Cyber Security News for the Week, July 2, 2017

Cyber Security News

Cyber Security News

from our friends at Citadel Information Group

Individuals at Risk

Cyber Update

Make sure your Skype is up to date because there’s a nasty hole in it: Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows. The Register, June 27, 2017

Information Security Management in the Organization

Information Security Management and Governance

Middle-Market Companies Require a Customized Approach for Successful Cybersecurity:Middle-market companies have cultures, goals and business needs that are distinct from larger firms, and nowhere is that more true than with cybersecurity. Michael Gold, Jeffer Mangels Butler & Mitchell and SecureTheVillage Leadership Council,  Cybersecurity Lawyer Forum, June 26, 2017

Cyber Warning

A Cyberattack ‘the World Isn’t Ready For’: NEWARK — There have been times over the last two months when Golan Ben-Oni has felt like a voice in the wilderness. The New York Times, June 22, 2017

Cyber Defense

Wannacry Attack: Enterprise Security Focus Must Include Rapid Threat Detection & Culture Change: The WannaCry ransomware attack shows patching and perimeter defenses aren’t enough. Enterprises should combine preventative measures with threat detection tactics. DarkReading, June 29, 2017

10 Immutable Laws of Security Administration – Originally Published November 2000. Still Accurate: We recently published the 10 Immutable Laws of Security, a listing of ten facts of life regarding computer security. We realized that administrators have their own set of immutable laws, one that’s entirely separate from the list for users. So, we canvassed the network administrators, security gurus, and other folks here at Microsoft, and developed the list that follows, which encapsulates literally hundreds of years of hard-earned experience. Microsoft Technet, November 2000

Cyber Update

Microsoft Issues ‘Important’ Security Fix for Azure AD Connect: Microsoft is warning customers of a bug in its Azure Active Directory Connect product that could allow an adversary to escalate privileges and reset passwords and gain unauthorized access to user accounts. ThreatPost, June 28, 2017

Cyber Law

New Chinese Cybersecurity Law and Regulations Advisory: On Monday, June 26, 2017, Alston & Bird’s Kim Peretti, Justin Hemmings, and Emily Poole issued an advisory on recent changes in Chinese Cybersecurity Law. The new law asserts greater control over all data collection and generation in China, as well as the processing of data from Chinese data subjects. While the law entered into force on June 1, 2017, there is still uncertainty as to how the law will be interpreted and enforced, including which companies are subject to the law. Alston & Bird, June 26, 2017

$115 Million Settlement in Massive Anthem Breach Case: Health insurer Anthem has agreed to a proposed $115 million deal to settle a class action lawsuit over a 2015 cyberattack that resulted in a breach affecting nearly 78.9 million individuals. HealthcareInfo Security, June 23, 2017

Cyber Security in Society

Cyber Crime

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence: Larson Studios president Rick Larson and his wife and business partner, Jill Larson, didn’t recognize the number that sent them these two short text messages via their personal cell phones two days before Christmas last year, so they simply ignored them. “We didn’t really think much of them,” said Jill Larson. Variety, June 20, 2017

Cyber Privacy

Should Vault 7 and the Shadow Brokers End the Encryption Debate?: When law enforcement argues it needs a “backdoor” into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization. If you leave a key under the doormat, a seminal 2015 paper argues, a burglar eventually finds it. And now recent events suggest an even simpler rebuttal: Why entrust a key to someone who gets robbed frequently? Wired, June 30, 2017

Who’s watching? Face recognition means goodbye to hiding in crowds: Governments, retailers and social networks are driving multiple-use scenarios toward ubiquitous facial recognition capability, a technology that’s moved out of the realm of fiction and Hollywood (George Orwell’s novels, or Mission Impossible, Bourne Ultimatum, Minority Report or Matrix Reloaded) into the realm of everyday acceptance. NakedSecurity, June 29, 2017

Cyber Attack

Malware attack mangles Monticello operations: Thomas Jefferson’s Monticello was hit by a ransomware attack this week that hampered the historic home’s electronic systems. The Daily Progress, June 29, 2017

Law Firm DLA Piper Reels Under Cyber Attack, Fate of Files Unclear: A prominent global law firm, which has touted its expertise on cybersecurity, is still struggling to recover from vicious computer attacks unleashed on Tuesday by hackers. Fortune, June 29, 2017

Tuesday’s massive ransomware outbreak was, in fact, something much worse: Tuesday’s massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying data. ars technica, June 28, 2017f

Massive cyberattack hits Europe with widespread ransom demands: MOSCOW — A new wave of powerful cyberattacks hit Europe and beyond on Tuesday in a possible reprise of a widespread ransomware assault in May. Affected were a Russian oil giant, a Danish shipping and energy conglomerate, and Ukrainian government ministries, which were brought to a standstill in a wave of ransom demands. The virus even downed systems at the site of the former Chernobyl nuclear power plant, forcing scientists to monitor radiation levels manually. The Washington Post, June 27, 2017

Several Ohio government websites hacked Sunday afternoon apparently by supporters of Islamic state: DAYTON, Ohio (WDTN) – An investigation is underway Sunday after seven Ohio government websites were hacked. Now, officials are trying to figure who exactly is behind it. WDTN, June 25, 2017

National Cyber Security

Questions re WSJ Story That GOP Operative Sought Clinton Emails From Hackers, Implying Flynn Connection: You’ve no doubt seen the Wall Street Journal article about the GOP operative and money man who assembled a team to get a hold of Russia-hacked Clinton emails and claimed he was working in concert with disgraced Trump advisor Mike Flynn. From my read, this is one of those articles which is as interesting for what it doesn’t say as what it does. It raises all sorts of questions, a number of which the Investigations Desk will be digging into today. TalkingPointsMemo, June 30, 2017

Despite Hacking Charges, U.S. Tech Industry Fought to Keep Ties to Russia Spy Service:WASHINGTON/MOSCOW — As U.S. officials investigated in January the FSB’s alleged role in election cyber attacks, U.S. technology firms were quietly lobbying the government to soften a ban on dealing with the Russian spy agency, people with direct knowledge of the effort told Reuters. The New York Times, June 30, 2017

Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence: Lawmaker proposes ban on DoD use of Moscow-based security vendor’s products. DarkReading, June 29, 2017

Stewart Baker Discusses Russia Election Cyberattack w Washington Post’s Ellen Nakashima:Our guest, Ellen Nakashima, was coauthor of a Washington Post article that truly is a first draft of history, though not a chapter the Obama administration is likely to be proud of. She and Greg Miller and Adam Entous chronicle the story of Russia’s information operations attack on the 2016 presidential election. Steptoe Cyberblog, June 26, 2017

Cyber Liberty

‘Our Phones Are Being Monitored’: How a Hacking Story Unfurled: Azam Ahmed: One morning earlier this year, I got a call from Mario E. Patrón, a prominent human rights lawyer in Mexico. He wanted to talk in person. When he arrived at The New York Times’s Mexico bureau, he took a seat in the conference room and asked me for my phone. He then collected the phones of everyone else in the room, walked them outside and placed them in our lobby. Out of earshot. “Our phones are being monitored,” he told me. The New York Times, June 19, 2017

Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families:MEXICO CITY — Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists. The New York Times, June 19, 2017

Cyber Medical

Fears of hackers targeting US hospitals, medical devices for cyber attacks: Cybersecurity experts are rushing to analyze the new ransomware known by some as “Petya” that quickly spread to countries around the world Tuesday, including the United States, with hackers holding computers hostage for ransom payouts. ABC News, June 29, 2017

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810