Monday, June 27, 2016

Cybersecurity News for the Week of June 26, 2016

CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Individuals at Risk

Identity Theft

154 million US voter records exposed following hack: MacKeeper security researcher Chris Vickery has discovered yet another database containing voter profiles of US citizens, accessible to anyone who stumbled upon it or knew where to look. HelpNetSecurity, June 23, 2016
International identity-theft ring victimized hundreds, including Hollywood actress, authorities say: Federal agents said they have uncovered a massive international identity-theft scheme that victimized at least hundreds and maybe thousands of people, including an actress who appeared in the television shows “Smallville” and “Supergirl.” The Washington Post, June 17, 2016
Acer security breach exposes data of 34,500 online shoppers: Computer maker Acer recently revealed to California’s Attorney General (AG) that hackers broke into the company’s online store and grabbed sensitive customer data. The leaked data includes information such as customer names, addresses, and credit card numbers including expiry dates and three-digit CVC security codes. The hack affects 34,500 customers based in the United States, Canada, and Puerto Rico, as first reported by ZDNet, which Acer later confirmed to PCWorld. ComputerWorld, June 20, 2016

Cyber Privacy

US district judge rules FBI doesn’t need a warrant to query a suspect’s computer: A senior US district judge has decided that the warrant authorizing the search of a suspect’s home computer by the FBI was issued based of probable cause, but even if it wasn’t, it wouldn’t matter, “because the Government did not need a warrant to capture Defendant’s IP address,” and did not need it to extract additional information from his computer. HelpNetSecurity, June 24, 2016
Firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users: A mobile advertising company that tracked the locations of hundreds of millions of consumers without consent has agreed to pay $950,000 (£640,000) in civil penalties and implement a privacy program to settle charges that it violated federal law. ars technica, June 22, 2016

Cyber Danger

This Android malware can secretly root your phone and install programs: Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs. PCWorld, June 22, 2016

Cyber Update

Carbonite resets user passwords to protect against password reuse attack: If you’re a user of online backup service Carbonite, you’re getting a new password. Don’t make it one you’ve used somewhere before. TheRegister, June 22, 2016
Apple fixes memory corruption vulnerability in AirPort product line: Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products. SCMagazine, June 21, 2016
Citing Attack, GoToMyPC Resets All Passwords: GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites. KrebsOnSecurity, June 20, 2016

Cyber Defense

Apple Safari blocks outdated versions of Adobe Flash on MAC OS X devices: Mac OS X users with the Flash plug-in installed in Safari will need to make sure they’re running the latest version. CNet, June 21, 2016

Information Security Management in the Organization

Information Security Governance

Cybercriminals Prey on Smaller Firms as Larger Targets Harden Security: A tech startup in the New York area was flying high after a big funding round. The cash landed in the company’s bank account, but then disaster struck: Cyber criminals had heard about the funding round too, and decided to steal the money. Fortune, June 23, 2016
Cybersecurity Efforts Require Individualized Planning and Execution: As cybersecurity risks have increased world-wide, both the SEC and the NFA have dictated that hedge funds and private equity funds have a plan to assess, manage and address risks and incidents. The security threat to private funds is real for all types of funds, big and small, complex and simple. However, cybersecurity planning for this group must be individualized to a great extent due to the wide range of IT configurations that exist. This article will discuss the required elements of cybersecurity planning as they relate to a variety of typical private funds, including hedge funds and private equity funds. Forbes, June 21, 2016

Cyber Awareness

Training? What training? Workers’ lack of cybersecurity awareness is putting the business at risk: Human error is responsible for the worst data breaches and, because of a lack of cybersecurity awareness, organisations are risking their reputation, customer trust, and potentially their bottom lines when employees mishandle data. ZDNet, March 7, 2016
Cyber Security Awareness Campaigns: Why do they fail to change behaviour?: The present paper focuses on Security Awareness Campaigns, trying to identify factors which potentially lead to failure of these in changing the information security behaviours of consumers and employees. GLobal CYber Security Capacity Centre, July 2014

Cyber Crime

Backups not available. NASCAR team pays cybercriminal to unlock critical data after ransomware attack: NASCAR, America’s favorite no-right-turn racing format, has joined the growing ranks of people hit by, and paying out to fix, ransomware. TheRegister, June 24, 2016
Bitcoin rival Ethereum fights for its survival after $50 million heist: Imagine a $50 million diamond heist that isn’t investigated by any police body, and more than four days later, the broken vault that made the whole thing possible remains unfixed and suffers follow-on attacks by a group of marauding copycats. In essence, that’s what’s happening to an elite group of investors holding Bitcoin rival Ethereum, and the events threaten the very survival of the fledgling cryptocurrency. ars technica, June 21, 2016

Cyber Warning

Rise of Darknet Stokes Fear of The Rogue Insider: With the proliferation of shadowy black markets on the so-called “darknet” — hidden crime bazaars that can only be accessed through special software that obscures one’s true location online — it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders. KrebsOnSecurity, June 22, 2016
Crypto Ransomware Drives 20% Infection Rate Increase: Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found. DarkReading, June 22, 2016

Cyber Defense

How To Lock Down So Ransomware Doesn’t Lock You Out: Ransomware has mutated into many different forms – and it’s not always easy to catch them all, but here are some things you can do. DarkReading, June 22, 2016
Tor onion hardening will be tear-inducing for feds: The University of California wants to defeat deanonymisation with a hardened version of the Tor browser. The Register, June 23, 2016

Cyber Insurance

Grandpoint Bank Teams with LBW Insurance to Sell Hiscox Cyber Insurance to Its Business Customers: Los Angeles-based Grandpoint Bank is now selling cyber insurance policies to its business customers to provide coverage for wire-transfer and cyber fraud. InsuranceJournal, June 22, 2016

Cyber Security in Society

Cyber Attack

Clinton Foundation Said to Be Breached by Russian Hackers: The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the U.S. political apparatus ahead of the November election, according to three people familiar with the matter. Bloomberg, June 21, 2016

Cyber Espionage

Why Russian hackers, not a lone wolf, were likely behind the DNC breach: Proving who pulled off a cyber attack is never easy and sometimes impossible. That’s the reality investigators face as they try to figure out who breached the network of the Democratic National Committee, which revealed last week that hackers had made off with confidential documents including research on Republican presidential opponent Donald Trump. PCWorld, June 23, 2016
Kremlin-linked hackers breached Democratic Party networks, say cybersecurity experts: Multiple cybersecurity firms analysing malware samples collected from the recent hack at the Democratic National Committee (DNC) have found evidence backing up assertions that Russian state-sponsored hackers were responsible for the politically-motivated cyberattack. IBTimes, June 21, 2016

National Cyber Security

Chinese Curb Cyberattacks on U.S. Interests, Report Finds: WASHINGTON — Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets. The Washington Post, June 20, 2016

Cyber Law

The ‘Right to Be Forgotten’ and Other Cyberlaw Cases Go to Court: “The law can’t be right if it’s 50 years old. Like, it’s before the internet.” The quote is from a speech Larry Page made at a Google developers conference in 2013, and it’s a fair summary of how technology companies have traditionally viewed the legal system. Regulations can’t keep pace with technological change, so opt for forgiveness over permission. If your idea is successful, you’ll be able to defend it by the time authorities tell you to stop. Bloomberg, June 23, 2016

Financial Cyber Security

Fed weighs enhanced security scrutiny on transfers after $81M cyberheist: The Federal Reserve is considering “enhanced monitoring” for certain kinds of transactions, after hackers stole $81 million from the Bangladesh central bank’s account at the New York branch, Fed chairman Janet Yellen told lawmakers Wednesday. TheHill, June 22, 2016

Internet of Things

‘Smart’ Building Industry Mulls Cybersecurity Challenges: New ‘attraction and curiosity’ for infosec at the Intelligent Buildings Conference this week. DarkReading, June 23, 2016
New Technology May Help Your Car Learn to Recognize Hackers: New software protects autos against hackers by figuring out what normal Internet traffic should look like. MIT Technology Review, June 21, 2016

Cyber Sunshine

Suspect in identity theft scheme allegedly targeted former FBI director: Criminal charges against a 35-year-old Filipino who allegedly targeted former FBI Director Robert Mueller and other high-profile victims were unsealed Friday in what federal prosecutors in New Jersey called a sophisticated identity theft scheme. nj.com, June 24, 2016

Secure the Village

GO-Biz to Host Cyber Innovation Challenge for High School Students – 6/29, Sacramento: As part of California’s continued leadership in cybersecurity, the Governor’s Office of Business and Economic Development (GO-Biz) is hosting the first-ever California Cyber Innovation Challenge (CCIC) at Sacramento City College. In this demonstration event, eight teams of high school students will complete a series of timed cybersecurity challenges, defend the integrity of computer networks and crack complex codes. California Governors Office, Event Date: June 29, 2016
PIHRA Woodland Hills – Protect One of Your Company’s Most Valuable Assets: Information – July 21: Join Citadel’s Kimberly Pease, Secure the Village’s Sandra Lollino and an all-star panel as they discuss cyberattacks and data breaches, how they can affect employees at all levels of the company, the potential impact of data breaches and what to do if it happens to you. In the age of information, companies are more and more vulnerable to hacking, cyber breaches, Internet fraud and identity theft, just to name a few. Did you know that cybercrime affects organizations of all sizes? Criminals are after W2s, medical records, as well as employee and customer personal data. Did you know a reported 80% of data breaches are preventable? Is YOUR workplace protected? Do you have plans, policies, and training for your employees in place so that you could handle a possible breach? PIHRA, Event Date: July 21, 2016
Information Security for CPAs, Clients, & Professionals, Dr. Stan Stahl, CalCPABakersfield, July 28: Citadel and Secure the Village President Stan Stahl discusses information security management strategies and tactics for busineses. Cybercrime costs businesses and non-profits billions of dollars annually in theft, fraud, embezzlement and other losses. While breaches of high-profile targets like Sony, Anthem, Target and JPMorgan Chase make the news, it’s small and medium-sized organizations that are most at risk. Statistics show that 30% of cybercrime victims are small organizations and that 60% of them go out-of-business within 6 months of being attacked. Other statistics show that as many as 80% of these crimes did not need to happen. CalCPA, Event Date: July 28, 2016
Cisco Intros $10 Million Global Cyber Security Scholarship Program: Cisco recently announced plans to invest $10 million in a two-year Global Cybersecurity Scholarship program in an effort to increase the pool of available talent with proficiency in cyber security. eSecurity Planet, June 17, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog