Monday, November 28, 2016

Cyber Security News of the Week, November 27, 2016


CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP



Individuals at Risk

Identity Theft

Michigan State University confirms data breach of server containing 400,000 student, staff records: Michigan State University is confirming that someone breached a database containing 4000 student records. WXYZ, November 18, 2016

Cyber Privacy

Navy Reports Data Breach After HP Laptop Compromised: The US Navy is warning more than 130,000 sailors of a data breach, after a laptop belonging to an employee of Navy contractor Hewlett Packard Enterprise Co. was compromised. Navy officials have determined that sensitive information, including the names and social security numbers of both current and former sailors, were accessed by unknown individuals. IT security experts from Alert Logic and Apricorn commented below. InformationSecurityBuzz, November 25, 2016
UBER PORTAL LEAKED NAMES, PHONE NUMBERS, EMAIL ADDRESSES, UNIQUE IDENTIFIERS: A series of vulnerabilities in UberCENTRAL, a portal Uber started during the summer to help businesses facilitate rides for customers, could have leaked the names, phone numbers, email addresses, and unique ID of all Uber users. ThreatPost, November 23, 2016

Cyber Defense

3 Ways to Boost Your Family’s Online Security This Holiday: VISITING RELATIVES OVER the holidays? Along with strategically avoiding any remotely political conversations, now’s the perfect time to help your loved ones better understand their personal digital security. They need it now more than ever. Wired, November 24, 2016
What Could The Next Ransomware Note Say? Let’s Learn from 2016: While ransomware threats are mostly an unknown entity to everyday consumers and Internet users, the widespread havoc these types of attacks have waged on healthcare organizations during 2016 started hitting a little too close to home. Consumers need to dispel the mindset of “that won’t happen to me” and make the connection that their information is being targeted – it’s just happening through a third party database, not their personal devices. ITSP Magazine, November 23, 2015
Travel Security Tips for Personal and Business Trips: One of the great myths of executive travel is the benefit of racking up hospitality rewards for grand vacations in Fiji or the Swiss Alps. In reality, trips are frequent, exhausting and sometimes bound for undesirable destinations that present a slew of security issues. SecurityIntelligence, November 23, 2016
Protecting Your Digital Life in 7 Easy Steps: There are more reasons than ever to understand how to protect your personal information. The New York Times, November 16, 2016

Information Security Management in the Organization

Information Security Governance

Information security role moving beyond tech expertise: At the recent ISSA International Conference in Dallas, SearchCompliance editor Ben Cole met with conference speakers to discuss the changing data threat landscape and how it is influencing the information security role. In this Q&A, SANS Institute CISO Frank Kim explains why communication and other people skills have become a big part of infosec professionals’ job requirements. SearchCompliance, November 21, 2016
Cyber crime affects 40 percent of manufacturing companies: In an increasingly interconnected world, all organizations are at risk from cyber attacks and manufacturing businesses are no exception. BetaNews, November 18, 2016

Cyber Warning

Poison .JPG spreading ransomware through Facebook Messenger: Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that’s distributing the dangerous Locky ransomware. TheRegister, November 25, 2016
Google warns journalists and professors: Your account is under attack: A flurry of social media reports suggests a major hacking campaign has been uncovered. ars technica, November 23, 2016
WORDPRESS PLUGINS LEAVE ONLINE SHOPPERS VULNERABLE: Researchers are calling into question the safety of some of the top WordPress e-commerce plugins used on over 100,000 commercial websites prepping for Black Friday and Cyber Monday online sales. ThreatPost, November 22, 2016
How to dodge Black Friday and Cyber Monday shopping hackers: Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts. CIO, November 22, 2016

Cyber Defense

8 Books Security Pros Should Read: Hunting for a good resource on the security industry? Check out these classics from the experts to learn more about hacking, defense, cryptography and more. DarkReading, November 23, 2016

Cyber Security in Society

Cyber Crime

Madison Square Garden, Radio City Music Hall Breached: Cybercriminals broke into the payment card processing system used by the Madison Square Garden Co., owner of Radio City Music Hall and other iconic entertainment venues, harvesting payment card details for nearly a year. BankInfoSecurity, November 23, 2016

Cyber Attack

Akamai on the Record KrebsOnSecurity Attack: Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated. KrebsOnSecurity, November 22, 2016

Cyber Freedom

Internet freedom around the world keeps decreasing: or the sixth year in a row, Internet freedom is declining. According to the latest Freedom on the Net report, 67 percent of all Internet users now live in countries where online criticism of the government, ruling family or the military is subjected to censorship, and such activity can result in individuals getting arrested. HelpNetSecurity, November 23, 2016

Know Your Enemy

Hackers advertising and selling phishing kits with secret backdoor via YouTube : Cybercrime, like any other enterprise is a business, albeit an illegal one. Apart from targeting individuals, businesses and governments, cybercriminals also cash in by creating, using and marketing malware to other crooks. It appears however, that the age old adage of “honour among thieves” does not apply to cybercriminals these days. IBTimes, November 25, 2016

National Cyber Security

Election Results: Academics Seek Audit in Key States: A group composed of computer scientists and activists has proposed that U.S. election results be audited in three key states in which President-elect Donald Trump won by a razor-thin margin. The group’s goal is to definitively disprove that hackers may have influenced the contentious election. BankInfoSecurity, November 24, 2016
DoD Opens .Mil to Legal Hacking, Within Limits: Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense (DoD), according to a new military-wide policy for reporting and fixing security vulnerabilities. KrebsOnSecurity, November 23, 2016
Want to Know if the Election was Hacked? Look at the Ballots: How might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs — though the country might be surprised when results in several close states were off from pre-election polls. J. Alex Halderman on Medium, November 23, 2016

Cyber Vulnerability

Elegant 0-day unicorn underscores “serious concerns” about Linux security: Recently released exploit code makes people running fully patched versions of Fedora and other Linux distributions vulnerable to drive-by attacks that can install keyloggers, backdoors, and other types of malware, a security researcher says. ars technica, November 22, 2016

Financial Cyber Security

Report: European Banks Struck by ATM Jackpotting Attacks: Hackers have been draining ATMs of cash across Europe after compromising the networks of banks and planting malicious software on the machines, the security company Group-IB says. But the Russian company’s report is being cautiously reviewed by some in the financial services industry. BankInfoSecurity, November 23, 2016

Internet of Things

Study: Industry slow to implement information security measures: MUNICH — Industrial companies are aware that information security and risk management are crucial in today’s data-driven and connected world. But, according to a new study, they also are relatively slow in implementing policies to fend off threats. automotiveIT, November 25, 2016
The Internet of Things is making hospitals more vulnerable to hackers: The attack potential grows exponentially as IoT technologies are implemented, warns European cyber security agency. ZDNet, November 25, 2016
Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft: Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app. InfoSecurity Magazine, November 24, 2016

Cyber Research

Quantum Computers Could Crush Today’s Top Encryption in 15 Years: Quantum computers could bring about a quantum leap in processing power, with countless benefits for fields like data science and AI. But there’s also a dark side: this extra power will make it simple to crack the encryption keeping everything from our emails to our online banking secure. SingularityHub, November 24, 2016
Battle of the Bots: How AI Is Taking Over the World of Cybersecurity: Google has built machine learning systems that can create their own cryptographic algorithms — the latest success for AI’s use in cybersecurity. But what are the implications of our digital security increasingly being handed over to intelligent machines? SingularityHub, November 9, 2016

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



SecurityRecruiter.com's Security Recruiter Blog