Cybersecurity News of the Week of, October 15, 2017

Cyber Security News




from our friends at Citadel Information Group


Individuals at Risk

Identity Theft

Equifax Hackers Stole Info on 693,665 UK Residents: Equifax Inc. said today an investigation into information stolen in the epic data breach the company disclosed on Sept. 7 revealed that intruders took a file containing 15.2 million UK records. The company says it is now working to inform 693,665 U.K. consumers whose data was stolen in the attack. KrebsOnSecurity, October 10, 2017

Cyber Privacy

Equifax Credit Assistance Site Served Spyware: Big-three consumer credit bureau Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software. KrebsOnSecurity, October 12, 2017

Accenture left a huge trove of highly sensitive data on exposed servers: Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. ZDNet, October 10, 2017

Equifax Breach Fallout: Your Salary History: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax. KrebsOnSecurity, October 8, 2017

Cyber Update

Microsoft’s October Patch Batch Fixes 62 Flaws: Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start. KrebsOnSecurity, October 11, 2017

Cyber Defense

Think Twice Before Logging on to Public Wi-Fi: At the airport, in a coffee shop or hotel lobby? Think twice before logging on to that free Wi-Fi. Robert Braun, JMBM Cybersecurity Lawyer Forum, October 11, 2017

Cyber Warning

The malware that won’t die: Is Locky reclaiming its title as king of ransomware?: Not so long ago it was thought to be dead, but now Locky ransomware is back as one of the most commonly distributed forms of malware. ZDNet, October 12, 2017

Information Security Management in the Organization

Cyber Defense

10 Major Cloud Storage Security Slip-Ups (So Far) this Year: Accenture is the latest in a string of major companies to expose sensitive cloud data this year, following Verizon, Deloitte, and Dow Jones. Dark Reading, October 13, 2017

Cybersecurity evolution brings shifts for network security: Bloggers explore cybersecurity evolution and its impact on network security, new network fabrics from Extreme and take a deep dive on routing protocols, such as BFD. TechTarget, October 13, 2017

Kaspersky Lab and the AV Security Hole: It’s unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor’s network, security experts say. DarkReading, October 12, 2017

Cybersecurity in Society

Cyber Freedom

How Facebook’s Ad System Works: SAN FRANCISCO — In early September, Facebook revealed that it had identified about $100,000 in ads purchased on its social network by a Russian company linked to the Kremlin. Distributed between June 2015 and May of this year, the more than 3,000 ads added to evidence that Russia interfered with the 2016 presidential election. The New York Times, October 12, 2017

How Russia Harvested American Rage to Reshape U.S. Politics: YouTube videos of police beatings on American streets. A widely circulated internet hoax about Muslim men in Michigan collecting welfare for multiple wives. A local news story about two veterans brutally mugged on a freezing winter night. The New York Times, October 9, 2017

Google uncovers Russian-bought ads on YouTube, Gmail and other platforms: SAN FRANCISCO — Google for the first time has uncovered evidence that Russian operatives exploited the company’s platforms in an attempt to interfere in the 2016 election, according to people familiar with the company’s investigation. The Washington Post, October 9, 2017

THE U.S. ELECTION SYSTEM REMAINS DEEPLY VULNERABLE, BUT STATES WOULD RATHER CELEBRATE FAKE SUCCESS: WHEN THE DEPARTMENT of Homeland Security notified 21 states that Russian actors had targeted their elections systems in the months leading up to the 2016 presidential election, the impacted states rolled out a series of defiant statements. “Oregon’s security measures thwarted Russian government attempts to access the Secretary of State computer network during the 2016 general election,” chest-thumped Oregon Secretary of State Dennis Richardson. The Interept, October 3, 2017

National Cybersecurity

How North Korean hackers stole 235 gigabytes of classified US and South Korean military plans: In September 2016, North Korean intelligence services stole a huge batch of classified US and South Korean military plans — including a plan to assassinate North Korea’s dictator Kim Jong Un and other top government officials. VOX, October 13, 2017

Hackers steal restricted information on F-35 fighter, JDAM, P-8 and C-130: Add the Australian defence industry to the already long list of those who’ve suffered at the hands of security weaknesses in third-party contractors. NakedSecurity, October 13, 2017

Germany: ‘No Evidence’ Kaspersky Software Used by Russians for Hacks: BERLIN — Germany’s BSI federal cyber agency said on Wednesday it had no evidence to back media reports that Russian hackers used Kaspersky Lab antivirus software to spy on U.S. authorities. The New York Times, October 11, 2017

Israeli Spies Found Russians Using Kaspersky Software for Hacks: Media: WASHINGTON — Israeli intelligence officials spying on Russian government hackers found they were using Kaspersky Lab antivirus software that is also used by 400 million people globally, including U.S. government agencies, according to media reports on Tuesday. The New York Times, October 11, 2017

Israel hacked Kaspersky, then tipped the NSA that its tools had been breached: In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm: hacking tools that could only have come from the National Security Agency. The Washington Post, October 10, 2017

Cyber Crime

Hyatt Hotels hit by credit card data-stealing malware – again: Hotel group says guests who stayed at 41 of its properties between March and July this year could have had their details stolen by hackers. ZDNet, October 13, 2017

Cyber Attack

Hackers have turned Politifact’s website into a trap for your PC: PolitiFact has been an invaluable resource for debunking politicians’ misstatements and falsehoods. But now, it seems, some unknown actor is trying to profit off the website’s popularity — by hooking visitors’ computers into a virtual currency mining operation. The Washington Post, October 13, 2017

Know Your Enemy

Ransomware is now big business on the dark web and malware developers are cashing in: The total value of ransomware sales on dark web market places has rocketed from $250,000 to over $6m in just a year, as demand for the file-encrypting malware grows. ZDNet, October 11, 2017

Cyber Law

Supreme Court: Hacking conviction stands for man who didn’t hack computer: High court refuses to hear appeal of hacking conviction, one-year prison sentence. ars technica, October 10, 2017

Cyber Miscellany

IRS suspends contract with Equifax after malware discovered: The IRS said late Thursday that it has temporarily suspended the agency’s $7.1 million data security contract with Equifax (EFX) after malware found on the credit bureau’s website again called its security systems into question. CBS, October 12, 2017

SecureTheVillage Calendar

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

The post Cybersecurity News of the Week, October 15, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810