Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, September 8, 2019

September 8, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, September 8, 2019

SecureTheVillage — Upcoming Conferences

Los Angeles Cyber Lab Security Summit

Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18

Cybersecure SoCal 2019. Cybersecurity is a Team Sport.

Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm

Individuals at Risk

Cyber Privacy

Second unsecured database of Facebook user phone numbers found online: The unsecured server exposes phone numbers that can be matched with Facebook accounts. CNet, September 6, 2019

Database exposed 133 million US Facebook users’ phone numbers: A researcher has stumbled on a publicly exposed database containing the telephone numbers of hundreds of millions of Facebook users. NakedSecurity, September 6, 2019

Firefox is stepping up its blocking game: Mozilla is serious about privacy—and it wants you to be, too. ars technica, September 6, 2019

THE VERGE GUIDE TO PRIVACY AND SECURITY: Privacy and security are on everyone’s minds these days — and for good reason. It sometimes seems like every week, there’s a new story about a corporate database getting hacked, releasing thousands of names, email addresses, and even Social Security numbers into the wild. Meanwhile, click on the wrong link, and your computer could send all of your personal info out for misuse. Data aggregators pull your personal information from hundreds of sites and sell it to whoever wants to pay. Your identity is in danger if the wrong people get hold of your information. And if you say something on social media that angers an aggressive group, the pile-on can affect your work, life, and emotional well-being. TheVerge, September 2019

Cyber Danger

Vulnerability lets text messages steal emails from Android phones: Devices from Samsung, LG, Huawei and Sony are affected. engadghet, September 6, 2019

5 reasons why you should never trust a free VPN: Take your privacy and security seriously enough to avoid malware, ad tracking and slow connections. CNET, September 6, 2019

IoT Security Risks: Drones, Vibrators, and Kids’ Toys Are Still Vulnerable to Hacking. In a series of experiments, researchers showed how to intercept transmissions and take control of popular Internet of Things devices: A simple project to study compromised security cameras drew a trio of researchers deep into an investigation of the security risks of today’s connected devices. After they figured out how to bypass the camera’s authentication system and access its feed, they wondered what other devices in the growing Internet of Things (IoT) might also be vulnerable to hacking. Their list—which includes drones, children’s toys, and vibrators—raises serious concerns about the security of IoT devices. IEEE, September 6, 2019

How hackers can snoop on you via your smart cameras: Connected cameras accounted for 15.2% of IoT attacks in 2018, up from 3.5% the previous year. Live Mint, September 6, 2019

Beware of creepy ‘SIM swap’ fraud that lets hackers take over your phone and steal your money: Experts have warned consumers to be on guard against “SIM swapping” when hackers move a victim’s phone number onto a mobile device that they control. Fox, September 6, 2019

600,000 GPS trackers for people and pets are using 123456 as a password: A lack of encryption and easily enumerated IDs open users to a host of creepy attacks. ars technica, September 5, 2019

Cyber Defense

Read this before allowing your kids to go anywhere near a computer: YouTube was fined $170 million for allegedly collecting children’s data. It did not admit any wrongdoing. MarketWatch, September 7, 2019

Learn how (in)secure your IoT devices are with YourThings scorecards: Researchers at the Georgia Institute of Technology are testing IoT devices for security flaws. TechRepublic, September 4, 2019

Cyber Humor

Information Security Management in the Organization

Cyber Defense

Third-Party Risks in the Digital World: Do You Know Who Else Is Coming to the Party?: Today’s retail world is increasingly interconnected, and e-commerce customers expect to shop in the digital marketplace with minimal friction. Third-party systems are a critical component of this experience and comprise a greater and greater share of customers’ interactions with our organizations. They process payments, remember preferences, showcase and deliver goods and services; they streamline the customer’s purchasing experience. The vendor and third-party system relationship brings significant benefits to customers and retail organizations. It can also pose some very real governance and security dangers with domains and code being dropped in without any approval or awareness. Today’s business leaders need to fully understand what is being added to their digital properties and by whom. Diving deeper into this analysis will help companies mitigate the risk while getting the most out of the third-party partners who should be there. CPO, September 6, 2019

Why Businesses Fail to Address DNS Security Exposures: Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It’s time to get proactive. DarkReading, September 6, 2019

DoD unveils new cybersecurity certification model for contractors. All 300,000 contractors within the DoD supply chain will have to be certified to do work with the Department of Defense: The Defense Department sees its new certification model, which it unveiled to the public this week, as a way to more quickly bring its entire industrial base up to date with best cybersecurity practices. Federal News Network, September 5, 2019

How MuleSoft patched a critical security flaw and avoided a disaster. MuleSoft deals with a sensitive security issue and sets up an example for the whole industry to follow: MuleSoft deals with a sensitive security issue and sets up an example for the whole industry to follow. ZDNet, September 1, 2019

Cyber Warning

Thousands of servers infected with new Lilocked (Lilu) ransomware: Researchers spot new ransomware targeting Linux-based servers. ZDNet, September 6, 2019

Amazon AWS Outage Shows Data in the Cloud is Not Always Safe: A recent power outage outage at an Amazon AWS data facility and the resulting data loss for some customers shows that storing data in the cloud does not mean you do not also need a backup. BleepingComputer, September 5, 2019

Cyber Update

IT departments urged to ensure Windows workstations and servers are updated as Metasploit framework publishes BlueKeep exploit on Github.: The Metasploit module isn’t as polished as the EternalBlue exploit. Still, it’s powerful. ars technica, September 6, 2019

Cyber Law

Complying with the California Consumer Privacy Act in 5 (more or less) Not So Easy Steps: Part 4 – Verified Requests for Data, : The CCPA is hurtling headlong toward implementation on January 1, 2020. The Act, which is likely to be amended, perhaps substantially, in the next sixty days, and which has no guiding regulations, continues to present a conundrum for companies faced with designing and implementing policies and procedures that need to be consumer-ready by Day 1. Robert Braun, JMBM Cybersecurity Lawyer Forum. (Robert is a member of the SecureTheVillage Leadership Council.) August 29, 2019

Cyber Talent

7 Cybersecurity Certifications That Matter in a Growing Market: Businesses have come to learn the importance of cybersecurity hygiene the hard way. Yet many of those same businesses are still ill-equipped to deal not only with the threats of today, but also the dangers of tomorrow. One of the biggest challenges faced by businesses of any size comes in the form of having the right people on staff to deal with persistent threats. Dice, September 6, 2019

Cybersecurity in Society

Cyber Privacy

The Myth of Consumer Security: The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement. Schneier on Security, August 26, 2019

Cyber Crime

Arizona School District Cancels Classes Due to Ransomware: Lack of Internet Access Could Jeopardize School Security, Official Says. BankInfoSecurity, September 6, 2019

Cyber Attack

Apple Acknowledges iOS Hacking Campaign. Disputes Google’s Account: In its first public statement since Google revealed a sophisticated attack against iOS devices, Apple defended its security measures. Wired, September 6, 2019

National Cybersecurity

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report: When it was alleged earlier this year that secretive Chinese hacking group APT3 had used vicious NSA cyber weapons to attack U.S. allies in 2016 and 2017, there was embarrassment, surprise and consternation in equal measures. The same tools had been leaked online in 2017 by the clandestine Shadow Brokers—but, according to Symantec, APT3 had been using the NSA tools beforehand. And that left a major question unanswered—how had the Chinese stolen such dangerous cyber weapons? Forbes, September 5, 2019

Leader of new NSA Cybersecurity Directorate outlines threats, objectives: Director Anne Neuberger says her group will focus on ransomware, threats to US elections, and nation-state influence operations. CSO, September 5, 2019

Cyber Freedom

A Virtual Iowa Caucus Would Have Been A Hacking Nightmare: When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy. FiveThirtyEight, September 4, 2019

Cyber Enforcement

‘Satori’ IoT Botnet Operator Pleads Guilty: A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies. KrebOnSecurity, September 4, 2019

Cyber Sunshine

Town Avoids Paying Massive $5 Million Ransom In Cyberattack: When the city of New Bedford, Mass., was hit by a ransomware attack in July, with hackers demanding $5.3 million in bitcoin to release the city’s data, town officials tried an old law enforcement tactic to deal with hostage-takers: open dialogue and stall for time. NPR, September 6, 2019

SecureTheVillage Calendar — Register Now

Security Summit 2019 … Connecting the Community
Los Angeles Cyber Lab
September 17 – 18

Webinar: SecureTheVillage October Webinar
October 3 @ 10:00 am – 11:00 am

Cybersecure SoCal 2019 Cybersecurity is a Team Sport!
… a joint presentation of SecureTheVillage and the Pepperdine Graziadio Business School’s CyRP Program
Keynote Speaker: Ron Ross, Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management.
October 17 8:00 am – 3:30 pm

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy