Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, July 7, 2019

July 7, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, July 7, 2019

SecureTheVillage

Plain Speaking on Cybersecurity: A FREE Expert Panel Summertime Lunch Series from SecureTheVillage and the Los Angeles Cyber Lab.

July 24: Cyber Risk: The Cybercriminal Threat Landscape

August 7: Cyber Risk: The Cybersecurity and Cyber Privacy Legal Threat Landscape

August 28: SecuringTheHuman: Growing the Community

All events: 12:00 – 2:00. DTLA at the Law Offices of Buchalter. Lunch included.

Individuals at Risk

Cyber Update

Cyber Command warns of new attacks and malware potentially linked to Iran … Users told to make sure Outlook is updated and patched: United States Cyber Command issued a warning Tuesday about hackers using a security flaw in Microsoft’s Outlook email program, while also uploading new malware to an archive used by cybersecurity researchers that one expert believes is connected to an infamous Iranian attack. Axios, July 2, 2019

Cyber Warning

Popular cloud storage app hides a rather nasty surprise: 4shared app delivers invisible ads and incurs unwanted charges on mobile devices. TechRadar, July 4, 2019

Cyber Privacy

Amazon Admits Alexa Voice Recordings Saved Indefinitely: Amazon’s acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again. Threatpost, July 3, 2019

Know Your Enemy

Robocalls are not only annoying — there’s an entire dirty industry behind them, FTC reveals: The Federal Trade Commission announced last week a crackdown on robocallers, giving one of the clearest pictures yet of the people and organizations behind the avalanche of nuisance phone calls to consumers. CNBC, July 5, 2019

Cyber Humor

Information Security Management in the Organization

Information Security Management and Governance

THE BIGGEST CYBERSECURITY CRISES OF 2019 SO FAR: SIX MONTHS OF 2019 are on the books already, and certainly there have been six months’ worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide. Wired, July 5, 2019

11 Eye Opening Cyber Security Statistics for 2019: Invented in 1989, the World Wide Web is home to around 2 billion websites today. This unimaginable expansion has brought the world closer and shrunk it into a small global village. The internet is responsible for fast forwarding the world’s technological progress and advancing us hundreds of years ahead. CSO, June 25, 2019

NTT Security’s Risk:Value 2019 Report Reveals That UK [and U.S.] Organizations Are Failing To Implement Cybersecurity Best Practice: UK organizations are failing to make progress towards strong cybersecurity and are facing paralysis as cybercriminals become more advanced. This is the conclusion drawn from the findings of the 2019 Risk:Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialized security company and center of excellence in security for NTT Group. SecurityInformed, June 27, 2019

Mobile Security Versus Desktop and Laptop Security: Is There Even a Difference Anymore? Do you remember your first mobile phone, and the newfound feelings of connectedness and convenience that came with it? SecurityIntelligence, April 19, 2019

Cybersecurity in the C-Suite

Cyber Diligence: Study Reveals Cybersecurity Concerns are Becoming a Critical Factor in M&A Due Diligence: Unreported data breaches have disrupted several major M&A deals in recent years, such as Marriott International’s merger with the Starwood hotel chain. The growing list of cautionary (and costly) tales appears to be making an impression in the M&A space, as a recent study of IT professionals and business executives by Forescout Technologies has found. The National Law Review, July 3, 2019

Cyber Defense

Of mice and malware: Some of the most important training I got for a career in computer security research was not from a computer-related class, but in a biology class. While these two disciplines may seem entirely unrelated, the skills that are needed in both cases can have some interesting overlap. CSO, July 3, 2019

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers: It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. KrebsOnSecurity, July 28, 2019

Cybersecurity in Society

Cyber Surveillance

Due to weak oversight, we don’t really know how tech companies are using facial recognition data: The recent hack of a U.S. Customs and Border Protection subcontractor’s database confirmed fears that biometric data—such as photo IDs and fingerprints—are vulnerable to hacking. FastCompany, July 5, 2019

Biased and wrong? Facial recognition tech in the dock: Police and security forces around the world are testing out automated facial recognition systems as a way of identifying criminals and terrorists. But how accurate is the technology and how easily could it and the artificial intelligence (AI) it is powered by – become tools of oppression? BBC, July 5, 2019

Cyber Defense

What is the CISA? How the new federal agency protects critical infrastructure from cyber threats: The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation’s critical infrastructure. CSO, July 1, 2019

iCloud goes down: Apple joins the Google, Facebook, Cloudflare cloud outage club: What’s going on? It’s cloud outage month, and there’s nothing users can do about it. ZDNet, July 5, 2019

THE INFRASTRUCTURE MESS CAUSING COUNTLESS INTERNET OUTAGES: IN A WEEKS-LONG stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world—including the internet infrastructure firm Cloudflare—experienced hours of outages. These incidents may sound different, but they actually all resulted from problems—some accidental, some malicious—with a fundamental internet routing system called the Border Gateway Protocol. Wired, June 29, 2019

National Cybersecurity

What the debate over ransomware attacks on local and state governments is missing: The impact of ransomware attacks against state and local governments continues to make headlines. High-profile attacks against Atlanta, Baltimore and now Riviera Beach, Lake City and Key Biscayne in Florida expose the challenges governors, mayors and local leaders confront in deciding whether to pay a ransom to cyber criminals to regain control of their data. The Hill, July 5, 2019

The U.S. Unleashes Its Cyberweapons: In late June, an Iranian missile knocked a U.S. unmanned aerial vehicle (UAV) on a reconnaissance mission out of the sky and into the Gulf of Oman. The shootdown sent ripples of concern throughout the Persian Gulf that the incident could lead both countries down a path to greater conflict. But the U.S. military response barely made a splash. That’s because instead of a conventional airstrike against Iranian forces, the U.S. response came in the form of a cyberattack targeting missile command and control systems of the Islamic Revolutionary Guard Corps. Stratfor, July 5, 2019

Hacker Heaven: Huawei’s Hidden Back Doors Found: WASHINGTON: In a world where Chinese hackers steal everything from F-35 schematics to federal personnel files, why should we worry about Huawei? Because, cybersecurity experts explain, network routers, surveillance cameras and other widely sold devices from Huawei, Dahua, and other Chinese firms are riddled with vulnerabilities — flaws that are easy for attackers to exploit but hard for defenders to find, because they’re buried deep in what’s known as firmware. BreakingDefense, July 5, 2019

Military satellites are still worryingly vulnerable to cyberattack: A new report says hackers could wreak havoc by interfering with space-based communications and navigation services that NATO armies rely on. MIT Technology Review, July 2, 2019

Researchers crack open Facebook campaign that pushed malware for years: Researchers have exposed a network of Facebook accounts that used Libya-themed news and topics to push malware to tens of thousands of people over a five-year span. ars technica, July 1, 2019

Cyber Law

In California, It’s Now Illegal For Some Bots to Pretend to Be Human: The transparency law is the first of its kind in the U.S. and could serve as a template for future efforts to make it clear who’s real and who’s not online. DailyBeast, July 5, 2019

CCPA Update: Employee Exemption Bill Amended in Senate Committee: California legislators are tweaking language in a proposal to exclude employee or job applicant data from the State’s landmark privacy law slated to take effect in January. JDSupra, July 3, 2019

Maine And Nevada Sign Into Law Consumer Privacy Laws: The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals on the state level, and started a shift in the consumer privacy law landscape. Many of these proposals end up dying somewhere along the rigorous legislative process, but in the last few weeks both Maine and Nevada signed into law bills that, although much more narrow than the CCPA, certainly bear resemblance. JDSupra, July 3, 2019.

Cyber Regulation

D-Link agrees to 10 years of security audits to settle FTC case: After years of litigation and countless security issues, D-Link has settled its case with the Federal Trade Commission over poor security practices. Under the terms of the settlement, the company has agreed to implement a comprehensive security program for its routers and webcams, including third-party security audits every two years until 2030. The company is also required to check for security vulnerabilities before releasing a product, actively monitor for vulnerabilities once a product is released, and accept reports from third-party security researchers. The Verge, July 4, 2019

Internet of Things

Why are they “smart” locks if more money buys you less security?: We’ve written about so-called digital padlocks before, usually not very enthusiastically. NakedSecurity, July 4, 2019

Cyber Enforcement

Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison: Six years later, DerpTrolling, the hacker who started all the Christmas DDoS attacks, gets prison time. ZDNet, July 4, 2019

Cyber Miscellany

Bitcoin eats as much energy as Switzerland: Bitcoin is eating up about seven gigawatts per year, according to a new tool from University of Cambridge’s Centre for Alternative Finance, called the Cambridge Bitcoin Electricity Consumption Index (CBECI). NakedSecurity, July 5, 2019

SecureTheVillage Calendar — Register Now

LA Management of an Accounting Practice (MAP): Future of Public Accounting: Cyber Security & Technology Became Game Changers– a Dynamic Panel Discussion | G2190719
July 10 @ 12:00 pm – 2:00 pm

Plain Speaking on Cybersecurity Program 1: Cyber Risk: The Cybercriminal Threat Landscape
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
July 24 @ 12:00 pm – 2:00 pm

Webinar: SecureTheVillage July Webinar: Cyber Risk Management
Panelists: Howard Miller, Charla Griffy-Brown
July 25 @ 10:00 am – 11:00 am

Cyber Crisis 
Stan Stahl, Ph.D., President Citadel Information Group and SecureTheVillage
Beverly Hills Rotary Club
July 22 @ 12:00 – 1:30
Registration Opens Soon

Cybersecurity for Nonprofits
Los Angeles Chamber of Commerce
July 30
Registration Opens Soon

Plain Speaking on Cybersecurity Program 2: Cyber Risk: The Cybersecurity and Cyber Privacy Legal Threat Landscape
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
August 7 @ 12:00 pm – 2:00 pm

Financial Services Cybersecurity Roundtable
August 9 @ 8:00 am – 10:00 am

Plain Speaking on Cybersecurity Program 3: SecuringTheHuman: Growing the Community
Los Angeles Cyber Lab / SecureTheVillage Summertime Lunch Series
August 28 @ 12:00 pm – 2:00 pm

For the C-Suite: Managing Your Company’s Information Security & Privacy Risk
Culver City Chamber of Commerce
August 29 @ 8:00 am – 11:30 am
Registration Opens Soon

Webinar: SecureTheVillage September Webinar
September 5 @ 10:00 am – 11:00 am

Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18

Webinar: SecureTheVillage October Webinar
October 3 @ 10:00 am – 11:00 am

Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy