Thursday, July 21, 2016

Cybersecurity News for the Week of July 17, 2016

 

 

CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Individuals at Risk

Cyber Update

Microsoft Update Doesn’t Quite Fix Decades-Old Printer Bug in Windows; Will Warn Users Who Can Say No: Printers. They can be the bane of every home office or small business, but not just when they jam or run out of paper or toner. They can also spread malware to systems connected to them. PCMagazine, July 14, 2016
Adobe, Microsoft Patch Critical Security Bugs: Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software. KrebsOnSecurity, July 13, 2016

Cyber Warning

Pokemon Go – Unofficial versions contain Trojans that silently click on porn ads you don’t even see: Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. TheRegister, July 15, 2016
‘Pokemon GO’ Malware Latest News & Update: Avoid Pirated Versions and Wait For Official Game Release: News headlines have been filled with “Pokemon Go” related bits but mostly for all the wrong reasons. With the game released only to the Australia, New Zealand and the U.S., gamers from other regions have resorted to alternative but risky measures by trying to get hold of a copy from unofficial sites. GAMEnGuide, July 15, 2016

Cyber Defense

Two-factor authentication (2FA): why you should care: Online security can feel a bit like an arms race sometimes, and it may seem like there’s always something new to keep track of. But many of the more tried-and-true security principles and methods have been around for a while, they just take a while to become more mainstream. NakedSecurity, June 27, 2016

Information Security Management in the Organization

Information Security Governance

What SMBs Need To Know About Security But Are Afraid To Ask: A comprehensive set of new payment protection resources from the PCI Security Standards Council aims to help small- and medium-sized businesses make security a priority. DarkReading, July 14, 2016
The Value of a Hacked Company: Most organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised. KrebsOnSecurity, July 14, 2016
The Information Security Leader, Part 2: Two Distinct Roles of a CISO: In the original “Star Trek” television series, second officer and chief engineer Montgomery “Scotty” Scott was invaluable to the mission of the Starship Enterprise — not only down in the engine room getting his hands dirty, but also up on the bridge as a senior officer supporting Captain Kirk. SecurityIntellegence, July 12, 2016

Cyber Defense

Gartner: Cybersecurity control a concern for digital businesses: Digitization requires big changes to companies’ strategic processes, and security is no different: In a recent report, Gartner predicts that 60% of digital businesses will experience major service failures by 2020 due to the inefficacy of their IT security teams to handle digital risks. SearchCompliance, July 15, 2016
Key Measures to Prevent, Recover from Ransomware: Ransomware is, of course, malicious software that can do terrible harm your company. Biz Coach Terry Corbell Cites Citadel’s Kimberly Pease. The Biz Coach, July 10, 2016

Cyber Update

CISCO PATCHES DOS FLAW IN NCS 6000 ROUTERS: Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers. ThreatPost, July 14, 2016
Crypto flaw made it easy for attackers to snoop on Juniper customers: As if people didn’t already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers’ virtual private networks. ars technica, July 14, 2016

Cyber Security in Society

Cyber Crime

More Than $2 Million Stolen by Hackers in Taiwan ATM Heist: Three people, including a Russian national, stole 70 million Taiwan dollars ($A2.9 million) from 34 ATMs in Taiwan at the weekend. TechWorm, July 15, 2016
Cybercrime Overtakes Traditional Crime in UK: In a notable sign of the times, cybercrime has now surpassed all other forms of crime in the United Kingdom, the nation’s National Crime Agency (NCA) warned in a new report. It remains unclear how closely the rest of the world tracks the U.K.’s experience, but the report reminds readers that the problem is likely far worse than the numbers suggest, noting that cybercrime is vastly under-reported by victims. KrebsOnSecurity, July 15, 2016
Omni Hotels was hit by point-of-sale malware: Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information. Computerworld, July 11, 2016

Cyber Underworld

For Sale on Dark Web: Source Code Allegedly Stolen From Large Healthcare Software Developer: “The Dark Overlord,” a hacker who has been attempting to sell batches of personal and medical records supposedly stolen from U.S. healthcare organizations, is claiming a new victim: a large healthcare software developer (see Here’s How a Hacker Extorts a Clinic). BankInfoSecurity, July 14, 2016
DIRT CHEAP STAMPADO RANSOMWARE SELLS ON DARK WEB FOR $39: Dirt cheap ransomware selling for as little as $39 on the dark web has security experts concerned the low price coupled with its potency could trigger a wave of new infections. ThreatPost, July 14, 2016

Cyber Law

Microsoft wins landmark appeal over seizure of foreign emails: A federal appeals court on Thursday said the U.S. government cannot force Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States. Reuters, July 14, 2016
Europe’s New Privacy Shield to Replace Safe Harbor; Will US Mass Surveillance Practices Derail It?: Businesses on both sides of the Atlantic have been breathing a sigh of relief over the July 12 launch of the EU-U.S. data transfer agreement known as the Privacy Shield. BankInfoSecurity, July 13, 2016

Cyber Gov

China suspected in FDIC breach; Agency CIO accused of covering it up amidst systemic mismanagement. A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015. ars technica, July 13, 2016

Cyber Politics

Cybersecurity Not Stand-Alone Issue in Trump v. Clinton: July 14 —Donald Trump and Hillary Clinton are unlikely to make cybersecurity a centerpiece of their campaigns and probably won’t mention the issue during the party conventions. Bloomberg, July 14, 2016

Financial Cyber Security

Card fraud now hits nearly one third of consumers worldwide: Imagine folded, chopped, and mutilated plastic up to the sky: that’s the pile being generated by cardholder fraud these days. NakedSecurity, July 15, 2016

HIPAA

OCR Enforcement Action Against Business Associate for HIPAA Security Violations Includes $650,000 Payment: Despite the fact that Business Associates have been directly subject to and liable under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) since February 18, 2010 1 the Department of Health & Human Services, Office for Civil Rights (OCR), announced June 30 that it has entered into its first resolution agreement with a HIPAA Business Associate – sending a clear message that OCR is holding Business Associates accountable and expects these entities to understand and comply with their HIPAA obligations. NationalReview, July 13, 2016
HHS: Healthcare groups must report all ransomware attacks: The Federal Health and Human Services Department (HHS) issued guidelines this week that could require hospitals and doctor offices to notify HHS if they are victimized by a ransomware attack. SCMagazine, July 14, 2016

Cyber Research

ACADEMICS BUILD EARLY-WARNING RANSOMWARE DETECTION SYSTEM: While most of the discussion around ransomware is rightly so about the unabated stampede of new strains and variations on existing samples, relatively little discourse focuses on detection beyond antivirus and intrusion prevention systems. ThreatPost, July 14, 2016

Cyber Miscellany

Why You Should Believe in the Digital Afterlife: A professor of neuroscience says it will one day be possible to live on in a computer after death. The Atlantic, July 14, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog