SecureTheVillage
Plain Speaking on Cybersecurity: A FREE Expert Panel Summertime Lunch Series from SecureTheVillage and the Los Angeles Cyber Lab.
July 24: Cyber Risk: The Cybercriminal Threat Landscape
August 7: Cyber Risk: The Cybersecurity and Cyber Privacy Legal Threat Landscape
August 28: SecuringTheHuman: Growing the Community
All events: 12:00 – 2:00. DTLA at the Law Offices of Buchalter. Lunch included.
Individuals at Risk
Cyber Update
Cyber Command warns of new attacks and malware potentially linked to Iran … Users told to make sure Outlook is updated and patched: United States Cyber Command issued a warning Tuesday about hackers using a security flaw in Microsoft’s Outlook email program, while also uploading new malware to an archive used by cybersecurity researchers that one expert believes is connected to an infamous Iranian attack. Axios, July 2, 2019
Cyber Warning
Popular cloud storage app hides a rather nasty surprise: 4shared app delivers invisible ads and incurs unwanted charges on mobile devices. TechRadar, July 4, 2019
Cyber Privacy
Amazon Admits Alexa Voice Recordings Saved Indefinitely: Amazon’s acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again. Threatpost, July 3, 2019
Know Your Enemy
Robocalls are not only annoying — there’s an entire dirty industry behind them, FTC reveals: The Federal Trade Commission announced last week a crackdown on robocallers, giving one of the clearest pictures yet of the people and organizations behind the avalanche of nuisance phone calls to consumers. CNBC, July 5, 2019
Cyber Humor
Information Security Management in the Organization
Information Security Management and Governance
THE BIGGEST CYBERSECURITY CRISES OF 2019 SO FAR: SIX MONTHS OF 2019 are on the books already, and certainly there have been six months’ worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide. Wired, July 5, 2019
11 Eye Opening Cyber Security Statistics for 2019: Invented in 1989, the World Wide Web is home to around 2 billion websites today. This unimaginable expansion has brought the world closer and shrunk it into a small global village. The internet is responsible for fast forwarding the world’s technological progress and advancing us hundreds of years ahead. CSO, June 25, 2019
NTT Security’s Risk:Value 2019 Report Reveals That UK [and U.S.] Organizations Are Failing To Implement Cybersecurity Best Practice: UK organizations are failing to make progress towards strong cybersecurity and are facing paralysis as cybercriminals become more advanced. This is the conclusion drawn from the findings of the 2019 Risk:Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialized security company and center of excellence in security for NTT Group. SecurityInformed, June 27, 2019
Mobile Security Versus Desktop and Laptop Security: Is There Even a Difference Anymore? Do you remember your first mobile phone, and the newfound feelings of connectedness and convenience that came with it? SecurityIntelligence, April 19, 2019
Cybersecurity in the C-Suite
Cyber Diligence: Study Reveals Cybersecurity Concerns are Becoming a Critical Factor in M&A Due Diligence: Unreported data breaches have disrupted several major M&A deals in recent years, such as Marriott International’s merger with the Starwood hotel chain. The growing list of cautionary (and costly) tales appears to be making an impression in the M&A space, as a recent study of IT professionals and business executives by Forescout Technologies has found. The National Law Review, July 3, 2019
Cyber Defense
Of mice and malware: Some of the most important training I got for a career in computer security research was not from a computer-related class, but in a biology class. While these two disciplines may seem entirely unrelated, the skills that are needed in both cases can have some interesting overlap. CSO, July 3, 2019
Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers: It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. KrebsOnSecurity, July 28, 2019
Cybersecurity in Society
Cyber Surveillance
Due to weak oversight, we don’t really know how tech companies are using facial recognition data: The recent hack of a U.S. Customs and Border Protection subcontractor’s database confirmed fears that biometric data—such as photo IDs and fingerprints—are vulnerable to hacking. FastCompany, July 5, 2019
Biased and wrong? Facial recognition tech in the dock: Police and security forces around the world are testing out automated facial recognition systems as a way of identifying criminals and terrorists. But how accurate is the technology and how easily could it and the artificial intelligence (AI) it is powered by – become tools of oppression? BBC, July 5, 2019
Cyber Defense
What is the CISA? How the new federal agency protects critical infrastructure from cyber threats: The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation’s critical infrastructure. CSO, July 1, 2019
iCloud goes down: Apple joins the Google, Facebook, Cloudflare cloud outage club: What’s going on? It’s cloud outage month, and there’s nothing users can do about it. ZDNet, July 5, 2019
THE INFRASTRUCTURE MESS CAUSING COUNTLESS INTERNET OUTAGES: IN A WEEKS-LONG stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world—including the internet infrastructure firm Cloudflare—experienced hours of outages. These incidents may sound different, but they actually all resulted from problems—some accidental, some malicious—with a fundamental internet routing system called the Border Gateway Protocol. Wired, June 29, 2019
National Cybersecurity
What the debate over ransomware attacks on local and state governments is missing: The impact of ransomware attacks against state and local governments continues to make headlines. High-profile attacks against Atlanta, Baltimore and now Riviera Beach, Lake City and Key Biscayne in Florida expose the challenges governors, mayors and local leaders confront in deciding whether to pay a ransom to cyber criminals to regain control of their data. The Hill, July 5, 2019
The U.S. Unleashes Its Cyberweapons: In late June, an Iranian missile knocked a U.S. unmanned aerial vehicle (UAV) on a reconnaissance mission out of the sky and into the Gulf of Oman. The shootdown sent ripples of concern throughout the Persian Gulf that the incident could lead both countries down a path to greater conflict. But the U.S. military response barely made a splash. That’s because instead of a conventional airstrike against Iranian forces, the U.S. response came in the form of a cyberattack targeting missile command and control systems of the Islamic Revolutionary Guard Corps. Stratfor, July 5, 2019
Hacker Heaven: Huawei’s Hidden Back Doors Found: WASHINGTON: In a world where Chinese hackers steal everything from F-35 schematics to federal personnel files, why should we worry about Huawei? Because, cybersecurity experts explain, network routers, surveillance cameras and other widely sold devices from Huawei, Dahua, and other Chinese firms are riddled with vulnerabilities — flaws that are easy for attackers to exploit but hard for defenders to find, because they’re buried deep in what’s known as firmware. BreakingDefense, July 5, 2019
Military satellites are still worryingly vulnerable to cyberattack: A new report says hackers could wreak havoc by interfering with space-based communications and navigation services that NATO armies rely on. MIT Technology Review, July 2, 2019
Researchers crack open Facebook campaign that pushed malware for years: Researchers have exposed a network of Facebook accounts that used Libya-themed news and topics to push malware to tens of thousands of people over a five-year span. ars technica, July 1, 2019
Cyber Law
In California, It’s Now Illegal For Some Bots to Pretend to Be Human: The transparency law is the first of its kind in the U.S. and could serve as a template for future efforts to make it clear who’s real and who’s not online. DailyBeast, July 5, 2019
CCPA Update: Employee Exemption Bill Amended in Senate Committee: California legislators are tweaking language in a proposal to exclude employee or job applicant data from the State’s landmark privacy law slated to take effect in January. JDSupra, July 3, 2019
Maine And Nevada Sign Into Law Consumer Privacy Laws: The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals on the state level, and started a shift in the consumer privacy law landscape. Many of these proposals end up dying somewhere along the rigorous legislative process, but in the last few weeks both Maine and Nevada signed into law bills that, although much more narrow than the CCPA, certainly bear resemblance. JDSupra, July 3, 2019.
Cyber Regulation
D-Link agrees to 10 years of security audits to settle FTC case: After years of litigation and countless security issues, D-Link has settled its case with the Federal Trade Commission over poor security practices. Under the terms of the settlement, the company has agreed to implement a comprehensive security program for its routers and webcams, including third-party security audits every two years until 2030. The company is also required to check for security vulnerabilities before releasing a product, actively monitor for vulnerabilities once a product is released, and accept reports from third-party security researchers. The Verge, July 4, 2019
Internet of Things
Why are they “smart” locks if more money buys you less security?: We’ve written about so-called digital padlocks before, usually not very enthusiastically. NakedSecurity, July 4, 2019
Cyber Enforcement
Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison: Six years later, DerpTrolling, the hacker who started all the Christmas DDoS attacks, gets prison time. ZDNet, July 4, 2019
Cyber Miscellany
Bitcoin eats as much energy as Switzerland: Bitcoin is eating up about seven gigawatts per year, according to a new tool from University of Cambridge’s Centre for Alternative Finance, called the Cambridge Bitcoin Electricity Consumption Index (CBECI). NakedSecurity, July 5, 2019
SecureTheVillage Calendar — Register Now
LA Management of an Accounting Practice (MAP): Future of Public Accounting: Cyber Security & Technology Became Game Changers– a Dynamic Panel Discussion | G2190719
July 10 @ 12:00 pm – 2:00 pm
Plain Speaking on Cybersecurity Program 1: Cyber Risk: The Cybercriminal Threat Landscape
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
July 24 @ 12:00 pm – 2:00 pm
Webinar: SecureTheVillage July Webinar: Cyber Risk Management
Panelists: Howard Miller, Charla Griffy-Brown
July 25 @ 10:00 am – 11:00 am
Cyber Crisis
Stan Stahl, Ph.D., President Citadel Information Group and SecureTheVillage
Beverly Hills Rotary Club
July 22 @ 12:00 – 1:30
Registration Opens Soon
Cybersecurity for Nonprofits
Los Angeles Chamber of Commerce
July 30
Registration Opens Soon
Plain Speaking on Cybersecurity Program 2: Cyber Risk: The Cybersecurity and Cyber Privacy Legal Threat Landscape
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
August 7 @ 12:00 pm – 2:00 pm
Financial Services Cybersecurity Roundtable
August 9 @ 8:00 am – 10:00 am
Plain Speaking on Cybersecurity Program 3: SecuringTheHuman: Growing the Community
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
August 28 @ 12:00 pm – 2:00 pm
For the C-Suite: Managing Your Company’s Information Security & Privacy Risk
Culver City Chamber of Commerce
August 29 @ 8:00 am – 11:30 am
Registration Opens Soon
Webinar: SecureTheVillage September Webinar
September 5 @ 10:00 am – 11:00 am
Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18
Webinar: SecureTheVillage October Webinar
October 3 @ 10:00 am – 11:00 am
Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm