the teams to support those demands. Also, we’re seeing real opportunity for our security program, as we’re adopting more modernized technology, moving to the public cloud, and making more use of application software pipelines. We really have an ability and an opportunity to embed security, and bring automation to our security program. So that opportunity to do even more to advance our security program also demands additional talent. TechRepublic, October 19, 2018

Cybersecurity job gap grows to 3 million, says (ISC)2 report: High pay, job satisfaction and strong demand are still not enough reason to entice people to enter the cybersecurity workforce as a new study shows the workforce gap increasing to almost three million globally. SC Media, October 18, 2018

Cybersecurity in Society

Cyber Privacy

The Cybersecurity 202: U.S. tech firms slam Australian bill that could weaken encryption: Some of the biggest players in the U.S. tech industry are forcefully criticizing a bill in Australia’s legislature that would compel companies to help law enforcement access encrypted data in investigations. The Washington Post, October 19, 2018

Cyber Breach

Facebook hackers wanted to sell garbage ads not influence votes, claims report: The hackers that managed to obtain access to 30 million Facebook accounts were not acting under the orders of a foreign state, a report in the Wall Street Journal has claimed. Citing people familiar with the company’s internal investigation, the report says that the hackers were instead affiliated with a supposed “digital marketing company” and sought to make money via deceptive advertising. Facebook has so far declined to publicly comment on the identity of the hackers, citing its ongoing cooperation with the FBI as the reason for its silence. The Verge, October 18, 2018

After a month of silence, open source web hosting provider VestaCP admits its servers were compromised with DDoS malware. Passwords of customers’ customers and other information also stolen: The provider of an open-source hosting panel software admitted yesterday to a security breach during which an unknown hacker contaminated the project’s source code with malware that logs passwords, open shells, and can launch DDoS attacks. ZDNet, October 18, 2018

Facebook Eyes Spammers for Mega-Breach. Social Network Reportedly Sees No Signs of Nation-State Hackers: Facebook is eyeing spammers as being the culprits behind its recently disclosed mega-breach, The Wall Street Journal reports. BankInfoSecurity, October 18, 2018

Cyber Attack

Kaspersky says it has detected infections with DarkPulsar, alleged to have been stolen from NSA. Victims located in Russia, Iran, and Egypt; related to nuclear energy, telecommunications, IT, aerospace, and R&D: Kaspersky Lab said today that it detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). ZDNet, October 19, 2018

Know Your Enemy

The Mysterious Return of Years-Old Chinese Malware: In 2013, cybersecurity firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks. Wired, October 18, 2018

Cyber Freedom

Justice Dept. Accuses Russians of Interfering in Midterm Elections: WASHINGTON — Russians working for a close ally of President Vladimir V. Putin are engaging in an elaborate campaign of “information warfare” to interfere with the American midterm elections next month, federal prosecutors said on Friday in unsealing charges against a woman whom they labeled the project’s “chief accountant.” The New York Times, October 19, 2018

The Kingdom’s Hackers and Bots. Saudi Arabia is using cutting-edge technology to track dissidents and stifle dissent: In June of this year, Saudi dissident Omar Abdulaziz, who lives in exile in Canada, received a text message purporting to be from the courier company DHL. A package he had ordered would be delivered in a few days, it said. If he wished to track the delivery he could tap a link. FP, October 19. 2018

Campaign launched to protect ethical hackers in the Americas: The Electronic Frontier Foundation (EFF) has launched a new report aimed at protecting ethical hackers across the Americas, as part of a campaign to create a digital rights policy for those engaging in internet security research. The Daily Swig, October 19, 2018

Facebook cybersecurity executive talks election “war room,” tactics of bad actors: Facebook is unveiling a new so-called “war room” to help prevent election interference and deal with urgent threats in the upcoming midterms. The social media giant says the war room will streamline decision-making if threats emerge — though “you could never fit all the people who work on security in Facebook in one room,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told “CBS This Morning” on Thursday. CBS, October 18, 2018

National Cybersecurity

Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. BuzzFeed, October 19, 2018

Cyber Gov

On cybersecurity, many local governments still lack strategic or disruption response plans. New infographic from Public Technology Institute shows local governments increasingly adopting cybersecurity training but often lacking cyber planning: A majority of local government technology leaders have succeeded at developing training programs and culture around cybersecurity in their agencies, but still struggle to adopt plans around information security, according to recent data from the Public Technology Institute. State Scoop, October 19, 2018

Cyber Regulation

The Case For, and Against, Federal Cybersecurity Standards. Right now laws surrounding cybersecurity and privacy exist on a patchwork level across many different states. Would a singular federal standard be better?: While everyone can agree on the need for cybersecurity standards, just who should set them is a matter of some debate. Though a federal standard for privacy and cybersecurity could make it easier for tech companies to conduct their day-to-day operations, the current patchwork of state laws could provide for more stringent enforcement and better protection for consumers. LegalTechNews, October 19, 2018

Why It’s So Hard to Punish Companies for Data Breaches: It’s difficult to determine how and where companies like Facebook went wrong, which makes regulation challenging. The New York Times, October 16, 2018

Cyber Medical

FDA releases draft guidance on medical device cybersecurity: The Food and Drug Administration has released draft guidance to the healthcare industry identifying issues related to cybersecurity that manufacturers should address in the design and development of medical devices. HealthData Management, October 18 , 2018

Critical Infrastructure

BlackEnergy successor targets critical infrastructure. The hacker toolkit that crippled the electrical grid in the Ukraine in 2015 has a virulent successor – cousin to NotPetya – that is busy stalking critical infrastructure: The infamous BlackEnergy toolkit that crippled the electrical grid in the Ukraine in 2015 has a virulent successor that is busy stalking critical infrastructure industrial control systems, according to new research by cybersecurity firm ESET. FCW, October 17, 2018

Internet of Things

When fridges attack: why hackers could target the grid: The owner of a smart washer-dryer might consider a breach of the machine by hackers more inconvenient than dangerous. Yet according to new Princeton University research, cyber criminals gaining control of thousands of high-wattage networked home appliances could launch a co-ordinated attack that would shut down the power grid. Financial Times, October 17, 2018

Cryptocurrency

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers. An analysis of published attacks against cryptocurrency exchanges over nearly two years shows hackers have stolen $882 million: An analysis of attacks against cryptocurrency exchanges over nearly two years shows hackers have inflicted $882 million in damages, according to Moscow-based cybersecurity firm Group-IB. BankInfoSecurity, October 18, 2018

SecureTheVillage Calendar

Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.

IEEE Fifth Annual Cybersecurity Summit. October 27 @ 8:30 am – 3:00 pm.

Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 1 @ 10:00 am – 11:00 am.

Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy