Cybersecurity News for the Week of, December 3, 2017

Cyber Security News



from our friends at Citadel Information Group


Individuals at Risk

Cyber Update

MacOS High Sierra Users: Change Root Password Now: A newly-discovered critical flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now. KrebsOnSecurity, November 28, 2017

Cyber Defense

How secure are cryptocurrency mobile apps? 90 Android Apps analyzed by High-Tech Bridge: Are the mobile apps you’re using to store or handle your cryptocurrency stash, track the currencies’ price, or interact with cryptocurrency exchanges secure? Judging by the results of a recent audit by High-Tech Bridge, the chances are slim. HelpNetSecurity, December 1, 2017

Shopping Online Securely: The holiday season is nearing for many of us, and soon millions of people around the world will be looking to buy the perfect gifts. Many of us will choose to shop online in search of great deals and to avoid long lines and impatient crowds. Unfortunately, this is also the time of year many cyber criminals create fake shopping websites to scam and steal from others. Below, we explain the risks of shopping online and how to get that amazing deal safely. SANS, November 2017

Information Security Management in the Organization

Information Security Management and Governance

‘Blocking and Tackling’ in the New Age of Security: In a pep talk to CISOs, the chief security strategist at PSCU advises teams to prioritize resilience in addition to security. DarkReading, December 1, 2017

Defense Contractors Take Note: NIST’s Compliance Deadline is Almost Here!: The end of the year approaches and that means Department of Defense (DoD) contractors must make changes to their own unclassified information systems to comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Steptoe Cyberblog, December 1, 2017

Cyber Awareness

How Can I Tell This is an Attack? – Amazon Support Phish: Quite a few folks have been asking how can they tell this Amazon email is a Phish. Below are the indicators. I like this example as it demonstrates how the bad guys are constantly evolving and adapting in their attacks. Notice in this email how there is no malicious link or infected attachment to click on, making it much more difficult for perimeter defenses to detect and stop it. Notice how all the domains used in the attack are legitimate and owned by Amazon, including any links you hover over. SANS, November 29, 2017

Cybersecurity Culture

How Facebook’s Annual “Hacktober” Campaign Promotes Cybersecurity to Employees: While the word “cybersecurity” may evoke thoughts of highly sophisticated attacks that require fancy computing equipment and skilled hackers, the reality is that most attacks — especially in a corporate environment — involve simpler strategies that depend upon one thing: exploiting human behavior. Harvard Business Review, November 29, 2017

Cyber Defense

What is SIEM software? How it works and how to choose the right tool: Evolving beyond its log-management roots, today’s security information and event management (SIEM) software vendors are introducing machine learning, advanced statistical analysis and other analytic methods to their products. CSO, November 28, 2017

Cyber Update

Cisco Patches Critical Playback Bugs in WebEx Players: Cisco Systems issued a Critical alert on Wednesday warning of multiple vulnerabilities in its popular WebEx player. Six bugs were listed in the security advisory, each of them relating to holes in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. ThreatPost, November 30, 2017

Cybersecurity in Society

Cyber Crime

Video shows cyberthieves stealing Mercedes with keys locked inside the house: Do you own a Mercedes or other fancy car that starts with a keyless fob – and which you’d rather not see thieves drive off in? Naked Security, December 1, 2017

Chicago: Uber’s claim that hackers fully deleted stolen data is “nonsensical”: Uber’s been sued at least 11 times in just 1 week, faces new scrutiny from Senate. ars technica, November 28, 2017

Driving Privacy Regulators Crazy: UK Probes Uber Breach: British regulators have launched a probe of the massive data breach suffered by taxi competitor Uber, which is scrambling to notify 57 million individuals in an unspecified number of countries that their details were exposed last year (see Uber Concealed Breach of 57 Million Accounts For A Year). BankInfoSecurity, November 22, 2017

Cyber Attack

Iraqi Hacking Group Posting Porn On ISIS Websites: Growing up Muslim, ideas around sexuality are often suppressed and forbidden. No one ever really talks about sex or tells you about it. When I saw that scene in Titanic when DiCaprio’s hand slides down the foggy window, I was told to look away from the screen—my imagination was forced to fill in the gaps. When I first saw porn, it pretty starkly opposed the innocent picture my mind had conjured up about romance. I felt a little sick and very ashamed, then a little pissed off that my parents had been doing that. And then I felt sick again. VICE, November 30, 2017

National Cybersecurity

UK National Cyber Security Centre issues Kaspersky Labs warning to government departments with national security systems: The British government has issued a fresh warning about the security risks of using Russian anti-virus software. BBC, December 2, 2017

Ex-NSA Hackers Worry China And Russia Will Try to Arrest Them: The US government has been indicting foreign government hackers, and American government hackers are worried China and Russia might start doing the same to them. Motherboard, December 1, 2017

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?: In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer. KrebsOnSecurity, November 27, 2017

Cyber Government

Cybersecurity reigns as top priority for city and county CIOs in 2017: New research from the Public Technology Institute shows that security is dominating local government investment in new projects and initiatives. State Scoop, December 1, 2017

Cyber Law

Lawsuits Pile Up on Uber: Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow. DarkReading, November 30, 2017

How the Supreme Court Could Keep Police From Using Your Cellphone to Spy on You: The cellphones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven’t caught up to that reality. That might change soon. Schneier on Security, November 28, 2017

Uber’s security practices come under fire (again) after new evidence comes to light in the Alphabet lawsuit: A former Uber employee claims some of the company’s security officers worked to actively avoid creating a “paper trail.” recode, November 28, 2017

Cyber Sunshine

Russian involved in massive debit card hack sentenced in U.S. to 14 years in prison: A Russian cybercriminal who officials say helped hackers get fraudulent access to millions of debit card numbers and steal millions of dollars was sentenced this week in Atlanta to spend 14 years in prison — a sentence that will be served simultaneously with a 27-year term he was already serving. The Los Angeles Times, December 1, 2017

 The post Cybersecurity News of the Week, December 3, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810