SecureTheVillage
SecureTheVillage was recognized by Los Angeles Mayor Eric Garcetti on the occasion of #CybersecureLA2018 for our “immeasurable contribution made to the City of Los Angeles and its citizens.”
The Certificate of Recognition was presented to SecureTheVillage Founder and President, Dr. Stan Stahl, by Jacob Finn, Cybersecurity Policy Manager, Office of the Mayor.
Individuals at Risk
Cyber Defense
The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?: Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses. ZDNet, October 24, 2018
Cyber Warning
Meet the malware which turns your Android smartphone into a mobile proxy. The proxies can be used to circumvent internal network security controls.: Researchers have uncovered an active phishing campaign which targets Android devices in order to turn them into mobile proxies. ZDNet, October 24, 2018
Information Security Management in the Organization
Security Leadership
95% of companies report cybersecurity culture disconnect: About 95% of organizations believe there is a minor or significant gap between their current and desired cybersecurity culture, according to ISACA’s Cybersecurity Culture survey of about 4,800 international business and technology professionals. CIO Dive, October 26, 2018
Information Security Management and Governance
FTC Offers Small Businesses Free Cybersecurity Resources as Cybersecurity for Small Businesses campaign kicks off: The Federal Trade Commission’s (FTC) newly launched national initiative to educate small business owners about cybersecurity threats and defenses began with a “listening tour” last year. DarkReading, October 26, 2018
4 Reasons to Assess Your Nonprofit’s Cybersecurity Strategy. National Cyber Security Awareness Month is a perfect time to increase staff awareness of risk management: October is National Cyber Security Awareness Month, and there’s still time to engage your staff in a best practices review and to assess your organization’s risk management strategy. When it comes to investing staff time and resources into a cybersecurity initiative, there are plenty of compelling reasons to do so. Here are four that can get your organization started. <Not Just for Nonprofits> BizTech, October 25, 2018
SEC Urges Corporate Accounting Changes Amid Rising BEC Scam Threat: As U.S. public companies brace for wide-ranging changes to accounting standards, the U.S. Securities and Exchange Commission (SEC) wants corporate accountants and financial executives to have something else on their minds: cybersecurity. PYMNTS.com, October 25, 2018
A CIO guide to building a dashboard for cybersecurity: KPIs, metrics and other must-haves hospitals should track continuously to protect medical and patient data. HealthcareITNews, October 23, 2018
Secure The Human
Six Ways To Improve In-House Cybersecurity Compliance: Keeping both customer information and internal information safe is a major concern for every company. Not only does hacked information potentially put clients and employees at risk, but it also makes the company and its security seem untrustworthy — fallout from which can severely impact an organization’s future. Forbes, October 23, 2018
Cyber Fine
UK Slaps Facebook with $645K Fine Over Cambridge Analytica Scandal: The amount is the max allowed under pre-GDPR regulation, but is barely a financial slap on the wrist for the social-media giant. ThreatPost, October 25, 2018
Cybersecurity in Society
Cyber Privacy
Google’s smart city dream is turning into a privacy nightmare: Sidewalk Labs, an Alphabet division focused on smart cities, is caught in a battle over information privacy. The team has lost its lead expert and consultant, Ann Cavoukian, over a proposed data trust that would approve and manage the collection of information inside Quayside, a conceptual smart neighborhood in Toronto. Cavoukian, the former information and privacy commissioner for Ontario, disagrees with the current plan because it would give the trust power to approve data collection that isn’t anonymized or “de-identified” at the source. “I had a really hard time with that,” she told Engadget. “I just couldn’t… I couldn’t live with that.” engadget, October 26, 2018
Apple’s Tim Cook blasts Silicon Valley over privacy issues. He lamented an emerging “data industrial complex” — and eroding trust: Apple chief executive Tim Cook on Wednesday warned the world’s most powerful regulators that the poor privacy practices of some tech companies, the ills of social media and the erosion of trust in his own industry threaten to undermine “technology’s awesome potential” to address challenges such as disease and climate change. The Washington Post, October 24, 2018
Cyber Crime
Australian Cryptocurrency Theft Highlights Security Mistakes: Australian police have charged a 23-year-old woman in the theft of AU$450,000 (US$318,000) worth of the virtual currency XRP, also known as Ripple, in what is believed to be the one of the largest cryptocurrency thefts from a single victim. BankInfoSecurity, October 26, 2018
City Pays $2K in Ransomware, Stirs ‘Never Pay’ Debate: Many municipalities hit with ransomware don’t have much of a choice when it comes to paying up, experts say. ThreatPost, October 24, 2018
Cyber Breach
Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says: Government auditors traced a malware infection back to a single porn-watching employee within the U.S. Geological Survey. Nextgov, October 25, 2018
Cyber Defense
How Do You Fight a $12B Fraud Problem? One Scammer at a Time: The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that. KrebsOnSecurity, October 25, 2018
The US Needs a Cybersecurity Civilian Corps: Like the auxiliaries that arose during WWII, a new volunteer organization will help face today’s threats. DefenseOne, October 25, 2018
Know Your Enemy
Cost of entry to start a cybercrime business: $0. Another new ransomware is being distributed as a Ransomware as a Service, or RaaS: A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. BleepingComputer, October 24, 2018
Who Is Agent Tesla?: A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay subscription fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity. KrebsOnSecurity, October 22, 2018
Cyber Freedom
The election hackers are back – and they’re starting with the US midterms: Democracies around the world now face an even bigger threat than in 2016. But there are ways to fight back The Guardian, October 26, 2018
These states are battling malware ahead of the midterm election: Voters and political campaigns in some of the tightest battleground states of the 2018 midterm election are under assault from malware. Malicious software like ransomware, trojans, and adware has increased dramatically in eight states with close elections at stake, according to new data. CBS, October 24, 2018
How to make elections secure in the age of digital operatives. Former Facebook CSO Alex Stamos tells us what he learned in 2016 and what comes next: In our latest episode of Ars Technica Live, we talk about election security. My guest was Alex Stamos, a researcher at Stanford who just happened to be the CSO at Facebook when the company discovered Russian operatives meddling in the US presidential election. He told us about that experience and what’s worrying him about the future of US democracy. ars technica, October 24, 2018
The midterms are already hacked. You just don’t know it yet. An investigation into the US election system reveals frightening vulnerabilities at almost every level:One evening last May in Knoxville, Tennessee, during the night of the local primary election, Dave Ball, the assistant IT director for Knox County, settled into the Naugahyde chair of his dusty home office and punched away at his desktop computer. Ball’s IT staff had finished a 14-hour day, running dress rehearsals to prepare for the ritual chaos of election night. VOX, October 25, 2018
Nearly One in Five Americans Will Not Vote or are Highly Unlikely to Vote in the Mid-Term Elections Due to Concerns about the Integrity of U.S. Voting Systems Says New Unisys Security Index: Leading security barometer – the only recurring snapshot of security concerns conducted globally – also shows a majority of U.S. consumers seriously concerned about identity theft and bankcard fraud with overall security concerns at historical highs. Unisys, October 24, 2018
Security firm finds county election websites lack even the most basic cybersecurity protections: Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday. The Hill, October 24, 2018
How Colorado voting became a cybersecurity leader long before Russians tried to hack it. Offers extensive election official cybersecurity training, paper ballots, and a strong auditing system, giving it top marks in election security: Colorado was one of 21 states targeted by Russian operatives during the 2016 election. But unlike many others, the state has spent years implementing top-tier cybersecurity measures and audits to prevent hackers from entering its systems and interfering with the election process. TechRepublic, October 24, 2018
U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections: WASHINGTON — The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation. The New York Times, October 23, 2018
National Cybersecurity
When Trump Phones Friends, the Chinese and the Russians Listen and Learn: When President Trump calls old friends on one of his iPhones to gossip, gripe or solicit their latest take on how he is doing, American intelligence reports indicate that Chinese spies are often listening — and putting to use invaluable insights into how to best work the president and affect administration policy, current and former American officials said. The New York Times, October 24, 2018
Cyber Enforcement
Two hackers behind 2016 Uber data breach have been indicted for another hack: Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch. TechCrunch, October 25, 2018
Cyber Shame
Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See: The Germany-based spyware startup Wolf Intelligence exposed its own data, including surveillance target’s information, passports scans of its founder and family, and recordings of meetings. Motherboard, October 24, 2018
SecureTheVillage Calendar
Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 8 @ 10:00 am – 11:00 am.
Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am
Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am
Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am