Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, November 25, 2018

November 25, 2018 by Stan Stahl Ph.D.

Cybersecurity News of the Week, November 25, 2018

Secure the Village

Cybersecure LA 2018 Photographs: Thanks to everyone who made Cybersecure Los Angeles 2018 the great event that it was. Our wonderful guests. Our fabulous speakers. Our generous sponsors. Our Leadership Council. Dr. Charla Griffy-Brown and her colleagues at the Pepperdine Graziadio Business School. And our great support staff: SecureTheVillage’s Jennifer Nerad-Sultan along with Stephanie Contreras and Christina LeRubio from Pepperdine. Thanks to the village!! SecureTheVillage, 2018

Individuals at Risk

Cyber Leak

USPS Site Exposed Data on 60 Million Users: U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity, November 21, 2018

Amazon Snafu Exposed Customers’ Names and Email Addresses: Scant Detail About Incident and Unusual Notification Raises Eyebrows. BankInfoSecurity, November 23, 2018

Cyber Update

Update now! Adobe Flash has another critical security vulnerability: Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority. Naked Security, November 21, 2018

Cyber Defense

Gmail encryption: Everything you need to know: This easy-to-follow guide will help you understand what’s going on with Gmail encryption and what you can do to maximize your messaging privacy. Computerworld, November 22, 2018

10 cybersecurity tips to remember if you’re shopping Black Friday through Cyber Monday: Thanksgiving Weekend — some might call it the Super Bowl of shopping — is here, and it’s set to hit record numbers, according to analysts. ABC, November 22, 2018

Cyber Warning

500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play: Be careful what you’re downloading from Google Play. Especially if it’s one of 13 apps posing as driving games created by one developer called Luiz Pinto. Forbes, November 19, 2018

Cyber Threat

6 mobile security threats you should take seriously in 2019: Mobile malware? Some mobile security threats are more pressing. Every enterprise should have its eye on these issues in the coming year. CSO, November 20, 2018

Information Security Management in the Organization

Information Security Management and Governance

Manufacturers Remain Slow to Recognize Cybersecurity Risk: They have names like Notpetya, Samsam and perhaps the most cynically named WannaCry. The New York Times, November 21, 2018

Cybersecurity at the Core: For too long, cybersecurity has been looked at as one team’s responsibility. If we maintain that mentality, we will fail. Dark Readong, November 20, 2018

Cyber Warning

Ransomware Attacks Ramping up in 2018, Showing No Signs of Stopping: According to a comprehensive new report from Datto, ransomware continues to be the leading form of cyber attack experienced by small- and medium-sized businesses (SMBs). The report looked at the problem of ransomware attacks from the perspective of over 2,400 Managed Service Providers (MSPs) and their more than 500,000 SMB clients. These companies are dealing with the problem of ransomware attacks on a daily basis, and are best able to provide an accurate assessment of just how entrenched the ransomware problem really is. CPO Magazine, November 22, 2018

Cyber Defense

Zero-Trust Frameworks: Securing the Digital Transformation: Zero trust refers to the notion of evaluating the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials. ThreatPost, November 22, 2018

SMB Malware: What Are the Threats and Why Are They Getting Worse?: Small businesses are often targets of malware attacks like CEO fraud, cryptocurrency mining attacks, and ransomware. Here’s how next-generation endpoint protection, patching, and security awareness training can help small businesses protect their networks. PC Mag, November 22, 2018

Cybersecurity Culture

The Path to Improved Cybersecurity Culture: The recent ISACA-CMMI Institute cybersecurity culture research illustrates the accomplishments and gaps that are seen in organizations’ cybersecurity culture. The survey-driven research focuses on culture and continuous improvement, both essential components to a successful cyber risk management program. ISACA, November 22, 2018

Cyber Talent

Why military veterans might be key to closing the cybersecurity jobs gap: Discover why it might be prudent to hire veterans who are already trained in cybersecurity and understand the concepts of militarization. TechRepublic, November 22, 2018

Cybersecurity in Society

Cyber Privacy

‘The End of Trust’ – On Sale in Bookstores and Free to Download Now!: Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier. EFF, November 20, 2018

Surveillance Kills Freedom By Killing Experimentation: In my book Data and Goliath, I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. But this is probably the most important argument as to why society as a whole must protect privacy: it allows society to progress. Schneier On Security, November 16, 2018

Know Your Enemy

Armor’s Annual Black Market Report Shows Cybercrime-as-a-Service is on the Rise: It is no secret that crime has moved online. Cybercrime has been identified as one of the biggest risks to society by the World Economic Forum Global Risk Report 2018. One of the primary drivers behind the boom in cybercrime is the ease of availability of hacking tools as well as a rising Crime-as-a-Service industry found on the dark web. BTC Manager, November 22, 2018

Cyber Freedom

The Cybersecurity 202: At least six states still might not have paper ballot backups in 2020: Several states still have not taken action to ensure their voting machines produce a paper trail, stoking concerns that voters may again head to the polls in 2020 without this widely accepted security practice in place. The Washington Post, November 21, 2018

The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia: On November 4, 2016, the hacker “Guccifer 2.0,” a front for Russia’s military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial elections in Florida and Arizona. Without any evidence whatsoever, he said that Democrats were trying to steal the election through “FRAUD.” Schneier On Security, November 19, 2018

Information Attacks on Democracies: Democracy is an information system. That’s the starting place of our new paper: “Common-Knowledge Attacks on Democracy.” In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States. Schneier On Security, November 15, 2018

National Cybersecurity

US presses allies to ditch Huawei citing cybersecurity risks from China – report: Washington has been on a mission to discourage its allies from using Chinese telecommunication giant Huawei’s equipment, the Wall Street Journal reports. The firm earlier slammed the US for using politics for unfair competition. RT, November 23, 2018

Japan cybersecurity minister who doesn’t use computers now admits he doesn’t get cybersecurity either: TOKYO — Japan’s cybersecurity minister, who gained global notoriety last week when he said he doesn’t use a computer, has now admitted he’s not that familiar with the whole cybersecurity field either. The Washington Post, November 23, 2018

Two cybersecurity policies, one clear new objective: In the wake of countless cyberattacks, two federal cybersecurity policies are providing much-needed guidance to improve the defense of our nation’s cyber infrastructure, networks and data, setting a clear roadmap on how we can best protect the country. However, the work is not done yet. With a new set of legislators freshly elected, additional steps must be taken to ensure critical cyber policies remain a top priority. The Hill, November 22, 2018

Hackers likely from Russia send phishing emails to hundreds of staff impersonating State Department spokeswoman Heather Nauert, cybersecurity firm says: Hackers impersonated State Department spokeswoman Heather Nauert and another official, Susan Stevenson, as part of an effort to target hundreds of people in U.S. law enforcement and defense and law enforcement agencies, according to cybersecurity research firm FireEye Inc. CBS, November 20, 2018

Cyber Medical

How IoT medical devices save your life and threaten your privacy: Consumers increasingly depend upon IoT devices to help them do everything from improving sleep to monitoring blood sugar levels. In the process, they may be giving up more privacy than expected. TechRepublic, November 21, 2018

Critical Infrastructure

America’s Water Supply- A Perfect Target for Cybercriminals: America’s water supply is increasingly digitized, and increasingly vulnerable. The New York Times, November 19, 2018

Internet of Things

IoT & Cybersecurity: Where we are and what needs to change: Threats are now emerging beyond home and medical devices towards IoT control systems connected to national infrastructures. It is no exaggeration to say that IoT vulnerabilities are a threat to our national and personal security – dangers brought into sharp relief by the growing weaponisation of cybersecurity on the world stage. The Stack, November 22, 2018

SecureTheVillage Calendar

SecureTheVillage Leadership Council Member Ara Aslanian speaks at Cyber Security Summit. November 29 @ 7:45 am – 6:00 pm

Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy