Individuals at Risk
Cyber Privacy
ROBOCALLS ARE GETTING WORSE — HOW DO WE STOP THEM?: If it seems like robocalls are getting worse, it’s not simply your imagination. Over 48 billion robocalls were placed in the US last year, which is 46 percent more than just a year earlier. The US agency in charge of protecting consumers from communications scams, the Federal Communications Commission, anticipates more than half of all calls placed this year will be robocalls. Lawmakers on both sides of the aisle are rushing to push legislation to fix the growing problem. TheVerge, May3, 2019
Alexa, stop recording me: Bill would limit eavesdropping by smart speaker makers: Alexa is apparently listening a little too closely for some people’s comfort. It was recently revealed that Amazon employees can listen to recordings from owners of Alexa devices. Now, California wants to take action to limit that type of intrusion. DigitalTrends, May 3, 2019
Cyber Warning
FCC warns of ‘One Ring’ robocall scam: What to know: The Federal Communications Commission (FCC) is warning consumers about a new robocall scam that prompts an expensive call back. ClickOnDetroit, May 3, 2019
Cyber Threat
Facebook, Instagram Are Phishers’ Favorite Social Platforms. Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019. Social platforms now 4th most-popular category for phishing attacks: Facebook phishing spiked 155.5% in the first quarter of 2019, pushing social media into the fourth most-popular category for phishing attacks. Instagram phishing URLs jumped 1,868%. DarkReading, May 2, 2019
Buying Real Estate? Are your broker and escrow company cybersecurity weaknesses putting you in jeopardy of #BEC #Cyberfraud: Real-estate companies are the current lowest-hanging digital fruit for cybercriminals. “Gone are the days when hackers would only target retailers,” writes security analyst Robert Siciliano in his Finextra article The Top Cyber Security Threats to Real Estate Companies. “These days, bad guys target businesses in any industry, especially those that aren’t quite up on cyber security.” As to why there’s a lack of cybersecurity in the real-estate profession, Siciliano offers the following reason: TechRepublic, April 29, 2019
Cyber Warning
P2P Weakness Exposes Millions of IoT Devices. Security cameras, webcams, baby monitors, smart doorbells, and digital video recorders vulnerable to simple attack: A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. KrebsOnSecurity, April 26, 2019
D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream: Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company. ThreatPost, May 2, 2019
Cyber Update
If you’ve got a Dell computer, update Dell’s SupportAssist: Your new Windows laptop typically ships with an awful lot of bloatware you don’t need. Often, it’ll just slow down your computer a tad. But occasionally, a pre-installed piece of manufacturer cruft can pose a serious security risk — and that’s why you should probably update or uninstall Dell’s SupportAssist right away. The Verge, May 3, 2019
Cyber Humor
Information Security Management in the Organization
Information Security Management and Governance
Only 55% of companies plan to be ready for CCPA implementation: While reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date, according to the OneTrust and the IAPP research. HelpNetSecurity, May 2, 2019
Does Customer Data Privacy Actually Matter? It Should: It’s only April and 2019 is already shaping up to be a banner year for the lack of data privacy. Not a day goes by where our mortgage information, our passwords, and even our old Hotmail emails aren’t wrapped up in some sort of security failure that flouts our digital privacy. Entrepreneur, May 2, 2019
Cyber Warning
Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes: Attackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories according to reports and leaving behind only a ransom note and a lot of questions. BleepingComputer, May 3, 2019
A MYSTERIOUS HACKER GROUP IS ON A SUPPLY CHAIN HIJACKING SPREE: A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply chain hacking spree—and becoming more advanced and stealthy as they go. Wired, May 3, 2019
Data: E-Retail Hacks More Lucrative Than Ever — Krebs on Security … “It’s not just large sites getting popped, it’s mostly small to mid-sized organizations that are being compromised for long periods of time”: For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to double the average price fetched by card-not-present data, meaning cybercrooks now have far more incentive than ever to target e-commerce stores. KrebsOnSecurity, April 30, 2019
Cyber Vulnerability
50,000 enterprise firms running SAP software vulnerable to attack: Up to 50,000 enterprises that have adopted SAP solutions may be susceptible to cyberattacks due to new exploits targeting configuration flaws in the software, researchers say. ZDNet, May 2, 2019
Critical Flaws Found in Eight Wireless Presentation Systems: Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws. ThreatPost, May 2, 2019
Cloud storage misconfigurations continue to plague the data-privacy space: Failures to properly configure databases managed by two companies – Ladders and SkyMed – left personally identifiable employment and medical information (PII) of millions wide open to any internet passerby. ThreatPost, May 2, 2019
Cyber Defense
New study reconfirms what we’ve known for years: “The vast majority of successful attacks today are using known vulnerabilities in well-known software that have been patched already by software vendors.”: “For all the focus and investment in cybersecurity, the majority of businesses in the U.S. and U.K. are still leaving their doors wide open to attacks. Attacks that can potentially stop business operations for a few hours, and at their worst, wipe billions from the value of a company overnight.” So says a new cybersecurity survey conducted by endpoint management specialists 1E and technology market researchers Vanson Bourne, a survey that questioned 600 IT operations and IT security decision-makers across the U.S. and U.K., and found that 60% of the organizations had been breached in the last two years and 31% had been breached more than once. Forbes, May 2, 2019
New Changes to Password Change Recommendations—Making Frequent Password Changes a Thing of the Past: Users hate changing passwords. Passwords are hard to remember and you’re not supposed to write them down. That’s why it’s common to see both weak passwords — qwerty1234 and your dog’s name are a lot easier to remember than HGF45DEsre%$ — and the same passwords used on multiple different web-sites. This is why the National Institute of Standards and Technology (NIST) recently changed its recommendations for passwords to make frequent password changes a thing of the past. And last week Microsoft followed suit by changing their baseline password expiration policy. CitadelOnSecurity, Citadel Information Group, May 1, 2019
Secure The Human
Why older employees are less likely to get tricked by phishing attacks: While Gen Zers think they won’t fall for phishing scams, most don’t even know what “phishing” means, according to a Google report. TechRepublic, May 3, 2019
Social Media Can Be Hazardous to Your Cybersecurity Health Part 2: Solutions: Public Service Announcement: Social media use increases your cybersecurity exposure. Share appropriately. Robert Braun, Esq., JMBM Cybersecurity Lawyer Forum, April 29, 2019
Cybersecurity in Society
Know Your Enemy
Hacker takes over 29 IoT botnets controlled by other hackers. There is no honor among thieves: For the past few weeks, a threat actor who goes online by the name of “Subby” has taken over the IoT DDoS botnets of 29 other hackers, ZDNet has learned. ZDNet, May 3, 2019
Who’s Behind the RevCode WebMonitor RAT?: The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. KrebsOnSecurity, May 2, 2019
Cyber Privacy
Security lapse exposed a Chinese smart city surveillance system: Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running. TechCrunch, May 3, 2019
Cyber Freedom
It is getting harder than ever for VPNs to break through the Great Firewall of China: The censorial Great Firewall of China is famed throughout the world for the restrictions it places on Chinese citizens. Internet users play a game of cat and mouse, seeking tools and methods for slipping through the censoring and spying that the government enforces. betanews, May 3, 2019
Preventing 2020 Campaign Cyberattacks Won’t Be Easy or Cheap: The relative ease with which Russian agents penetrated computers underscores the perilous situation facing campaigns. Snopes, May 3, 2019
National Cybersecurity
The Cybersecurity 202: Iran’s the scariest cyber adversary, former NSA chief says: U.S. government officials are hyper-focused on the hacking threats from Russia and China right now, but it’s the threat from Iran that keeps former NSA director Keith Alexander up at night. The Washington Post, May 3, 2019
Critical Infrastructure
‘Denial of service condition’ disrupted US energy company operations: An energy company providing power in several western U.S. states experienced a “denial-of-service condition” serious enough to warrant reporting it to the government’s energy authority. TechCrunch, May 2, 2019
SecureTheVillage Calendar
Webinar: SecureTheVillage June Webinar
CCPA, Part 3: Minimum Reasonable Security Practices
June 6 @ 10:00 am – 11:00 am
Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am
Webinar: SecureTheVillage July Webinar
July 4 @ 10:00 am – 11:00 am
Webinar: SecureTheVillage August Webinar
August 1 @ 10:00 am – 11:00 am