Secure the Village
Cybersecure LA 2018 Photographs: Thanks to everyone who made Cybersecure Los Angeles 2018 the great event that it was. Our wonderful guests. Our fabulous speakers. Our generous sponsors. Our Leadership Council. Dr. Charla Griffy-Brown and her colleagues at the Pepperdine Graziadio Business School. And our great support staff: SecureTheVillage’s Jennifer Nerad-Sultan along with Stephanie Contreras and Christina LeRubio from Pepperdine. Thanks to the village!! SecureTheVillage, 2018
Individuals at Risk
Cyber Leak
USPS Site Exposed Data on 60 Million Users: U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity, November 21, 2018
Amazon Snafu Exposed Customers’ Names and Email Addresses: Scant Detail About Incident and Unusual Notification Raises Eyebrows. BankInfoSecurity, November 23, 2018
Cyber Update
Update now! Adobe Flash has another critical security vulnerability: Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority. Naked Security, November 21, 2018
Cyber Defense
Gmail encryption: Everything you need to know: This easy-to-follow guide will help you understand what’s going on with Gmail encryption and what you can do to maximize your messaging privacy. Computerworld, November 22, 2018
10 cybersecurity tips to remember if you’re shopping Black Friday through Cyber Monday: Thanksgiving Weekend — some might call it the Super Bowl of shopping — is here, and it’s set to hit record numbers, according to analysts. ABC, November 22, 2018
Cyber Warning
500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play: Be careful what you’re downloading from Google Play. Especially if it’s one of 13 apps posing as driving games created by one developer called Luiz Pinto. Forbes, November 19, 2018
Cyber Threat
6 mobile security threats you should take seriously in 2019: Mobile malware? Some mobile security threats are more pressing. Every enterprise should have its eye on these issues in the coming year. CSO, November 20, 2018
Information Security Management in the Organization
Information Security Management and Governance
Manufacturers Remain Slow to Recognize Cybersecurity Risk: They have names like Notpetya, Samsam and perhaps the most cynically named WannaCry. The New York Times, November 21, 2018
Cybersecurity at the Core: For too long, cybersecurity has been looked at as one team’s responsibility. If we maintain that mentality, we will fail. Dark Readong, November 20, 2018
Cyber Warning
Ransomware Attacks Ramping up in 2018, Showing No Signs of Stopping: According to a comprehensive new report from Datto, ransomware continues to be the leading form of cyber attack experienced by small- and medium-sized businesses (SMBs). The report looked at the problem of ransomware attacks from the perspective of over 2,400 Managed Service Providers (MSPs) and their more than 500,000 SMB clients. These companies are dealing with the problem of ransomware attacks on a daily basis, and are best able to provide an accurate assessment of just how entrenched the ransomware problem really is. CPO Magazine, November 22, 2018
Cyber Defense
Zero-Trust Frameworks: Securing the Digital Transformation: Zero trust refers to the notion of evaluating the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials. ThreatPost, November 22, 2018
SMB Malware: What Are the Threats and Why Are They Getting Worse?: Small businesses are often targets of malware attacks like CEO fraud, cryptocurrency mining attacks, and ransomware. Here’s how next-generation endpoint protection, patching, and security awareness training can help small businesses protect their networks. PC Mag, November 22, 2018
Cybersecurity Culture
The Path to Improved Cybersecurity Culture: The recent ISACA-CMMI Institute cybersecurity culture research illustrates the accomplishments and gaps that are seen in organizations’ cybersecurity culture. The survey-driven research focuses on culture and continuous improvement, both essential components to a successful cyber risk management program. ISACA, November 22, 2018
Cyber Talent
Why military veterans might be key to closing the cybersecurity jobs gap: Discover why it might be prudent to hire veterans who are already trained in cybersecurity and understand the concepts of militarization. TechRepublic, November 22, 2018
Cybersecurity in Society
Cyber Privacy
‘The End of Trust’ – On Sale in Bookstores and Free to Download Now!: Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier. EFF, November 20, 2018
Surveillance Kills Freedom By Killing Experimentation: In my book Data and Goliath, I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. But this is probably the most important argument as to why society as a whole must protect privacy: it allows society to progress. Schneier On Security, November 16, 2018
Know Your Enemy
Armor’s Annual Black Market Report Shows Cybercrime-as-a-Service is on the Rise: It is no secret that crime has moved online. Cybercrime has been identified as one of the biggest risks to society by the World Economic Forum Global Risk Report 2018. One of the primary drivers behind the boom in cybercrime is the ease of availability of hacking tools as well as a rising Crime-as-a-Service industry found on the dark web. BTC Manager, November 22, 2018
Cyber Freedom
The Cybersecurity 202: At least six states still might not have paper ballot backups in 2020: Several states still have not taken action to ensure their voting machines produce a paper trail, stoking concerns that voters may again head to the polls in 2020 without this widely accepted security practice in place. The Washington Post, November 21, 2018
The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia: On November 4, 2016, the hacker “Guccifer 2.0,” a front for Russia’s military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial elections in Florida and Arizona. Without any evidence whatsoever, he said that Democrats were trying to steal the election through “FRAUD.” Schneier On Security, November 19, 2018
Information Attacks on Democracies: Democracy is an information system. That’s the starting place of our new paper: “Common-Knowledge Attacks on Democracy.” In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States. Schneier On Security, November 15, 2018
National Cybersecurity
US presses allies to ditch Huawei citing cybersecurity risks from China – report: Washington has been on a mission to discourage its allies from using Chinese telecommunication giant Huawei’s equipment, the Wall Street Journal reports. The firm earlier slammed the US for using politics for unfair competition. RT, November 23, 2018
Japan cybersecurity minister who doesn’t use computers now admits he doesn’t get cybersecurity either: TOKYO — Japan’s cybersecurity minister, who gained global notoriety last week when he said he doesn’t use a computer, has now admitted he’s not that familiar with the whole cybersecurity field either. The Washington Post, November 23, 2018
Two cybersecurity policies, one clear new objective: In the wake of countless cyberattacks, two federal cybersecurity policies are providing much-needed guidance to improve the defense of our nation’s cyber infrastructure, networks and data, setting a clear roadmap on how we can best protect the country. However, the work is not done yet. With a new set of legislators freshly elected, additional steps must be taken to ensure critical cyber policies remain a top priority. The Hill, November 22, 2018
Hackers likely from Russia send phishing emails to hundreds of staff impersonating State Department spokeswoman Heather Nauert, cybersecurity firm says: Hackers impersonated State Department spokeswoman Heather Nauert and another official, Susan Stevenson, as part of an effort to target hundreds of people in U.S. law enforcement and defense and law enforcement agencies, according to cybersecurity research firm FireEye Inc. CBS, November 20, 2018
Cyber Medical
How IoT medical devices save your life and threaten your privacy: Consumers increasingly depend upon IoT devices to help them do everything from improving sleep to monitoring blood sugar levels. In the process, they may be giving up more privacy than expected. TechRepublic, November 21, 2018
Critical Infrastructure
America’s Water Supply- A Perfect Target for Cybercriminals: America’s water supply is increasingly digitized, and increasingly vulnerable. The New York Times, November 19, 2018
Internet of Things
IoT & Cybersecurity: Where we are and what needs to change: Threats are now emerging beyond home and medical devices towards IoT control systems connected to national infrastructures. It is no exaggeration to say that IoT vulnerabilities are a threat to our national and personal security – dangers brought into sharp relief by the growing weaponisation of cybersecurity on the world stage. The Stack, November 22, 2018
SecureTheVillage Calendar
SecureTheVillage Leadership Council Member Ara Aslanian speaks at Cyber Security Summit. November 29 @ 7:45 am – 6:00 pm
Webinar: Third-Party Security Management. December 6 @ 10:00 am -11:00 am
Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am
Webinar: Managing Cyber-Risk and Insurance. January 10, 2019 @ 10:00 am – 11:00 am