Cybersecurity News of the Week of, September 10, 2017

Cyber Security News 05.17.jpg



from our friends at Citadel Information Group


Individuals at Risk

Identity Theft

Equifax Hack Exposes Regulatory Gaps, Leaving Consumers Vulnerable: Despite the wealth of sensitive information in their databases, credit bureaus don’t face the same kind of scrutiny and oversight that banks do. The New York Times, September 8, 2017

Here are all the ways the Equifax data breach is worse than you can imagine: Another day, another massive data breach. Except this one involves Equifax, one of the credit-monitoring companies you might expect to be ultrasensitive to the importance of safeguarding your personal information from hackers. LA Times, September 8, 2017

Equifax Breach Response Turns Dumpster Fire: I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans. KrebsOnSecurity, Septeber 8, 2017

Equifax Breach: 8 Takeaways: After Equifax on Thursday warned that 143 million consumers’ personal details may have been stolen by hackers, criticism of the consumer credit reporting agency – and data broker – has been swift. BankInfoSecurity, September 8, 2017

Outrage builds after Equifax executives banked $2 million in stock sales following data breach: The sale of nearly $2 million in corporate stock by high-level Equifax executives shortly after the company learned of a major data breach has sparked public outrage that could turn into another hurdle for the credit rating agency. The Washington Post, September 8, 2017

Equifax Says Cyberattack May Have Affected 143 Million in the U.S.: Criminals gained access to certain files in the company’s system from mid-May to July, according to an investigation by Equifax. The New York Times, September 7, 2017

Cyber Defense

Password Managers: One of the most important steps you can take to protect
yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. This is why so many people reuse the same password. SANS, September 2016

Information Security Management in the Organization

Cyber Warning

New Dridex Phishing Campaign Delivers Fake Accounting Invoices: A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero. ThreatPost, September 7, 2017

Cyber Defense

Are you an easy hacking target? Cybersecurity tips for small business: Small businesses and self-employed people are big targets for hackers, and the financial implications can be crippling. Gone are the days of thinking “It’ll never happen to us”. A total of 61% of all data breaches this year occurred in businesses with fewer than 1,000 employees, according to the Verizon Data Breach Investigations Report. Estimates vary on how much a breach truly costs, but it can often be millions of pounds. The Guardian, September 8, 2017

The 5 cyber attacks you’re most likely to face: As a consultant, one of the biggest security problems I see is perception: The threats companies think they face are often vastly different than the threats that pose the greatest risk. For example, they hire me to deploy state-of-the-art public key infrastructure (PKI) or an enterprise-wide intrusion detection system when really what they need is better patching. CSO, August 21, 2017

Cyber Talent

Meet the WISOs: 10 Women Information Security Officers to watch: As girls and young women become interested in cybersecurity, they can look to these Women Information Security Officers for inspiration. CSO, September 8, 2017

Cybersecurity in Society

Cyber Freedom

German hackers find security hole in software used for vote counts: Serious security flaws in the software used to register voting tallies in Germany and transmit them across the country have been found by a hackers’ collective, who have warned of the possibility of external attacks. The Guardian, September 8, 2017

Cash-strapped states brace for Russian hacking fight: The U.S. needs hundreds of millions of dollars to protect future elections from hackers — but neither the states nor Congress is rushing to fill the gap. Politico, September 3, 2017

Fake News

The Fake Americans Russia Created to Influence the Election: Posing as ordinary citizens on Facebook and building “warlists” of Twitter accounts, suspected Russian agents intervened last year in the American democratic process. The New York Times, September 7, 2017

The Fake-News Fallacy:Old fights about radio have lessons for new fights about the Internet: On the evening of October 30, 1938, a seventy-six-year-old millworker in Grover’s Mill, New Jersey, named Bill Dock heard something terrifying on the radio. Aliens had landed just down the road, a newscaster announced, and were rampaging through the countryside. Dock grabbed his double-barrelled shotgun and went out into the night, prepared to face down the invaders. But, after investigating, as a newspaper later reported, he “didn’t see anybody he thought needed shooting.” In fact, he’d been duped by Orson Welles’s radio adaptation of “The War of the Worlds.” Structured as a breaking-news report that detailed the invasion in real time, the broadcast adhered faithfully to the conventions of news radio, complete with elaborate sound effects and impersonations of government officials, with only a few brief warnings through the program that it was fiction. The New Yorker, September 4, 2017

National Cybersecurity

The Cyberlaw Podcast – Stewart Baker interviews Michael Mainelli: In Episode 177, fresh from hiatus, we try to summarize the most interesting cyber stories to break in August. Paul Rosenzweig kicks things off with the Shunning of Kaspersky. I argue that the most significant – though unsupported – claim about Kaspersky is Sen. Shaheen’s assertion that all of the company’s servers are in Russia. If true, that’s certainly an objective reason not to let Kaspersky install sensors in non-Russian computers. The question that remains is how much due process companies like Kaspersky should get. That’s a question unlikely to go away, as DOD is now comprehensively shunning DJI drones, issuing guidance that sounds a lot like Edward Snowden demanding that users uninstall all DJI apps and remove all batteries and storage media. Steptoe Cyberblog, September 5, 2017

The first quantum-cryptographic satellite network will be Chinese: IN THE never-ending arms race between encryptors and eavesdroppers, many of those on the side that is trying to keep messages secret are betting on quantum mechanics, a description of how subatomic particles behave, to come to their aid. In particular, they think a phenomenon called quantum entanglement may provide an unsubvertable way of determining whether or not a message has been intercepted by a third party. Such interception, quantum theory suggests, will necessarily alter the intercepted message in a recognisable way, meaning that the receiver will know it is insecure. This phenomenon depends on the fact, surprising but true, that particles with identical properties which are created simultaneously are entangled in a way that means one cannot have its properties altered without also altering the other, no matter how far apart they are. The Economist, August 31, 2017

Cyber Law

Could CareFirst Data Breach Case Be Headed to Supreme Court?: Could the class action lawsuit filed against CareFirst Blue Cross Blue Shield after a 2014 cyberattack impacting 1.1 million individuals be the first data breach case headed to the Supreme Court? A recent ruling by a federal court makes that a possibility. BankInfoSecurity, September 8, 2017

SEC Chief: Regulators must do more to help small investors better understand cyber crime and online fraud: NEW YORK (Reuters) – Regulators must do more to help mom-and-pop investors better understand the potential risks posed by cyber crime and new technologies used to commit fraud, U.S. Securities and Exchange Commission Chairman Jay Clayton said on Tuesday. Reuters, September 5, 2017

Cyber Medical

DHS Warns of 8 Cybersecurity Vulnerabilities in Smiths Medical Wireless Infusion Pumps: The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT) on Thursday issued an advisory detailing eight cybersecurity vulnerabilities found in Smiths Medical’s Medfusion 4000 wireless infusion pumps. RAPS, September 8, 2017

Critical Infrastructure

Symantec Report: Hackers found to gain direct operational access to US power grid controls: In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will. Wired, September 6, 2017

Internet of Things

IoT Security: What’s Plan B?: In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn’t regulate the IoT market. It doesn’t single out any industries for particular attention, or force any companies to do anything. It doesn’t even modify the liability laws for embedded software. Companies can continue to sell IoT devices with whatever lousy security they want. SchneierOnSecurity, September 2017

Cyber Miscellany

If Blockchain Is the Answer, What Is the Security Question?: Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype. DarkReading, September 8, 2017

Boston Red Sox Used Apple Watches to Steal Signs Against Yankees: When confronted by Major League Baseball, the Red Sox admitted they were using Apple Watches in a scheme to gain an edge at the plate. The New York Times, September 5, 2017

Cyber Research

Security researchers in China send silent commands to speech recognition systems with ultrasound: Security researchers in China have invented a clever way of activating voice recognition systems without speaking a word. By using high frequencies inaudible to humans but which register on electronic microphones, they were able to issue commands to every major “intelligent assistant” that were silent to every listener but the target device. TechCrunch, September 6, 2017

SecureTheVillage Calendar

PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club

SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

The post Cybersecurity News of the Week, September 10, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810