SecureTheVillage — Upcoming Conferences
Los Angeles Cyber Lab Security Summit
Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18
Cybersecure SoCal 2019. Cybersecurity is a Team Sport.
Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm
Individuals at Risk
Cyber Privacy
Second unsecured database of Facebook user phone numbers found online: The unsecured server exposes phone numbers that can be matched with Facebook accounts. CNet, September 6, 2019
Database exposed 133 million US Facebook users’ phone numbers: A researcher has stumbled on a publicly exposed database containing the telephone numbers of hundreds of millions of Facebook users. NakedSecurity, September 6, 2019
Firefox is stepping up its blocking game: Mozilla is serious about privacy—and it wants you to be, too. ars technica, September 6, 2019
THE VERGE GUIDE TO PRIVACY AND SECURITY: Privacy and security are on everyone’s minds these days — and for good reason. It sometimes seems like every week, there’s a new story about a corporate database getting hacked, releasing thousands of names, email addresses, and even Social Security numbers into the wild. Meanwhile, click on the wrong link, and your computer could send all of your personal info out for misuse. Data aggregators pull your personal information from hundreds of sites and sell it to whoever wants to pay. Your identity is in danger if the wrong people get hold of your information. And if you say something on social media that angers an aggressive group, the pile-on can affect your work, life, and emotional well-being. TheVerge, September 2019
Cyber Danger
Vulnerability lets text messages steal emails from Android phones: Devices from Samsung, LG, Huawei and Sony are affected. engadghet, September 6, 2019
5 reasons why you should never trust a free VPN: Take your privacy and security seriously enough to avoid malware, ad tracking and slow connections. CNET, September 6, 2019
IoT Security Risks: Drones, Vibrators, and Kids’ Toys Are Still Vulnerable to Hacking. In a series of experiments, researchers showed how to intercept transmissions and take control of popular Internet of Things devices: A simple project to study compromised security cameras drew a trio of researchers deep into an investigation of the security risks of today’s connected devices. After they figured out how to bypass the camera’s authentication system and access its feed, they wondered what other devices in the growing Internet of Things (IoT) might also be vulnerable to hacking. Their list—which includes drones, children’s toys, and vibrators—raises serious concerns about the security of IoT devices. IEEE, September 6, 2019
How hackers can snoop on you via your smart cameras: Connected cameras accounted for 15.2% of IoT attacks in 2018, up from 3.5% the previous year. Live Mint, September 6, 2019
Beware of creepy ‘SIM swap’ fraud that lets hackers take over your phone and steal your money: Experts have warned consumers to be on guard against “SIM swapping” when hackers move a victim’s phone number onto a mobile device that they control. Fox, September 6, 2019
600,000 GPS trackers for people and pets are using 123456 as a password: A lack of encryption and easily enumerated IDs open users to a host of creepy attacks. ars technica, September 5, 2019
Cyber Defense
Read this before allowing your kids to go anywhere near a computer: YouTube was fined $170 million for allegedly collecting children’s data. It did not admit any wrongdoing. MarketWatch, September 7, 2019
Learn how (in)secure your IoT devices are with YourThings scorecards: Researchers at the Georgia Institute of Technology are testing IoT devices for security flaws. TechRepublic, September 4, 2019
Cyber Humor
Information Security Management in the Organization
Cyber Defense
Third-Party Risks in the Digital World: Do You Know Who Else Is Coming to the Party?: Today’s retail world is increasingly interconnected, and e-commerce customers expect to shop in the digital marketplace with minimal friction. Third-party systems are a critical component of this experience and comprise a greater and greater share of customers’ interactions with our organizations. They process payments, remember preferences, showcase and deliver goods and services; they streamline the customer’s purchasing experience. The vendor and third-party system relationship brings significant benefits to customers and retail organizations. It can also pose some very real governance and security dangers with domains and code being dropped in without any approval or awareness. Today’s business leaders need to fully understand what is being added to their digital properties and by whom. Diving deeper into this analysis will help companies mitigate the risk while getting the most out of the third-party partners who should be there. CPO, September 6, 2019
Why Businesses Fail to Address DNS Security Exposures: Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It’s time to get proactive. DarkReading, September 6, 2019
DoD unveils new cybersecurity certification model for contractors. All 300,000 contractors within the DoD supply chain will have to be certified to do work with the Department of Defense: The Defense Department sees its new certification model, which it unveiled to the public this week, as a way to more quickly bring its entire industrial base up to date with best cybersecurity practices. Federal News Network, September 5, 2019
How MuleSoft patched a critical security flaw and avoided a disaster. MuleSoft deals with a sensitive security issue and sets up an example for the whole industry to follow: MuleSoft deals with a sensitive security issue and sets up an example for the whole industry to follow. ZDNet, September 1, 2019
Cyber Warning
Thousands of servers infected with new Lilocked (Lilu) ransomware: Researchers spot new ransomware targeting Linux-based servers. ZDNet, September 6, 2019
Amazon AWS Outage Shows Data in the Cloud is Not Always Safe: A recent power outage outage at an Amazon AWS data facility and the resulting data loss for some customers shows that storing data in the cloud does not mean you do not also need a backup. BleepingComputer, September 5, 2019
Cyber Update
IT departments urged to ensure Windows workstations and servers are updated as Metasploit framework publishes BlueKeep exploit on Github.: The Metasploit module isn’t as polished as the EternalBlue exploit. Still, it’s powerful. ars technica, September 6, 2019
Cyber Law
Complying with the California Consumer Privacy Act in 5 (more or less) Not So Easy Steps: Part 4 – Verified Requests for Data, : The CCPA is hurtling headlong toward implementation on January 1, 2020. The Act, which is likely to be amended, perhaps substantially, in the next sixty days, and which has no guiding regulations, continues to present a conundrum for companies faced with designing and implementing policies and procedures that need to be consumer-ready by Day 1. Robert Braun, JMBM Cybersecurity Lawyer Forum. (Robert is a member of the SecureTheVillage Leadership Council.) August 29, 2019
Cyber Talent
7 Cybersecurity Certifications That Matter in a Growing Market: Businesses have come to learn the importance of cybersecurity hygiene the hard way. Yet many of those same businesses are still ill-equipped to deal not only with the threats of today, but also the dangers of tomorrow. One of the biggest challenges faced by businesses of any size comes in the form of having the right people on staff to deal with persistent threats. Dice, September 6, 2019
Cybersecurity in Society
Cyber Privacy
The Myth of Consumer Security: The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement. Schneier on Security, August 26, 2019
Cyber Crime
Arizona School District Cancels Classes Due to Ransomware: Lack of Internet Access Could Jeopardize School Security, Official Says. BankInfoSecurity, September 6, 2019
Cyber Attack
Apple Acknowledges iOS Hacking Campaign. Disputes Google’s Account: In its first public statement since Google revealed a sophisticated attack against iOS devices, Apple defended its security measures. Wired, September 6, 2019
National Cybersecurity
China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report: When it was alleged earlier this year that secretive Chinese hacking group APT3 had used vicious NSA cyber weapons to attack U.S. allies in 2016 and 2017, there was embarrassment, surprise and consternation in equal measures. The same tools had been leaked online in 2017 by the clandestine Shadow Brokers—but, according to Symantec, APT3 had been using the NSA tools beforehand. And that left a major question unanswered—how had the Chinese stolen such dangerous cyber weapons? Forbes, September 5, 2019
Leader of new NSA Cybersecurity Directorate outlines threats, objectives: Director Anne Neuberger says her group will focus on ransomware, threats to US elections, and nation-state influence operations. CSO, September 5, 2019
Cyber Freedom
A Virtual Iowa Caucus Would Have Been A Hacking Nightmare: When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy. FiveThirtyEight, September 4, 2019
Cyber Enforcement
‘Satori’ IoT Botnet Operator Pleads Guilty: A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies. KrebOnSecurity, September 4, 2019
Cyber Sunshine
Town Avoids Paying Massive $5 Million Ransom In Cyberattack: When the city of New Bedford, Mass., was hit by a ransomware attack in July, with hackers demanding $5.3 million in bitcoin to release the city’s data, town officials tried an old law enforcement tactic to deal with hostage-takers: open dialogue and stall for time. NPR, September 6, 2019
SecureTheVillage Calendar — Register Now
Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18
Webinar: SecureTheVillage October Webinar
October 3 @ 10:00 am – 11:00 am
Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm