Cyber Security News for the week of August 27, 2017

Cyber Security News


Cyber Security News

from our friends at Citadel Information Group

Individuals at Risk

Identity Theft

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass: One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference advances that research and offers several reminders of how being careless with your boarding pass could jeopardize your privacy or even cause trip disruptions down the road. KrebsOnSecurity, August 24, 2017

Cyber Danger

Bank-fraud malware not detected by any AV found in Chrome Web Store. Twice in 17 days:A researcher has uncovered an elaborate bank-fraud scam that’s using a malicious extension in Google’s Chrome Web Store to steal targets’ passwords. Ars Technica, August 16, 2017

Cyber Defense

Backup & Recovery: If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos.SANS Securing the Human, August 2017

10 browser extensions to help keep you safe on the web: These 10 browser extensions can help add more than just peace of mind; they can step in where the average web browser fails and protect you from common threats. Tech Republic, August 25 2017

Cyber Warning

Adware Spreading Via Social Engineering, Facebook Messenger: Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware, something that’s likely earning them a small chunk of change in the process. ThreatPost, August 24, 2017

Secret chips in replacement parts can completely hijack your phone’s security: Booby-trapped touchscreens can log passwords, install malicious apps, and more. Ars Technica, August 18, 2017

Information Security Management in the Organization

Information Security Management and Governance

Board Directors Need to Get Involved With Cyber Risk Governance: They know that it’s only a matter of time before their organization suffers a cyber incident, and all eyes will naturally be on the directors themselves to see if they were properly exercising their risk oversight. SecurityIntelligence, August 24, 2017

Fallout From Cybersecurity Regulatory Crackdown Pushing Companies to Strengthen Security Management: The rise in cyberattacks has led to more regulations, which in turn has forced companies to look into cyberinsurance. Forbes, August 25, 2017

Security Culture

Charts Like This are Why Information Security is Failing: Out of the 57 controls listed, ONLY ONE is dedicated to the Human Operating System. SANS Securing the Human, August 22, 2017

New SANS survey identifies & addresses root cybersecurity cultural challenges: Working with hundreds of security awareness programs has taught me one thing, people are key.SANS Securing the Human, August 24, 2017

Cyber Warning

Ransomware Hiding in Word Files Seen Targeting Education, Healthcare Industry:Researchers observed a new, albeit small and selective ransomware campaign earlier this month targeting both education and healthcare verticals. ThreatPost, August 25, 2017

Cyber Law

Eighth Circuit Affirms Dismissal of Scottrade Data Breach Suit: The United States Court of Appeals for the Eighth Circuit recently affirmed the district court’s dismissal of a putative class action brought by customers of the brokerage firm Scottrade in the wake of an alleged data breach impacting Scottrade in 2013. Alston & Bird Privacy & DataBlog, August 25, 2017

Cyber Talent

7 Tips for Recruiting the Infosec Talent You Need Now: New ways to attract job candidates and keep them around. BankInfoSecurity, August 23, 2017

Cyber Security in Society

Cyber Crime

Cryptocurrency Ethereum Cyber Fraud Has Cost Victims $225 Million This Year, Says Report: Here’s another reason to be leery of the initial coin offerings being done at a staggering pace in the cryptocurrency world: there’s a one-in-10 chance you’ll end up a victim of theft. Bloomberg Technology, August 23, 2017

The HBO hackers just sent us the end of ‘Game of Thrones’ Season 7: The so-called Mr. Smith hacking group that’s responsible for stealing approximately 1.5 terabytes of data from HBO just released what they’re calling the sixth wave of leaks — and it just so happens this data dump contains what they claim is the end to Season 7 of Game of Thrones. Mashable Technology, August 25, 2017

Cyber Privacy

DoJ Subject to Strict Judicial Oversight in Anti-Trump Site Investigation: A US judge has ruled that the Department of Justice (DoJ) must operate under strict court oversight when searching data associated with an anti-Trump website to find a group of alleged rioters. InfoSecurityGroup, August 25, 2017

Know Your Enemy

Zero-Day Broker Zerodium Offers $500K for Encrypted Messaging Exploits: There’s another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software exploit. BankInfoSecurity, August 24, 2017

How lower barriers and increased profits have lead to a surge in cybercrime .. And what you need to do: Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry. CSO, August 25, 2017

No coding skills required: Android app allows wannabe cybercriminals to build custom ransomware: A free tool available on hacking forums allows budding hackers to build their own Android ransomware simply by filling out a few forms. ZDNet, August 25, 2017

Cyber Gov

Government ranks near bottom in cybersecurity review of 18 critical industries: Data breaches and hacks of US government networks, once novel and shocking, have become a problematic fact of life over the past few years. Wired, August 24, 2017

Critical Infrastructure

Is the Power Grid Getting More Vulnerable to Cyber Attacks?: Rising computerization opens doors for increasingly aggressive adversaries, but defenses are better than many might think. Scientific American, August 23, 2017

Internet of Things

Industrial Collaboration Robots (Cobots) Highly Vulnerable to Hacking, Says New Report:Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. ThreatPost, August 22, 2017

Cyber Enforcement

The Imperfect Crime: How Blockchain Might Lead to the WannaCry Hackers: Even if they can exchange their ransom, the criminals will have a hard time accessing their money anonymously. Scientific American, August 16, 2017

Cyber Sunshine

Chinese national arrested for allegedly using malware linked to OPM hack: A Chinese national was arrested in Los Angeles this week on charges he used a rare type of computer malware that was also deployed to access millions of sensitive U.S. records from the Office of Personnel Management. The Washington Post, August 24, 2017

Accused ‘Hacker for Hire’ for Russia Pleads Not Guilty: Canadian allegedly aided Russians who perpetrated massive yahoo data breach. BankInfoSecurity, August 24, 2017

Cyber Miscellany

Quantum Internet Is 13 Years Away. Wait, What’s Quantum Internet?: A year ago this week, Chinese physicists launched the world’s first quantum satellite. Wired, August 15, 2017

SecureTheVillage Calendar

National Assn of Corporate Directors — Southern California Chapter: Join SecureTheVillage and Citadel President Stan Stahl, the National Cyber Forensics Training Alliance (NCFTA) CEO and former secret service agent Matt Lavigna, Apria Healthcare’s CISO Jerry Sto. Thomasand former SaaS CEO and PwC Partner, Bob Zukis. Learn about Southern California’s unique risks and local efforts to fight cybercrime. September 6, Noon Luncheon, California Club.

PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club

SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810