Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, June 2, 2019

June 2, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, June 2, 2019

Individuals at Risk

Cyber Privacy – Facebook

In Class-Action Lawsuit Over Cambridge Analytica, Facebook Lawyer Says You Don’t Have Any Privacy on the Site. The Next Day, Zuckerberg Tells Shareholders He Wants to Build a “privacy-focused social platform.”: Just one day before Facebook CEO Mark Zuckerberg said at a shareholder meeting that he wants to build a “privacy-focused social platform,” the company’s lawyer argued that privacy doesn’t actually exist on Facebook. Digital Trends, May 30, 2019

Cyber Danger

Why You Shouldn’t Use The Wi-Fi In Your Airbnb, According To A Hacker: Most Airbnb users book stays with no major issues. But staying in a stranger’s house means you inevitably make yourself vulnerable to some risks, some of which have included scams, hidden cameras and discrimination. It can be hard to let your guard down while renting an Airbnb ― and you shouldn’t, even if everything seems to check out. Huffpost, May 29, 2019

Cyber Defense

Lock Down Your Login. What is Two-Factor … also called Multi-Factor … Authentication (MFA) and Why You Need to Use it. SANS Security Awareness Newsletter. [Oldie but Goodie]: The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages. The most common authentication method is passwords, which are something you know. Unfortunately, using passwords just by themselves is proving to be more and more insecure. In this newsletter, we teach you how to protect yourself and lock down your login with something far better than just passwords. It’s called two-factor authentication. SANS, December 2017

Cyber Warning

Phishing Emails Pretend to be Office 365 ‘File Deletion’ Alerts: A new phishing campaign is underway that pretends to be from the “Office 365 Team” warning recipients that there has been unusual amount of file deletions occurring on their account. BleepingComputer, May 28, 2019

Cyber Humor

Information Security Management in the Organization

Information Security Management and Governance

Ransomware Succeeds Because Targets Don’t Learn From History: It was writer, poet, and philosopher George Santayana, who said in 1905 that, “Those who cannot remember the past are condemned to repeat it.” British Prime Minister Winston Churchill reportedly updated it a bit in 1948 with, “Those who fail to learn from history are condemned to repeat it.” Forbes, May 30, 2019

Cybersecurity in the C-Suite

New Centrify Report Confirms What We Already Know: Most businesses ‘overconfident’ in their ability to stop cybersecurity breaches: Some 93% of organizations said they feel prepared against cyberthreats, though they lack common cyber best practices, according to a Centrify report. TechRepublic, May 30, 2019

Cyber Update

IT Depts. MSPs. Microsoft issues second security warning over BlueKeep, a recently discovered critical vulnerability in Remote Desktop Protocol service that can be exploited worm-like in old operating systems to take over unpatched devices: Microsoft has issued a second security warning over BlueKeep, a recently discovered vulnerability in its Remote Desktop Protocol service that could enable attackers to use a worm-like exploit to take over devices running unpatched older Windows operating systems. BankInfoSecurity, May 31, 2019

Cyber Defense

4 tips for getting the most from threat intelligence: It’s easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance. CSO, May 30, 2019

Five tips for protecting your organization’s online data from inadvertant exposure as new study says number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion in last year: Organizations rely on various storage tools and technologies to provide online access to certain data. SMB, FTP, rsync, Amazon S3, and NAS drives are all used to make necessary files available to the people who need them. But the improper use of these technologies is exposing sensitive information and leaving those files vulnerable to attackers, according to a report released Thursday by Digital Shadows. TechRepublic, May 30, 2019

Secure The Human

Should Failing Phish Tests Be a Fireable Offense?: Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach). KrebsOnSecurity, May 29, 2019

Cybersecurity in Society

Cyber Privacy

How a quantum computer could break 2048-bit RSA encryption in 8 hours … And new analysis shows it’s going to happen a lot sooner than anyone ever thought: Many people worry that quantum computers will be able to crack certain codes used to send secure messages. The codes in question encrypt data using “trapdoor” mathematical functions that work easily in one direction but not in the other. That makes encrypting data easy but decoding it hugely difficult without the help of a special key. MIT Technology Review, May 30, 2019

Cyber Breach

One of New York’s largest nonprofits suffers data breach. People Inc. says an employee email account was the source. Another sad illustration of the importance of multi-factor authentication (MFA): People Inc., one of western New York’s largest non-profit agencies, has revealed a data breach which has exposed sensitive medical information belonging to current and former clients. ZDNet, May 31, 2019

Cyber Attack

Tax delays and canceled home sales: The costly ripple effects of today’s cyber-attacks: On May 7, accounting software company Wolters Kluwer faced a devastating malware attack, shutting off service and panicking many accountants who were racing to file their clients’ tax returns by a May 15 deadline. CNBC, May 26, 2019

Know Your Enemy

It only takes three seconds … An account of why the cyber criminals are winning. Hint: It’s basic hygiene, not rocket science: On Monday, May 6, accountants around the United States woke up to start their workweek only to discover that their CCH products — a suite of tax and other solutions offered by Wolters Kluwer Tax & Accounting — were down. Confusion turned to panic, which then turned to anger pretty soon after customers were informed the company had been the victim of a cyberattack. accountingToday, May 29, 2019

National Cybersecurity

NSA Deflects Blame for Baltimore Ransomware Attack: An agency’s policy advisor says city officials had more than two years to patch computers against the attack. Defense One, May 31, 2019

Cyber Command appoints new No. 2 amid growing battle with foreign hackers: The head of U.S. Cyber Command has tapped the organization’s chief of staff to be his new deputy, filling a critical vacancy as the command looks to bolster operations to defend the 2020 elections from foreign interference. Politico, May 30, 2019

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc: For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services. The New York Times, May 25, 2019

Cyber Freedom

Political Parties Get Poor Cybersecurity Report Card: Political parties in both the US and Europe could try harder when it comes to cybersecurity, warned a report from SecurityScorecard in May. InfoSecurity, May 31, 2019

GAO says Cybersecurity, IT Systems Risks Still Loom High Over 2020 Census: With less than a year until Census Day left, the Government Accountability Office (GAO) said that the Census Bureau’s critical census IT systems and cybersecurity mitigation and contingency plans are high-concern areas among the 360 active risks for the 2020 Census that GAO identified in a report today. MeriTalk, May 31, 2019

Mueller remarks put renewed focus on election security bills: Legislation aimed at securing U.S. elections got an unexpected shot in the arm this week when Robert Mueller devoted a fair share of his first remarks on the Russia probe to the threat posed by foreign actors seeking to undermine democracy at the ballot box. The Hill, May 30, 2019

Perhaps Mueller’s most consequential comment was his blunt counterintelligence assessment: “Russian intelligence officers, who are part of the Russian military, launched a concerted attack on our political system.”: One of the least discussed but perhaps most consequential comments by special counsel Robert S. Mueller III during his appearance before reporters this week was his blunt counterintelligence assessment: “Russian intelligence officers, who are part of the Russian military, launched a concerted attack on our political system.” The Washington Post, May 30, 2019

Forget Mueller: Our pants are still down on election security, and Facebook can’t save us: Special counsel Robert Mueller’s press conference Wednesday, which briefly described his team’s thinking about how they approached obstruction allegations against the president, buried one largely buried story about the entire affair: Then and now, we as a country still collectively have our pants down on cybersecurity. CNBC, May 29, 2019

US Officials Say Foreign Election Hacking Is Inevitable. We Must Become Cyber-Resilient and Able to Withstand a Breach. Take a Licking and Keep On Ticking!!: WASHINGTON — The hacking of U.S. election systems, including by foreign adversaries, is inevitable, and the real challenge is ensuring the country is resilient enough to withstand catastrophic problems from cyber breaches, government officials said Wednesday. The New York Times, May 22, 2019

Cyber Regulation

A New Standard Modeled After New York’s Department of Financial Services (NYDFS) 23 NYCRR 500 Is Emerging In Cybersecurity Regulations: In response to worries over data security, New York’s Department of Financial Services (NYDFS) enacted a set of cybersecurity regulations that is quickly becoming the standard for data security in the financial industry. The regulation, officially known as 23 NYCRR 500, went into effect in March 2017. Since then, the NYDFS regulations have grown in popularity and are now popping up in a number of other agency regulations. Forbes, May 31, 2019

NY Investigates Exposure of 885 Million Mortgage Documents: New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. KrebsOnSecurity, May 31, 2019

How Much Will Be Enough? Third-Party Diligence Under the NYDFS Cybersecurity Requirements: Recent enforcement actions by other regulatory bodies in response to data breaches attributable to third parties may shed some light on what Covered Entities should do and what level of due diligence DFS may expect when it comes to third parties. New York Law Journal, May 31, 2019

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors: Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. KrebsOnSecurity, May 30, 2019

New York “On Brink” of Passing Law to Set GDPR-Like Information Security and Privacy Management Standards for All Companies Holding Information of New York Residents: New York’s lawmakers are on the brink of passing a data security law that will give New Yorkers more information about how their data is being used and when it has been compromised. DUO, May 30, 2019

California Assembly Approves Amendments to Exclude Employees from CCPA, Protect Loyalty Programs: On Tuesday and Wednesday of this week, the California Assembly voted to approve four bills to amend the California Consumer Privacy Act (CCPA). The legislation now moves to the California Senate. AD Law Access, May 30, 2019

Complying with the California Consumer Privacy Act in 5 (more or less) Not So Easy Steps: Part 3 – The Privacy Policy: This is the third in a series of articles on complying with the California Consumer Privacy Act (CCPA). The CCPA is estimated to directly impact more than 500,000 businesses, many of them smaller and mid-size businesses; even more companies that are not specifically subject to the CCPA will need to comply to do business with those that are. Robert Braun, Esq., SecureTheVillage Leadership Council, JMBM Cybersecurity Lawyer Forum, May 28, 2019

Cyber Miscellany

The AI gig economy is coming for you: The artificial-intelligence industry runs on the invisible labor of humans working in isolated and often terrible conditions—and the model is spreading to more and more businesses. MIT Technology Review, May 31, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage June Webinar
CCPA, Part 3: Minimum Reasonable Security Practices
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
Raising Cybersecurity Awareness – Essential Training Information for Bank Employees, Officers, and Customers
Kimberly Pease, Vice President and Co-founder, Citadel Information Group
June 14 @ 8:00 am – 10:00 am

Webinar: SecureTheVillage July Webinar
July 4 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage August Webinar
August 1 @ 10:00 am – 11:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy