Sunday, November 20, 2016

Cyber Security News of the Week, November 20, 2016



 CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP



Individuals at Risk

Cyber Privacy

Firefox Focus: Private iOS browsing made easy: Mozilla has released Firefox Focus, an iOS app that lets you browse the Internet without having to worry who’s tracking your online activity. HelpNetSecurity, November 18, 2016
Signal encryption app sees 400 percent boost after election: The co-founder of Open Whisper Systems says installations of its app have increased four-fold since November 8. CNet, November 18, 2016
8 Public Sources Holding ‘Private’ Information: Personal information used for nefarious purposes can be found all over the web – from genealogy sites to public records and social media. DarkReading, November 17, 2016
iPhone Call History Synced to iCloud Without User Consent, Knowledge: iPhone users are being warned that their call history may be synced and stored on their iCloud account without their knowledge, making their personal phone records a target for a determined third party. ThreatPost, November 17, 2016
Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say: WASHINGTON — For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours. The New York Times, November 15, 2016
Adult FriendFinder hit with one of the biggest data breaches ever, report says: A hack against popular adult dating and entertainment company FriendFinder Networks exposed data related to more than 412 million user accounts, according to a report from breach notification site LeakedSource. The Washington Post, November 14, 2016

Cyber Update

Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine: The Drupal Security Team fixed a handful of issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service condition. ThreatPost, November 18, 2016

Cyber Warning

Powerful backdoor/rootkit found preinstalled on 3 million Android phones: Firmware that actively tries to hide itself allows attackers to install apps as root. ars technica, November 18, 2016
Meet PoisonTap, the $5 tool that ransacks password-protected computers: The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong password. ars technica, November 16, 2016

Cyber Defense

Attacks to make Ask.com Toolbar a conduit for malware are nipped in the bud: Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies. NetworkWorld, November 18, 2016
You’d likely give up sex for cybersecurity, poll finds: Could you become, as Jerry Seinfeld put it, “master of your domain” to save your web domains? CNet, November 17, 2016

Information Security Management in the Organization

Information Security Governance

NIST Releases Version of Cybersecurity Framework for Small Businesses: NIST has been working closely with the Small Business Administration on cybersecurity issues for small business since 2003. DarkReading, November 17, 2016

Cyber Defense

Retail Cybersecurity: Black Friday and Cyber Monday Are Upon Us: In the U.S., the post-Thanksgiving shopping blitz of Black Friday often serves as a make-or-break event for many retailers. Indeed, Black Friday is the day when retailers start to make a profit for the year. SecurityIntelligence, November 18, 2016
It’s a Marketing Mess! Artificial Intelligence vs Machine Learning: Artificial intelligence is a thing. No matter where you turn, technology companies are selling AI as the secret sauce in their cybersecurity platforms, their decision support systems, their network analytics tools, even their email marketing software. You name it, it’s got “AI Inside.” You’ll see that acronym AI often, as companies refer to artificial intelligence that way – which in itself is pretty vague, as you’d expect for a term that’s been bandied about for many decades and has a great number of representative branches. In our current context, AI generally refers to hardware or software that thinks, learns, and cognitively processes data the same way a human would, although presumably faster and more accurately: Think about Commander Data from Star Trek as a human-shaped role model for what AI could become someday. ITSP Magazine, November 16, 2016

Cyber Security in Society

Cyber Attack

Cloud Storage Site Mega Compromised by Hackers: Mega, the cloud storage site originally founded by Kim Dotcom, was compromised by hackers this week. Outsiders gained access to part of the site’s infrastructure and released some source code, claiming to have user details as well. Mega confirmed the hack of their seperate blog/help centre system but says that no user data was compromised. TorrentFreak, November 17, 2016

National Cyber Security

The encryption conundrum: Should tech compromise or double down?: Silicon Valley should work with the US government in Washington to arrive at a solution that gives law enforcement access to encrypted comms, but that respects individual privacy. TheRegister, November 18, 2016
With CIA choice, Trump picks a foe of Silicon Valley’s encryption stance: In his nomination of Representative Mike Pompeo to head the CIA, President-elect Donald Trump has picked someone who has supported NSA surveillance programs and has criticized Silicon Valley’s stance on encryption. PCWorld, November 18, 2016
NSA Chief Says DNC Email Leak Was Deliberate Act: Attack was a conscious effort to achieve a specific effect, Director Michael Rogers told the Wall Street Journal this week. DarkReading, November 18, 2016
Trump presidency fuels heated encryption debate: Cindy Cohn says she’s tired of having the same conversation about encryption. That might be why Cohn, the executive director of the Electronic Frontier Foundation, made frank and impassioned comments throughout a debate held Wednesday between her and Daniel Rosenthal, the former director of counterterrorism at the White House who currently works at investigative firm Kroll. CNet, November 17, 2016
Paul Rosenzweig & Shane Harris Talk About Trump & Cybersecurity w Steptoe’s Stewart Baker: We couldn’t resist. This week’s topic is of course President-elect Trump and what his election could mean for All Things Cyber. It features noted cybercommentator Paul Rosenzweig and Daily Beast reporter Shane Harris. Steptoe Cyberblog, November 14, 2016

Internet of Things

Test Driving Privacy and Cybersecurity: Regulation of Smart Cars: The modern automobile is less a mechanical device and more an intricate computer. Regulating the privacy and security risks presented by a computer on wheels has its challenges: as technologist Bruce Schneier said to the House Energy and Commerce Committee in a hearing on IoT last Wednesday, the average connected device has “crossed four regulatory agencies and it’s not even eleven o’clock.” This dynamic is particularly true in the automated vehicles context, but the issue went unexplored in the Committee’s hearing on self-driving vehicles the day prior. CDT, November 18, 2016
This security camera was infected by malware 98 seconds after it was plugged in: Here’s an object lesson on the poor state of the so-called Internet of Things: Robert Stephens plugged a Wi-Fi-connected security camera into his network and it was compromised in… 98 seconds. TechCrunch, November 18, 2016
Bruce Schneier’s House of Representatives Testimony on Role of IoT in Recent Attack: Good morning. Chairmen Walden and Burgess, Ranking Members Eshoo and Schakowsky, members of the committee: thank you for the opportunity to testify on this matter. Although I have an affiliation with both Harvard University and IBM, I am testifying in my personal capacity as a cybersecurity expert and nothing I say should be construed as the official position of either of those organizations. Schneier On Security, November 16, 2016
Congress Explores How to Bolster IoT Cybersecurity: What’s needed to bolster the security of internet of things devices to help prevent cyberattacks, such as the October botnet-driven distributed denial-of-service attack on web services provider Dyn that crippled Netflix, Twitter and many other websites? BankInfoSecurity, November 16, 2016
DHS on IoT cybersecurity: Fix it or get sued: Companies that make products for the Internet of Things must build security in at the design stage or face the possibility of getting sued, the Department of Homeland Security said in guidelines released Tuesday. cyberscoop, Novemebr 16, 2016
NIST and DHS Issue Guidelines for IoT Cybersecurity: The National Institutes of Standards and Technology on Tuesday issued comprehensive cybersecurity for internet-connected devices, stressing an engineering-based approach that builds security systems directly into Internet of Things technology. The Department of Homeland Security separately released its own cybersecurity policy for IoT devices on Tuesday, delineating six strategic principles that it believes will help stakeholders stop hackers from tampering with connected devices. MorningConsult, November 15, 2016

Cyber Research

How IBM’s Watson will change cybersecurity: IBM ventures into cognitive security, where AI systems learn to understand infosec terms and concepts well enough to reduce detection and response time. InfoWorld, November 15, 2016

 

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



SecurityRecruiter.com's Security Recruiter Blog