Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, October 20, 2019

October 20, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, October 20, 2019

SecureTheVillage – Cybersecure SoCal 2019

Great thanks to Pepperdine Graziadio’s CyRP Program, great speakers, great sponsors, great attendees for making Cybersecure SoCal 2019 a great success!!!

Secure the Village

Kudos to #CyberGuardian #AmericanBusinessBank for their Strong Support of Cybersecurity Awareness Month 2019. Own IT. Secure IT. Protect IT. Cybersecurity is everyone’s job. … American Business Bank is a strong supporter of SecureTheVillage

Individuals at Risk

Cyber Privacy

Put a stop to robocalls for good. Carriers are starting to reduce robocalls, but there are steps you can take right now: I think it’s safe to say we’ve all received a call that starts with “Hello, can you hear me?” Or how about “Congratulations! You’ve won a free trip to the Bahamas!” the moment you say hello. It’s somewhat exciting, if not confusing the first time it happens. But when you realize it’s a robocall and, ultimately, a scam, that’s when frustration sets in. CNet, October 18, 2019

We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened: I am the kind of person who posts Instagram photos (filtered, of course) from my vacation. I am also the kind of person who tweets about buying an overly-expensive piece of furniture because I fell for a sleek online ad about how it would change my life. CNN, October 18, 2019

Cyber Defense

Consumer Reports provides basic advice on ransomware protection: Imagine hackers holding your computer files hostage and then demanding money to get them back. It’s called ransomware, and as Consumer Reports found out, even IT experts can be victims. Consumer Reports, October 14, 2019

Secure The Human

How BlackBerry Used Improv Comedy To Make Cybersecurity A More ‘Human’ Topic: BlackBerry wants to make data breaches a laughing matter. Forbes, October 18, 2019

How to Tell Safe Advertisements From Dangerous Malvertising: Advertising is the life blood of the internet. Some of the world’s biggest and most influential tech companies earn a large chunk of their revenue through harmless and safe advertisements, but some of the most successful cybercriminals also rely on advertising. Security Intelligence, October 17, 2019

Know Your Enemy

When Card Shops Play Dirty, Consumers Win — Krebs on Security … Site selling stolen credit & debit cards been hacked. Indications are that the site sold 9.1 million stolen credit cards, earning $126 million over four years: Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival. KrebsOnSecurity, October 16, 2019

“BriansClub” Hack Rescues 26M Stolen Cards: “BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone. KrebsOnSecurity, October 15, 2019

Cyber Humor

Information Security Management in the Organization

Cybersecurity in the C-Suite

The forgotten ones: Ransomware preys on the resource-poor: When Brookside Medical Center was hit with ransomware, it refused to pay. The practice was forced to shutter. CIO Dive, October 18, 2019 …CitadelCanHelp

In a rare move, Moody’s says it’s paying close attention to Pitney Bowes ransomware attack. Business credit ratings agencies including Moody’s are increasingly building cybersecurity risk into how they calculate outlook and credit ratings: Moody’s issued a “credit negative” event note on the Monday ransomware attack against Pitney Bowes, one of the world’s largest providers of equipment for e-commerce and logistics, which serves 90% of businesses in the Fortune 500. CNBC, October 16, 2019

Information Security Management and Governance

The Future of Cybersecurity: Do You Know What It Holds?: Cybersecurity is a topic that everybody needs to know about, yet very few tech consumers care about it. Any business entity that uses technology to run its day-to-day operations, and individuals who store their personal information in their smartphones, must understand the importance of cybersecurity. Cases of cyber-attacks are skyrocketing, criminals are continually developing more sophisticated attack methods, and innocent tech consumers are increasingly exposing their data to hawk-eyed data thieves. This is when the question arises: Do you know what the future of cybersecurity has in store? EC-Council, October 18, 2019

New survey shows MSPs and their customers are frequent cybercrime victims: Managed service providers (MSPs) and their small-and medium-sized business (SMB) customers lack the tools and resources needed to sufficiently defend against rising cyberattacks and threats, according to Continuum. HelpNetSecurity, October 17, 2019 … CitadelCanHelp

[essay] Will the Future of Authentication Run Into a Privacy Wall?: Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space. SecurityIntelligence, October 16, 2019

[essay] What we continue to get wrong about cybersecurity: October 1 marked the start of National Cybersecurity Awareness Month. While the designation is a clever way to highlight the need for greater vigilance in how we use technology, it’s nonetheless ill-advised. Cybersecurity shouldn’t be treated as a flavor of the month. We need to focus on it every day, for a simple reason: humans pose the biggest cybersecurity threat of all. Fifth Domain, October 15, 2019

Cybersecurity Awareness Month: Increasing our self-awareness so we can improve security: With the increased prominence of cybersecurity in organizations due to many crippling cyberattacks, the emphasis is now on continual engagement, as it should be. It’s also important to address the tunnel vision that has plagued the field, and how we need to combat it before we can make it to the next level. CSO, October 15, 2019

Cyber Warning

Large-scale credit card hackers back for the holiday season, ex-FBI investigator says: Notorious cybercrime group FIN7 appears to be back at work about a year after the FBI arrested three of its members, which dealt a major blow to the group’s activities. Yahoo, October 18, 2019

Cybersecurity in Society

Cyber Privacy

US senator introduces privacy bill that would jail CEOs for user privacy violations: Sen. Ron Wyden (D-OR) announced today a new bill that introduces sweeping privacy protections for Americans’ private information. ZDNet, October 17, 2019

[essay] Americans Will Pay a Price for State Privacy Laws. The modern data economy is too big to regulate at the state level: The federal government has yet to act, and states are rushing to pass their own data privacy legislation, creating a patchwork of laws from coast to coast. Many of these laws are well-meaning, but their proliferation creates a real risk and a real cost. The New York Times, October 14, 2019

Cyber Crime

Hackers have become so sophisticated that nearly 4 billion records have been stolen from people in the last decade alone. Here are the 10 biggest data breaches of the 2010s: The past decade has seen an explosion in the number of people entrusting massive tech companies with their personal data. There has also been a rise in large-scale data breaches and hacks. Business Insider, October 18, 2019

Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m: Zappos users who had their data stolen in a 2012 data breach will receive only a meager 10% discount to use on the Zappos online store, as part of a proposed class-action lawsuit settlement. ZDNet, October 18, 2019

Cyber Espionage

The Russian hackers who hit the 2016 election have been very busy since. New tools, tactics, and techniques show Russian hackers famous for targeting Americans have been active around the world: Ever since they were one of the groups involved in the infamous hack of the Democratic National Committee in 2016, the trail has largely gone cold on the Russian intelligence hackers known as Cozy Bear. MIT Technology Review, October 17, 2019

Know Your Enemy

Sodinokibi Ransomware Gang Appears to Be Making a Killing: The Sodinokibi ransomware-as-a-service operation appears to be making a killing, with proceeds flowing both to the gang behind the malware as well as dozens of affiliates. BankInfoSecurity, October 18, 2019

National Cybersecurity

CMMC – The Cyber Compliance Standard We’ve Been Waiting For?: Is the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) the future, or just another compliance initiative in the long line of competing cyber standards across a fragmented landscape. Ariento, October 4, 2019 … Ariento’s Chris Rose serves on the SecureTheVillage Leadership Council

Cyber Freedom

Blockchain voting is vulnerable to hackers, software glitches and bad ID photos – among other problems: A developing technology called “blockchain” has gotten attention from election officials, startups and even Democratic presidential candidate Andrew Yang as a potential way to boost voter turnout and public trust in election results. The Conversation, October 18, 2019

The Cybersecurity 202: Cyber Command hacking contest aims to prep Election Day first responders: Hundreds of U.S. military and National Guard hackers will gather in Columbia, Md., today to test their mettle attacking and protecting voting systems that will be used across the Mid-Atlantic on Election Day 2020. The Washington Post, October 17, 2019

Report: Underground hackers and spies helped China steal jet secrets: Crowdstrike researchers reveal Beijing’s efforts to boost its own domestic aircraft industry. Roll Call, October 15, 2019

Cyber Law

California Attorney General Issues Proposed Regulations For California Consumer Privacy Act (CCPA): On October 11, 2019, the California Attorney General provided notice of proposed regulations concerning the California Consumer Privacy Act (CCPA), California Civil Code §§ 1798.100-1798.198. These regulations are not final and have already been criticized by some as having created confusion rather than clarity. However, businesses with existing privacy policies and procedures should consult with counsel knowledgeable about the regulations to determine whether they need to amend their privacy policies to comply with the CCPA before it goes into effect on January 1, 2020. Because the rights conferred by the European Union’s 2018 landmark General Data Protection Regulation (“GDPR”) differ in many ways from those of the CCPA, businesses should review their privacy policies even if they recently amended them to comply with the European law. Timothy Toohey, Greenberg Glusker, October 15, 2019 … Tim serves on the SecureTheVillage Leadership Council

Financial Cybersecurity

Financial crime and fraud in the age of cybersecurity – McKinsey & Company: In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself.1 Risks for banks arise from diverse factors, including vulnerabilities to fraud and financial crime inherent in automation and digitization, massive growth in transaction volumes, and the greater integration of financial systems within countries and internationally. Cybercrime and malicious hacking have also intensified. In the domain of financial crime, meanwhile, regulators continually revise rules, increasingly to account for illegal trafficking and money laundering, and governments have ratcheted up the use of economic sanctions, targeting countries, public and private entities, and even individuals. Institutions are finding that their existing approaches to fighting such crimes cannot satisfactorily handle the many threats and burdens. For this reason, leaders are transforming their operating models to obtain a holistic view of the evolving landscape of financial crime. This view becomes the starting point of efficient and effective management of fraud risk. McKinsey & Company

Critical Infrastructure

Major Airport Malware Attack Shines a Light on OT Security: A cryptomining infection spread to half of the workstations at a major international airport. ThreatPost, October 18, 2019

The Cybersecurity 202: There’s a fight brewing over Homeland Security’s push for subpoena power: The U.S. government is currently seeing warning signs of cyberattacks on industrial control systems that could cause massive financial damage or loss of life — and there’s nothing it can do to alert the companies that own them. The Washington Post, October 10, 2019

 

 

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy