Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, October 7, 2018

October 7, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, October 7, 2018

Secure the Village

Grant of $3 Million Will Help L.A. Cyber Lab Expand. Congratulations to Mayor Garcetti and our friends at Cyber Lab LA. SecureTheVillage is proud to be a part of this vital public-private initiative: The capabilities of the Los Angeles Cyber Lab will be expanded now that the Department of Homeland Security has awarded the project a $3 million grant, Mayor Eric Garcetti said Wednesday. NBC LA, October 4, 2018

Individuals at Risk

Cyber Awareness

Asking the public about cybercrime and cybersecurity. Public support for efforts to reduce negative incidents in cyberspace is critical to society’s efforts to preserve the benefits of digital technolology: Cybersecurity involves protecting the digital technologies upon which we depend against criminals who seek to abuse them for their own ends. Public support for efforts to reduce cybercrime is critical to society’s efforts to preserve the benefits of digital technologies. That is why I am so interested in what the public thinks about cybercrime and cybersecurity, and why I have been researching the topic by means of surveys, several of which I have summarized below. Later this month I will be publishing, here on WeLiveSecurity.com, the results of our most recent survey. This article serves as background and context for those cybercrime statistics. welivesecurity, October 4, 2018

We’re All in This Together – Why You Should Champion National Cyber Security Awareness Month: With data breaches on the rise and personal information ending up in the hands of cyber criminals, we are no longer questioning whether a breach will occur, but when the breach will occur, and how it will affect us. ITSP, October 1, 2018

October is National Cybersecurity Awareness Month. Cybersecurity is everyone’s responsibility, and this month serves as a reminder that each of us has a part to play in making the Internet safer and more secure: Connected devices are essential to our professional and personal lives, and criminals have gravitated to these platforms as well. Many common crimes—like theft, fraud, harassment, and abuse—are now carried out online, using new technologies and tactics. Others, like cyber intrusions and attacks on critical infrastructure, have emerged as our dependence on connected systems revealed new vulnerabilities. FBI, October 1, 2018

Cyber Defense

The Inconvenient Truth About Your Eight-Character Password: October is National Cyber Security Awareness Month (NCSAM), which means it’s time to talk about passwords for the umpteenth time. Why beat this dead horse again? Because just about everyone still uses passwords, and even the most recent password security recommendations do not make them any stronger. SecurityIntelligence, October 4, 2018

The one serious MacBook Pro security flaw that nobody is talking about. Every MacBook since 2015 and every MacBook Pro since 2016 is at risk. Here’s how you can keep your machines safe: One of Han Solo’s trademark lines was “I’ve got a bad feeling about this.” Ever since I started thinking about getting the 2018 i9-based, 32GB MacBook Pro, I’ve been having a bad feeling, but I couldn’t put my finger on what it was. ZDNet, October 3, 2018

Cyber Warning

Signing Up for Benefits? Beware of Phishing Attacks: In addition to being National Cyber Security Awareness Month (NCSAM) in the US, October also marks the beginning of a lucrative two-month phishing season. Over the next two months, the vast majority of companies will have employees review and enroll in benefits, with many organizations also beginning their holiday party and charity campaign planning. These activities provide a window of opportunity for threat actors to strike with phishing attacks that appear legitimate. SecurityIntelligence, October 5, 2018

Security analysis of mobile apps finds 85% violate security standards. The majority of contain cybersecurity flaws in data storage, communication, or authentication practices, according to a WhiteHat report: Cybercriminals are increasingly targeting mobile apps for attacks, due in part to lax security standards, according to a Thursday report from WhiteHat Security. The majority of mobile apps—85%—violate one or more of the Open Web Application Security Project (OWASP) Mobile Top 10, meaning they contain at least one common security vulnerability that can be exploited, the report found. TechRepublic, October 4, 2018

Voice Phishing Scams Are Getting More Clever: Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly). KrebsOnSecurity, October 1, 2018

Know Your Enemy

For $14.71, You Can Buy A Passport Scan on the Dark Web. That’s the average price of a digital passport scan, and it goes up with proof of identification, a new study finds: A digital passport scan costs an average of $14.71 on the Dark Web, but a scan is all you’ll get for that price. Cybercriminals up the cost for scans accompanied by identity verification documents, and you’ll pay more than $13,000 for a legitimate physical passport. DarkReading, October 4, 2018

Information Security Management in the Organization

Information Security Management and Governance

The Importance of Information Security Plans: In the first installation of our weekly series during National Cybersecurity Awareness Month, we examine information security plans (ISP) as part of an overall cybersecurity strategy. Regardless of the size or function of an organization, having an ISP is a critical planning and risk management tool and, depending on the business, it may be required by law. An ISP details the categories of data collected, the ways that data is processed or used, and the measures in place to protect it. An ISP should address different categories of data maintained by the organization, including employee data and customer data as well as sensitive business information like trade secrets. National Law Review, October 5, 2018

Cyber Warning

Business email compromise made easy for cyber criminals by poor security practices and hacking services, research reveals. Time to check your cybersecurity controls: Around 12.5 million company email boxes and 33,000 finance department credentials are openly accessible on the web, research from digital risk management and threat intelligence firm Digital Shadows has found. ComputerWeekly, October 4, 2018

Cyber Talent

Building Cybersecure Culture through an Age-Old Technique: Apprenticeships: Earlier this year, the CompTIA Cybersecurity Advisory Board released a white paper, “Building a Culture of Cybersecurity” [note: link opens a PDF], that highlights cybersecurity threats, issues and considerations – especially in terms of concerns that are most important to corporate executives and boards of directors. ITSP, October 3, 2018

Cyber Compliance

New NASAA president Michael Pieciak puts cybersecurity at top of agenda. Investment advisors will be required to adopt policies & procedures to safeguard information and to inform clients about their privacy policies annually: It’s often the smallest investment advisory firms that are the most vulnerable to online threats, and that’s why it’s natural for rule-making to start at the state level, according to a top state regulator. Investment News, October 5, 2018

Insurance Companies Are Facing Cybersecurity Compliance Deadlines. South Carolina recently became the first state to adopt the National Association of Insurance Commissioners’ Insurance Data Security Model Law: South Carolina recently became the first state to adopt the National Association of Insurance Commissioners’ Insurance Data Security Model Law. The NAIC is a standard-setting and regulatory support organization consisting of the top insurance regulators from the 50 states, D.C. and five U.S. territories. Law.com, October 4, 2018

Cybersecurity in Society

Cyber Crime

North Korean Hackers Tied to $100 Million in SWIFT banking Fraud. FireEye Traces APT38 Attacks; US-CERT Issues ATM Cash-Out Malware Attack Alert: A gang of North Korean government hackers, known as APT38, has been waging a sophisticated hacking campaign against banks in Asia and Africa, resulting in the theft of more than $100 million via fraudulent transfers through SWIFT, the global money-transfer network, says U.S. cybersecurity firm FireEye. BankInfoSecurity, October 4, 2018

Cyber Breach

Facebook Could Face Up to $1.63 Billion Fine for Latest Hack Under the GDPR: Facebook’s stunning disclosure of a massive hack on Friday in which attackers gained access tokens to at least 50 million accounts—bypassing security measures and potentially giving them full control of both profiles and linked apps—has already stirred the threat of a $1.63 billion dollar fine in the European Union, according to the Wall Street Journal. Gizmodo, September 30, 2018

Cyber Attack

DHS aware of ongoing APT attacks on cloud service providers. Attacks most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass: The US Department of Homeland Security has issued an alert today about “ongoing” cyber-attacks against managed service providers –a term used to describe online cloud-based services. ZDNet, October 3, 2018

Why us? 6 months after ransomware attack Atlanta has no answers as costs to rebuild systems exceed $3M.: A cyberattack is as unapologetic as it is invasive. In Atlanta’s case, a March ransomware attack also included a level of irony in that file names on city computers were altered to include “weapologize” and “imsorry.” CIO Dive, October 4, 2018

National Cybersecurity

A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods: In introducing the new National Cyber Strategy, Bolton also confirmed a Wall Street Journal article from August which reported that Trump had rescinded former U.S. President Barack Obama’s guidance on conducting cyber activities, replacing it with a policy that gives more authority to the U.S. Cyber Command. Former National Security Agency contractor Edward Snowden leaked the previous guidance, Presidential Policy Directive 20 of October 2012. He sought to expose how the U.S. government was considering offensive cyber operations, defined as those that could cause physical harm or major property damage. The old guidance made clear that such drastic measures should be taken only as a last resort and with the express permission of the president. Presidential Policy Directive 20 also emphasized that cyber operations should follow the interagency process in order to coordinate the response and ensure a “whole-of-government” approach. Stratfor, October 5, 2018

Spy Bust Exposes Methods of Putin’s GRU Military Hackers: The exposure of Russian espionage operations by Dutch, U.K. and U.S. authorities has opened a window into the sometimes sloppy tradecraft of the Kremlin’s GRU military-intelligence service. Bloomberg, October 4, 2018

Russian hackers behind DNC breach now targeting Europe, South America: The Russian hackers who meddled with the 2016 US presidential elections have been attacking governments in other continents, according to Symantec. CNet, October 4, 2018

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies: The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources. Bloomberg, October 4, 2018

Senate passes key cyber bill cementing cybersecurity agency at DHS: The Senate on Wednesday passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity. The Hill, October 3, 2018

Cyber Fine

Lessons From the Record-Setting Uber Data Breach Settlement: Uber has had a hard time getting data security right. This past week, the ride-sharing company agreed to pay $148 million in a settlement with 50 state attorneys general and the District of Columbia after it intentionally concealed a 2016 data breach. According to the New York Attorney General, it is the largest settlement ever in a multi-state breach case. Uber was found to have breached notification laws by hiding the fact that hackers accessed the information of 57 million users. Uber then paid the hackers $100,000 to destroy the data, without publically disclosing the loss. Cybersecurity Lawyer Forum, October 1, 2018

Cyber Regulation

The Trump administration is suing California to quash its new net neutrality law: The Trump administration said Sunday it will sue California in an effort to block what some experts have described as the toughest net neutrality law ever enacted in the United States, setting up a high-stakes legal showdown over the future of the Internet. The Washington Post, September 30, 2018

California gov. signs nation’s strictest net neutrality rules into law. US government will sue California—Ajit Pai called state rules “illegal.”: California Governor Jerry Brown today signed net neutrality legislation into law, setting up a legal showdown pitting his state against Internet service providers and the US government. ars technica, September 30, 2018

Cyber Medical

Malware hits medical devices at 18 percent of healthcare orgs in last year. New CHIME-KLAS survey of CIOs, CISOs & other security leaders finds few confident in ability to protect patient safety & prevent disruptions from cybercriminals: Nearly one in five provider organizations (18 percent) polled for a new joint report from CHIME and KLAS have seen malware or ransomware infect or impact medical devices in the past year and a half. HealthCareITNews, October 4, 2018

Cyber Enforcement

Seven Russian hackers charged with hacking anti-doping organizations. Three of the defendants were also indicted as a result of the Mueller probe over the summer: On Thursday morning, the Department of Justice announced a wide array of criminal charges against seven Russian intelligence officers, including computer hacking, wire fraud, money laundering, and identity theft. According to the indictment, the defendants stole and disseminated the personal information of several prominent anti-doping officials and 250 athletes following the 2014 Sochi Olympics. TheVerge, October 4, 2018

Cyber Miscellany

Cybersecurity Risks Should Weigh on Investors’ Minds More Often: Tensions over tariffs and pacts like the North American Free Trade Agreement have dominated recent economic headlines, but Thursday’s triple-whammy of cyber hacking news gives justified prominence to what may be an even bigger threat to global prosperity. The New York Times, October 4, 2018

SecureTheVillage Calendar

Financial Services Cybersecurity Roundtable. October 12 @ 8:00 am – 10:00 am.

Cybersecure LA 2018 … Define! Develop! Deliver! October 25 @ 8:00 am – 3:30 pm. Cybersecure LA 2018 … a joint presentation of SecureTheVillage and Pepperdine Graziadio Business School. Define your Cyber Risks | Develop an Action Plan | Deliver a Stronger Cyber Risk Posture. REGISTER NOW.

Webinar: Getting Cyber-Prepared: Incident Response & Business Continuity. November 1 @ 10:00 am – 11:00 am.

Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy