Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, June 23, 2019

June 23, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, June 23, 2019

Individuals at Risk

Cyber Privacy

Phishing Attack Exposes Data of 645,000 Oregon DHS Clients: The Department of Human Services (DHS) in Oregon today started notifying over half a million of its clients that their personal information was exposed to an unauthorized party in a data breach incident announced earlier this year. Bleeping Computer, June 19, 2019

Bella Thorne shares personal photos after hacker threatens to extort her over them: How do you handle a hacker trying to extort you by threatening to release personal photos? If you’re Bella Thorne, you beat them to the punch. ABC, June 17, 2019

Cyber Privacy – Facebook

Sheryl Sandberg: Backlash over Facebook’s potential privacy breach has ‘been hard’: Sheryl Sandberg feels attacked. Facebook’s number two said the firestorm over Facebook’s potential privacy and data breach violations has been personally difficult for her. Page Siz, June 19, 2019

Identity Theft

Desjardins, Canada’s largest credit union, announces security theft of personal information by employee: Today, Desjardins, Canada’s largest credit union and one of the world’s biggest banks, announced a security breach caused by a former employee. ZDNet, June 20, 2019

Cyber Update

Update Firefox now! Zero-day found in the wild: Mozilla has fixed a critical zero-day bug in the latest point releases of the Firefox web browser. The security flaw allows attackers to run their own code by exploiting the browser with malicious JavaScript, and people are already targeting Firefox users in the wild. NakedSecurity, June 20, 2019

Cyber Defense

You’d better change your birthday – hackers may know your PIN. … Are you in the 26% of people who use one of these PIN codes to unlock their phones?: You’ve likely seen a list of top 25 passwords that get reused time and time again – “password” is a usual suspect – but what about phone PIN numbers? How unique are the PIN codes that we choose to stop cybercriminals from getting into our phones and their eyes onto our most precious accounts? welivesecurity, June 19, 2019

3 ways AI will change the nature of cyber attacks: Cyberattacks are becoming ubiquitous and have been recognized as one of the most strategically significant risks facing the world today. In recent years, we have witnessed digital assaults against governments and the owners of critical infrastructure, large private corporations and smaller ones, educational institutions and non-profit organizations. Not only is no sector immune from cyberattacks, the level of sophistication of the threats they face is continually increasing. WorldEconomicForum, June 19, 2019

Consumers Urged to Junk Insecure IoT Devices: A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security. ThreatPost, June 18, 2019

Cyber Warning

Houdini malware targets victims with keylogger, online bank account theft tools: A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. ZDNet, June 17, 2019

Don’t Get Duped by This Sneaky Google Calendar Spam: Are you drowning in calendar invites from people you don’t know? There might be an ominous reason: According to cybersecurity firm Kaspersky Labs, crafty scammers have weaponized Google Calendar by taking advantage of a setting you probably didn’t know about. PC Magazine, June 17, 2019

Cyber Humor

Information Security Management in the Organization

Cybersecurity in the C-Suite

Cybersecurity Accountability Spread Thin in the C-Suite … While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go: A spate of recent surveys offer indications that the philosophy that “cybersecurity is everyone’s responsibility” is gaining steam in the C-suite at most large organizations. But digging into the numbers — and keeping in mind perennially abysmal breach statistics — it’s clear that while awareness has broadened across the board room, accountability and action are still spread pretty thin. DarkReading, June 20, 2019

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy: A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. KrebsOnSecurity, June 19, 2019

Forthright handling of cybercrime essential to improved results: While it is has become generally well-known that enterprises have a problem dealing with cybercrime, the true extent of the problem is much worse than many realize. In fact, even the entities that really ought to know the reality – such as legal and regulatory authorities – are generally in the dark about how many incidents are occurring and how severe they are. CSO, June 18, 2019

Cyber Risk Management

NASA’s Jet Propulsion Laboratory At Risk for Cybersecurity Threats: NASA’s Jet Propulsion Laboratory (JPL) has multiple IT security control weaknesses that reduce JPL’s ability to prevent cybersecurity attacks, exposing NASA systems and data to exploitation by cyber criminals, says the NASA Office of Inspector General report. Security Magazine, June 19, 2019

Cyber Defense

As GandCrab gang prepares to retire, decryptor for v5.2 of ransomware released: The purportedly final version of GandCrab ransomware can now be neutralized with a new decryption tool, made available to the public. SC Magazine, June 18, 2019

Cyber Update

Oracle issues emergency update to patch actively exploited WebLogic flaw: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. ars technica, June 19, 2019

Secure The Human

Welcome to the Next Generation of Corporate Phishing Scams: All it takes is for one employee to open and click on a bogus email to compromise a company’s corporate security. Fortune, June 19, 2019

Cyber Law

Bipartisan House lawmakers announce compromise anti-robocall bill: A bipartisan pair of House lawmakers on Thursday unveiled a compromise bill aimed at thwarting the scourge of robocalls dialing up U.S. consumers, about one month after the Senate adopted its own anti-robocall bill. The Hill, June 20, 2019

Cybersecurity in Society

Cyber Privacy

How has the California Consumer Privacy Act (CCPA) changed data privacy in the US?: 2018 was the year of GDPR: the General Data Protection Regulation, a comprehensive update to privacy laws enacted by the European Union. Econsultancy, June 18, 2019

Cyber Crime

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000: MIAMI — The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s computer systems. June 19, 2019

Cyber Attack

A Rogue Raspberry Pi Let Hackers Into NASA’s JPL Network: NASA’s Jet Propulsion Laboratory (JPL) works with some of the most advanced technology in the world, including Mars rovers and space telescopes. However, it was a relatively simple piece of consumer technology that allowed hackers to break into its network and steal data. According to a report from the US Office of the Inspector General (OIG), someone connected an unauthorized Raspberry Pi to a JPL network, giving hackers a way into the systems. Extreme Tech, June 20, 2019

National Cybersecurity

The Guardian says it was warned of cyber attacks by Saudi Arabia … says it was alerted by a source in Riyadh that it was being targeted by the unit following the murder of journalist Jamal Khashoggi: The Guardian says that it was warned earlier this year about efforts by a cybersecurity unit in Saudi Arabia to “hack” its computer networks. The Guardian, June 19, 2019

U.S. Cyber Command, Russia and Critical Infrastructure: What Norms and Laws Apply?: According to the New York Times, the United States is “stepping up digital incursions into Russia’s electric power grid.” The operations involve the “deployment of American computer code inside Russia’s grid and other targets,” supposedly to warn Russia against conducting further hostile cyber operations against U.S. critical infrastructure, and to build the capability to mount its own robust cyber operations against Russia in the event of a conflict. This is not the first time such assertions have surfaced. For instance, in Operation Nitro Zeus, the United States allegedly “bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital ‘implants’ in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out.” Just Security, June 18, 2019

Cyber Freedom

Voting machine giant lobbies for paper ballots over election security concerns … The US’s largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail …: The US’s largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail, a sharp departure after years of selling paperless digital machines that can’t be fully audited. The change of stance comes amid concerns over the security of elections following Russia’s interference effort in the 2016 presidential election. CNN, June 19, 2019

Cyber Government

Maryland governor signs order to boost cybersecurity after Baltimore ransomware attack: Maryland Gov. Larry Hogan (R) on Tuesday signed an executive order aimed at strengthening the state’s cybersecurity capabilities, a month after a debilitating ransomware attack on Baltimore city networks disabled several services. The Hill, June 18, 2019

Internet of Things

IoT explodes worldwide, researchers investigate security issues present in the devices real users own: About 40 percent of households across the globe now contain at least one IoT device, according to Avast. HelpNetSecurity, June 20, 2019

Fake News

We Must Prepare for the Next Pandemic: When the next pandemic strikes, we’ll be fighting it on two fronts. The first is the one you immediately think about: understanding the disease, researching a cure and inoculating the population. The second is new, and one you might not have thought much about: fighting the deluge of rumors, misinformation and flat-out lies that will appear on the internet. Schneier on Security, June 17, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage July Webinar
July 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable
August 1 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage September Webinar
September 5 @ 10:00 am – 11:00 am

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy