Individuals at Risk
Cyber Privacy
Phishing Attack Exposes Data of 645,000 Oregon DHS Clients: The Department of Human Services (DHS) in Oregon today started notifying over half a million of its clients that their personal information was exposed to an unauthorized party in a data breach incident announced earlier this year. Bleeping Computer, June 19, 2019
Bella Thorne shares personal photos after hacker threatens to extort her over them: How do you handle a hacker trying to extort you by threatening to release personal photos? If you’re Bella Thorne, you beat them to the punch. ABC, June 17, 2019
Cyber Privacy – Facebook
Sheryl Sandberg: Backlash over Facebook’s potential privacy breach has ‘been hard’: Sheryl Sandberg feels attacked. Facebook’s number two said the firestorm over Facebook’s potential privacy and data breach violations has been personally difficult for her. Page Siz, June 19, 2019
Identity Theft
Desjardins, Canada’s largest credit union, announces security theft of personal information by employee: Today, Desjardins, Canada’s largest credit union and one of the world’s biggest banks, announced a security breach caused by a former employee. ZDNet, June 20, 2019
Cyber Update
Update Firefox now! Zero-day found in the wild: Mozilla has fixed a critical zero-day bug in the latest point releases of the Firefox web browser. The security flaw allows attackers to run their own code by exploiting the browser with malicious JavaScript, and people are already targeting Firefox users in the wild. NakedSecurity, June 20, 2019
Cyber Defense
You’d better change your birthday – hackers may know your PIN. … Are you in the 26% of people who use one of these PIN codes to unlock their phones?: You’ve likely seen a list of top 25 passwords that get reused time and time again – “password” is a usual suspect – but what about phone PIN numbers? How unique are the PIN codes that we choose to stop cybercriminals from getting into our phones and their eyes onto our most precious accounts? welivesecurity, June 19, 2019
3 ways AI will change the nature of cyber attacks: Cyberattacks are becoming ubiquitous and have been recognized as one of the most strategically significant risks facing the world today. In recent years, we have witnessed digital assaults against governments and the owners of critical infrastructure, large private corporations and smaller ones, educational institutions and non-profit organizations. Not only is no sector immune from cyberattacks, the level of sophistication of the threats they face is continually increasing. WorldEconomicForum, June 19, 2019
Consumers Urged to Junk Insecure IoT Devices: A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security. ThreatPost, June 18, 2019
Cyber Warning
Houdini malware targets victims with keylogger, online bank account theft tools: A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. ZDNet, June 17, 2019
Don’t Get Duped by This Sneaky Google Calendar Spam: Are you drowning in calendar invites from people you don’t know? There might be an ominous reason: According to cybersecurity firm Kaspersky Labs, crafty scammers have weaponized Google Calendar by taking advantage of a setting you probably didn’t know about. PC Magazine, June 17, 2019
Cyber Humor
Information Security Management in the Organization
Cybersecurity in the C-Suite
Cybersecurity Accountability Spread Thin in the C-Suite … While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go: A spate of recent surveys offer indications that the philosophy that “cybersecurity is everyone’s responsibility” is gaining steam in the C-suite at most large organizations. But digging into the numbers — and keeping in mind perennially abysmal breach statistics — it’s clear that while awareness has broadened across the board room, accountability and action are still spread pretty thin. DarkReading, June 20, 2019
Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy: A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. KrebsOnSecurity, June 19, 2019
Forthright handling of cybercrime essential to improved results: While it is has become generally well-known that enterprises have a problem dealing with cybercrime, the true extent of the problem is much worse than many realize. In fact, even the entities that really ought to know the reality – such as legal and regulatory authorities – are generally in the dark about how many incidents are occurring and how severe they are. CSO, June 18, 2019
Cyber Risk Management
NASA’s Jet Propulsion Laboratory At Risk for Cybersecurity Threats: NASA’s Jet Propulsion Laboratory (JPL) has multiple IT security control weaknesses that reduce JPL’s ability to prevent cybersecurity attacks, exposing NASA systems and data to exploitation by cyber criminals, says the NASA Office of Inspector General report. Security Magazine, June 19, 2019
Cyber Defense
As GandCrab gang prepares to retire, decryptor for v5.2 of ransomware released: The purportedly final version of GandCrab ransomware can now be neutralized with a new decryption tool, made available to the public. SC Magazine, June 18, 2019
Cyber Update
Oracle issues emergency update to patch actively exploited WebLogic flaw: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. ars technica, June 19, 2019
Secure The Human
Welcome to the Next Generation of Corporate Phishing Scams: All it takes is for one employee to open and click on a bogus email to compromise a company’s corporate security. Fortune, June 19, 2019
Cyber Law
Bipartisan House lawmakers announce compromise anti-robocall bill: A bipartisan pair of House lawmakers on Thursday unveiled a compromise bill aimed at thwarting the scourge of robocalls dialing up U.S. consumers, about one month after the Senate adopted its own anti-robocall bill. The Hill, June 20, 2019
Cybersecurity in Society
Cyber Privacy
How has the California Consumer Privacy Act (CCPA) changed data privacy in the US?: 2018 was the year of GDPR: the General Data Protection Regulation, a comprehensive update to privacy laws enacted by the European Union. Econsultancy, June 18, 2019
Cyber Crime
Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000: MIAMI — The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s computer systems. June 19, 2019
Cyber Attack
A Rogue Raspberry Pi Let Hackers Into NASA’s JPL Network: NASA’s Jet Propulsion Laboratory (JPL) works with some of the most advanced technology in the world, including Mars rovers and space telescopes. However, it was a relatively simple piece of consumer technology that allowed hackers to break into its network and steal data. According to a report from the US Office of the Inspector General (OIG), someone connected an unauthorized Raspberry Pi to a JPL network, giving hackers a way into the systems. Extreme Tech, June 20, 2019
National Cybersecurity
The Guardian says it was warned of cyber attacks by Saudi Arabia … says it was alerted by a source in Riyadh that it was being targeted by the unit following the murder of journalist Jamal Khashoggi: The Guardian says that it was warned earlier this year about efforts by a cybersecurity unit in Saudi Arabia to “hack” its computer networks. The Guardian, June 19, 2019
U.S. Cyber Command, Russia and Critical Infrastructure: What Norms and Laws Apply?: According to the New York Times, the United States is “stepping up digital incursions into Russia’s electric power grid.” The operations involve the “deployment of American computer code inside Russia’s grid and other targets,” supposedly to warn Russia against conducting further hostile cyber operations against U.S. critical infrastructure, and to build the capability to mount its own robust cyber operations against Russia in the event of a conflict. This is not the first time such assertions have surfaced. For instance, in Operation Nitro Zeus, the United States allegedly “bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital ‘implants’ in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out.” Just Security, June 18, 2019
Cyber Freedom
Voting machine giant lobbies for paper ballots over election security concerns … The US’s largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail …: The US’s largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail, a sharp departure after years of selling paperless digital machines that can’t be fully audited. The change of stance comes amid concerns over the security of elections following Russia’s interference effort in the 2016 presidential election. CNN, June 19, 2019
Cyber Government
Maryland governor signs order to boost cybersecurity after Baltimore ransomware attack: Maryland Gov. Larry Hogan (R) on Tuesday signed an executive order aimed at strengthening the state’s cybersecurity capabilities, a month after a debilitating ransomware attack on Baltimore city networks disabled several services. The Hill, June 18, 2019
Internet of Things
IoT explodes worldwide, researchers investigate security issues present in the devices real users own: About 40 percent of households across the globe now contain at least one IoT device, according to Avast. HelpNetSecurity, June 20, 2019
Fake News
We Must Prepare for the Next Pandemic: When the next pandemic strikes, we’ll be fighting it on two fronts. The first is the one you immediately think about: understanding the disease, researching a cure and inoculating the population. The second is new, and one you might not have thought much about: fighting the deluge of rumors, misinformation and flat-out lies that will appear on the internet. Schneier on Security, June 17, 2019
SecureTheVillage Calendar
Webinar: SecureTheVillage July Webinar
July 4 @ 10:00 am – 11:00 am
Financial Services Cybersecurity Roundtable
August 1 @ 10:00 am – 11:00 am
Webinar: SecureTheVillage September Webinar
September 5 @ 10:00 am – 11:00 am