Cybersecurity News for the Week of August 20, 2017

Cyber Security News

 

Cyber Security News

from our friends at Citadel Information Group

Individuals at Risk

Cyber Privacy

Cars Suck Up Data About You. Where Does It All Go?: Automakers, local governments, retailers, insurers and tech companies are looking to leverage the data that cars generate. New York Times, July 27, 2017

Cyber Warning

New Android malware records calls, intercepts texts, and steals credit card info: A new version of Faketoken was identified by Kaspersky and poses a huge threat to anyone who stores bank card information for in-app purchases. TechRepublic, Aug 18, 2017

Repairing your smartphone? Replacement parts can hijack phone security, steal passwords: Booby-trapped touchscreens can log passwords, install malicious apps, and more. Ars Technica, Aug 18, 2017

Information Security Management in the Organization

Information Security Management and Governance

HBO Hack Illustrates That It’s Hard to Tell Exactly What’s Been Compromised: There may be much more missing than the headlines suggest. Robert Braun, SecureTheVillage Leadership Council, Cybersecurity Lawyer Forum, Jeffer Mangels Butler & Mitchell, Aug 17, 2017

Cyber Warning

New Survey Finds Failure to Remove Access from ex-Employees a Major Contributor to Breaches: Businesses drive the risk for data breaches when they fail to terminate employees’ access to corporate apps after they leave. DarkReading, Aug 18, 2017

Cyber breach at shipper illustrates dangers of business email compromise: Weak defences are leaving cargo vessels vulnerable to cyber-attacks, say experts. BBC, Aug 18, 2017

Cyber Defense

The importance of network segmentation as a key network security strategy: Cybercrime is getting worse. Keep your company safe by following the latest recommendations in network security. Inc, August 18, 2017

Caution advised with information security surveys: Cybersecurity reports based on answers from respondents often produce misleading or inaccurate statistics, and they can lead to industry confusion. CSO, August 15, 2017

Cyber Update

Cybercriminals found exploiting a vulnerability that Microsoft patched in April. Update now!!!: Attackers are targeting companies, and their goal is to get their hands on information that will allow them to steal money from the victims’ accounts. HelpNetSecurity, Aug 18, 2017

Cyber Law

Developments in New York and Colorado Cybersecurity Regulations: For the first time since New York’s Cybersecurity Regulation (23 NYCRR Part 500) became effective on March 1, 2017, the Department of Financial Services (DFS) has issued Frequently Asked Questions to assist Covered Entities in their compliance and provide guidance into the DFS’s interpretation and enforcement of its newly adopted regulation. National Law Review, Aug 18, 2017

Cyber Security in Society

Cyber Crime

Maersk says impact of NotPetya may be as much as $300 Million: Danish shipping giant A.P. Møller – Maersk faces a loss of up to $300 million as a result of the NotPetya global malware outbreak. BankInfoSecurity, Aug 17, 2017

Cyber Privacy

Justice Department wants data on anti-Trump protesters. An L.A. tech firm is resisting: Los Angeles tech company is resisting a federal demand for more than 1.3 million IP addresses to identify who visited a website set up to coordinate protests on President Trump’s Inauguration Day — a request whose breadth the company says violates the Constitution. LA Times, Aug 15, 2017

Cyber Attack

Inside the New York hospital hackers took down for six weeks (video): The medical industry is the new No. 1 target for hackers. CBS News, Aug 18, 2017

Cyber Defense

Amazon Macie automates cloud data protection with machine learning. Can it catch Microsoft and Google?: Amazon promises AWS S3 customers that they will be able to identify and protect sensitive data faster with Macie, but is it enough to catch up to what Microsoft and Google offers? CSO, Aug 17, 2017

LA launches public-private CyberLab to share threat information with region’s businesses:The new tech platform and public-private partnership aims to protect critical IT infrastructure and aid businesses to fight cyberattacks in real time. StateScoop, Aug 16, 2017

Know Your Enemy

Microsoft cloud cybersecurity attacks up 300% in last year, report says: In volume 22 of Microsoft’s Security Intelligence Report, the Redmond giant outlined some of the biggest cyberthreats facing its users. TechRepublic, Aug 18, 2017

Cyber Freedom

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking: For the first time, an actual witness has emerged in the hack of the Democratic National Comittee, and he has been interviewed by the F.B.I. New York Times, Aug 16, 2017

Did New York Times get the story wrong about Ukraine malware expert: It’s a good read, as long as you can ignore that the premise of the piece is completely wrong. KrebsOnSecurity, Aug 18, 2017

Unprotected Backup of Chicago Voter Roll Found in Cloud. 1.8 Million Voter Records At-Risk: Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket configured for public access. ThreatPost, Aug 18, 2017

National Cybersecurity

Russian-Speaking APT Group Said to Be Engaged in G20 Themed Attack: Turla, a long operating advanced persistent threat group (APT) with presumed ties to the Russian government, appears to be actively targeting G20 participants and those interested in its activities including policymakers, member nations and journalists. DarkReading, Aug 18, 2017

Cyber Government

Annual cybersecurity review for state and local government approaches: Non-federal agencies still ride low on the maturity benchmark, but the increased political attention around cybersecurity could improve results in the coming survey period. StateScoop, Aug 18, 2017

Cyber Medical

Commentary: Why information security is a patient safety issue: Cybersecurity requires strategy to succeed and that means putting your priorities in the right place. CISOs and other infosec pros must up their game to make protecting patients the top concern. Healthcare IT News, Aug 15, 2017

SecureTheVillage Calendar

National Assn of Corporate Directors — Southern California Chapter: Join SecureTheVillage and Citadel President Stan Stahl, the National Cyber Forensics Training Alliance (NCFTA) CEO and former secret service agent Matt Lavigna, Apria Healthcare’s CISO Jerry Sto. Thomasand former SaaS CEO and PwC Partner, Bob Zukis. Learn about Southern California’s unique risks and local efforts to fight cybercrime. September 6, Noon Luncheon, California Club.

PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club

SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810