Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Cybersecurity News of the Week / Cybersecurity News of the Week, December 1, 2019

December 1, 2019 by Stan Stahl Ph.D.

Cybersecurity News of the Week, December 1, 2019

Individuals at Risk

Cyber Surveillance

They See You When You’re Shopping … How Sephora, Gucci, Kiehl’s and more track about 20 million online shoppers every day. (Spoiler: with cartoons.): For months you’ve been casing a Gucci shoulder bag online, adding it to your virtual cart, only to close the tab before buying it. One weekend, lounging in your pajamas, you decide to go for it, and back you go to the Gucci website. The New York Times, November 26, 2019

Cyber Danger

Beware of Thanksgiving eCard Emails Distributing Malware: With Thanksgiving being celebrated in the United States, malware distributors are sending out holiday themed emails to distribute the Emotet Trojan and other malware. BleepingComputer, November 28, 2019

Hidden Cam Above Bluetooth Pump Skimmer: Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. KrebsOnSecurity, November 28, 2019

Stop! Don’t Charge Your Phone This Way: You might want to think twice before plugging in at an airport or on the train. The New York Times, November 18, 2019

Cyber Defense

New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack … Another Reminder To Use Different Passwords on Different Accounts: Just hours after the eagerly anticipated rollout of the Disney+ streaming service, customers began complaining on social media that they were being locked out of their accounts or experiencing other disruptions in the streaming of Disney movies and shows. The initial concern was that perhaps cyber criminals had launched a massive cyber attack on the new streaming service, bringing it to its knees almost before it had even launched. However, Disney says that there is “no indication” of a security breach on Disney+, and that the source of the problem might be a so-called “credential stuffing” attack, in which hackers obtain passwords and usernames from Dark Web databases, and then use a brute force method to see if those passwords and usernames will work on new sites as well. CPO, November 29, 2019

Cyber Humor

 

Information Security Management in the Organization

Information Security Management and Governance

The top cybersecurity mistakes companies are making (and how to avoid them): There’s not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path. TechRepublic, November 26, 2019

Cybersecurity in the C-Suite

Companies Need to Rethink What Cybersecurity Leadership Is: For businesses today, cyber risk is everywhere. Yet for all the investments they’ve made to secure their systems and protect customers, companies are still struggling to make cybersecurity a vibrant, proactive part of strategy, operations, and culture. The root cause is twofold: (1) Cybersecurity is treated as a back-office job and (2) most cyber leaders are ill-equipped to exert strategic influence. Given that a cyber leader’s average tenure is just 18 months, it’s clear that something needs to change. HBR, November 27, 2019

Secure The Human

How Cybersecurity Can Forge Stronger Bonds Between Employees: Human beings are instinctively tribal. We identify with members of our own groups and often distrust, shun or even attack members of other groups. While this fact is responsible for many of the problems in the world (political polarization, for instance), there are times when group solidarity is a powerful force for good — for example, when a community comes together to address problems like crime and poverty or one family member makes a sacrifice for another. Forbes, November 27, 2019

Managing the Human Security Factor in the Age of Ransomware: Convincing employees to take security seriously takes more than awareness campaigns. ThreatPost, November 26, 2019

Cyber Insurance

The Future of Cybersecurity Insurance: Cybersecurity incidents and data breaches have become a normal part of the news cycle. It feels like every day you hear about a big corporation or organization suffering an attack that has put customer or user data in jeopardy. Sometimes this is because a security strategy was lacking; sometimes, the criminal’s attack was simply too powerful. Tripwire, November 27, 2019

Cybersecurity in Society

Cyber Privacy

Hey Congress, How’s That Privacy Bill Coming Along?: As the year winds down without any federal online privacy law to show for it, Senate Democrats introduce new legislation and a set of “privacy principles.” Wired, November 29, 2019

New US Federal Privacy Bill Gets Proposed … Consumer Online Privacy Rights Act Modeled After California Consumer Privacy Act (CCPA): U.S. Sen. Maria Cantwell (D-Washington) has introduced a federal privacy bill called the Consumer Online Privacy Rights Act, or COPRA, that could expand the rights of people when it comes to how personal data is collected, shared and used. Senators Amy Klobuchar (D-Minn.), Ed Markey (D-Mass.), and Brian Schatz (D-Hawaii) also co-sponsored the Bill. BankInfoSecurity, November 28, 2019

Data Privacy Will Be The Most Important Issue In The Next Decade: It’s been an information con job. Companies lulled us into thinking we were simply connecting with our friends, finding our way around town, or locating the perfect sweater. While we were extolling the virtues of each new digital tool and talking up the latest apps to each other, companies were building a multi-billion dollar war chest of information to use against us. As the saying goes, “you are the product.” Forbes, November 26, 2019

Cyber Crime

Ransomware: Big paydays and little chance of getting caught means boom time for crooks: File-encrypting malware is proving to be extremely lucrative for cyber attackers, who can continue large-scale ransomware campaigns – making hundreds of thousands of dollars – almost risk-free. ZDNet, November 27, 2019

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains: On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States. KrebsOnSecurity, November 26, 2019

Cyber Attack

Multiple hotels hit by targeted malware attacks: Guest credit card details could also be exposed. ITPROPortal, November 28, 2019

NYPD Fingerprint Database Taken Offline to Thwart Ransomware After Contractor Infects Network With Malware: The malware was introduced to the police network via a contractor who was installing a digital display. ThreatPost, November 25, 2019

110 Nursing Homes Cut Off from Health Records in Ransomware Attack: A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients. KrebsOnSecurity, November 23, 2019

National Cybersecurity

The Cybersecurity 202: The Sony hack ushered in a dangerous era in cyberspace: Five years ago this week, Sony Pictures Entertainment was hit with the most brazen cyberattack against a U.S. target to date. It riveted public attention, assaulted the First Amendment and prompted President Barack Obama to threaten retaliation for the first time against a cyberspace adversary. The Washington Post, November 27, 2019

It’s Way Too Easy to Get a .gov Domain Name: Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. KrebsOnSecurity, November 26, 2019

It Takes a Village

A Cause You Care About Needs Your Cybersecurity Help: By donating their security expertise, infosec professionals are supporting non-profits, advocacy groups, and communities in-need. DarkReading, November 27, 2019

Cyber Freedom

The sinister timing of deepfakes and the 2020 election: Education and legislation are needed to combat the significant threat of deepfakes. TechRepublic, November 28, 2019

Cyber Gov

States are at a crossroads when it comes to cybersecurity: A few weeks ago, I participated in a cybersecurity panel at the National Association of State Technology Directors Annual Conference. The theme of the event, “The Crossroads of Technology,” was very fitting from my perspective because it was clear that state and local government organizations are, in fact, at a major crossroads when it comes to cybersecurity. These enterprises are clearly feeling the wear-and-tear of phishing, malware, and ransomware attacks that must feel like a daily occurrence. In fact, during the conference, news broke about the state of Texas being hit with a coordinated ransomware attack that disrupted systems of 22 local governments. CyberScoop, November 27, 2019

Cyber Law

Facebook Breach Victims Can Sue For ‘Reasonable’ Security … But Judge Rules Plaintiff in 2018 Breach Case Not Eligible for Compensation: Victims of a Facebook data breach can continue a class-action lawsuit to try and force the social network to improve its security practices, a federal judge has ruled. BankInfoSecurity, November 28, 2019

Cyber Surveillance

TikTok owner ByteDance and Huawei are helping China’s campaign to repress Uighur Muslims, report finds: A new leak of highly classified Chinese government documents has uncovered the operations manual for running the mass detention camps in Xinjiang and exposed the mechanics of the region’s Orwellian system of mass surveillance and “predictive policing.” ICIJ, November 24, 2019

Internet of Things

European Cybersecurity Agency Publishes Report on Smart Car Security: The European Union Agency for Cybersecurity (ENISA) yesterday published a report on the cybersecurity of smart cars. Info Security, November 26, 2019

Filed Under: Cybersecurity News of the Week

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy