Cyber Security News for the Week of, September 3, 2017

Cyber Security News

 

Cyber Security News

from our friends at Citadel Information Group

 

Individuals at Risk

Identity Theft

700 Million-Plus Email Addresses Leaked by Spam Operation: A sloppy spamming operation has exposed on a server in the Netherlands gigabytes of files that include 711 million email addressees and some associated account passwords. BankInfoSecurity, August 31, 2017

Cyber Privacy

Hackers are selling millions of Instagram celeb accounts on web. Selena Gomez among victims: A group of hackers used a bug earlier this week to scrape the phone numbers and email addresses of six million Instagram accounts and are now selling that information on the web. TechCrunch, September 1, 2017

Cyber Danger

Is Your Mobile Carrier Your Weakest Link?: More online services than ever now offer two-step authentication — requiring customers to complete a login using their phone or other mobile device after supplying a username and password. But with so many services relying on your mobile for that second factor, there has never been more riding on the security of your mobile account. Below are some tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the weakest link in your security chain. KrebsOnSecurity, August 27, 2017

Victim of crypto-currency theft describes how cybercriminals hacked his cellphone: At about 9pm on Tuesday, August 22 a hacker swapped his or her own SIM card with mine, presumably by calling T-Mobile. This, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password, and text on my behalf. All of the two-factor notifications went, by default, to my phone number so I received none of them and in about two minutes I was locked out of my digital life. TechCrunch, August 23, 2017

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency: Hackers have discovered that one of the most central elements of online security — the mobile phone number — is also one of the easiest to steal. The New York Times, August 23, 2017

Cyber Defense

On what basis are we to trust online file conversion services?: Let’s imagine that you just received an attachment on your phone, such as an image, a document or a spreadsheet. Naked Security, September 1, 2017

Cyber Warning

Beware of Hurricane Harvey Relief Scams: U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster. Here are some tips to help ensure sure your aid dollars go directly to those most in need. KrebsOnSecurity, August 29, 2017

Information Security Management in the Organization

Cyber Warning

Locky Ransomware Campaign Returns via Spam and Dropbox-Themed Phishing Attacks: In today’s digital world, boundaries are blurring. Driven by “need it now” business demands, cloud applications are surfacing in business environments everywhere, often with little or no IT involvement. We’re allowing access to a growing and dynamic user population that includes not only employees but partners, customers, channels and contractors. And, while the always-on mobile and BYOD landscape offers much-needed convenience for users, it further blurs personal and corporate access boundaries. Ultimately, we need to find a way to embrace today’s boundaryless business world, while maintaining security confidence, ensuring that we meet increasing compliance demands, and doing so in a way that’s completely seamless and easy for our users. BankInfoSecurity, Event on September 5, 2017

Cyber Talent

CISOs’ Salaries Expected to Edge Above $240,000 in 2018: Other IT security professionals may garner six-figure salaries as well, new report shows. DarkReading, September 1, 2017

The Haves And Have-Nots In Cybersecurity: How Your Company Can Level The Playing Field: We all know about the income-inequality debate in America, and the controversy about too much wealth being held by the “one percent”. But did you know there’s also an inequality issue when it comes to our country’s cybersecurity? Forbes, August 29, 2017

Cybersecurity in Society

Cyber Crime

Canadian university scammed out of $11.8 million: MacEwan University in Edmonton, Alberta, is the latest confirmed victim of scammers. HelpNetSecurity, September 1, 2017

A server hosting dozens of popular file converter sites has been hacked: The server hosting the sites had been “tampered with for months on end, without the server owner noticing it.” ZDNet, August 31, 2017

Know Your Enemy

Hackers Host Ransomware on US Government Site to Infect Site-Visitors: As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. ThreatPost, September 1, 2017

Cyber Law

Judge Nixes Bid to Quash Suit Filed by Yahoo Breach Victims: A federal judge in California has ruled that a consolidated class-action lawsuit filed by those affected by three Yahoo data breaches can proceed. BankInfoSecurity, September 1, 2017

Cyber Freedom

Open source or proprietary: how should we secure voting systems?: The stakes are always high when it comes to software security, which is why the ongoing debate over open-source vs. proprietary tends to be passionate. NakedSecurity, September 1, 2017

Software Glitch or Russian Hackers? Election Problems Draw Little Scrutiny or Analysis: The calls started flooding in from hundreds of irate North Carolina voters just after 7 a.m. on Election Day last November. The New York Times, September 1, 2017

National Cybersecurity

WikiLeaks alleges CIA created bogus software upgrade to steal data from FBI, NSA: The CIA didn’t trust its security service partners to share biometric information with it, so it created a bogus software upgrade to steal the data. ZDNet, August 25, 2017

Cyber Government

Trump’s Cabinet Leaves Key Cybersecurity Reports Unfinished: Major cybersecurity reports looking at the American government’s ability to defend itself from hacking are unfinished months after the deadline set by President Donald Trump. Newsweek, September 1, 2017

Cyber Medical

Pacemaker recall due to cybersecurity vulnerability affects at Least 456,000 US patients: Around 465,000 Americans with pacemakers fitted are being advised to visit their doctor to get an important software upgrade – otherwise their life-saving inner gadget could be vulnerable to a hacking attempt. Science Alert, September 1, 2017

Internet of Things

Leak of more than 1,700 valid passwords could make the IoT mess much worse: Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 “Internet of things” devices and make them part of a destructive botnet. ars technica, August 25, 2017

Cyber Sunshine

Mirai Malware Attacker Extradited From Germany to UK: Admitted Mirai malware mastermind Daniel Kaye, 29, has been extradited from Germany to the United Kingdom, where he faces charges that he launched cyberattacks against two of Britain’s biggest banks. BankInfoSecurity, August 31, 2017

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet: A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. KrebsOnSecurity, August 28, 2017

Fake News

The Intimidators: Twitter bots unleashed in a social media disruption tactic: Overnight from August 28 to August 29, a major Twitter botnet opened a new front in its ongoing attempts to intimidate @DFRLab, creating fake accounts to impersonate and attack our team members. DFR Lab, August 30, 2017

Fake Twitter bots w Russian fingerprints used to intimidate and disrupt social media: I awoke this morning to find my account on Twitter (@briankrebs) had attracted almost 12,000 new followers overnight. Then I noticed I’d gained almost as many followers as the number of re-tweets (RTs) earned for a tweet I published on Tuesday. The tweet stated how every time I tweet something related to Russian President Vladimir Putin I get a predictable stream of replies that are in support of President Trump — even in cases when neither Trump nor the 2016 U.S. presidential campaign were mentioned. KrebsOnSecurity, August 30, 2017

SecureTheVillage Calendar

National Assn of Corporate Directors — Southern California Chapter: Join SecureTheVillage and Citadel President Stan Stahl, the National Cyber Forensics Training Alliance (NCFTA) CEO and former secret service agent Matt Lavigna, Apria Healthcare’s CISO Jerry Sto. Thomas and former SaaS CEO and PwC Partner, Bob Zukis. Learn about Southern California’s unique risks and local efforts to fight cybercrime. September 6, Noon Luncheon, California Club.

PIHRA: Information Security Awareness: The Cyber Tsunami!: Citadel’s Kimberly Pease will facilitate a discussion of (i) steps to take to protect a company’s information from hackers and cyber criminals; (ii)tips to protect yourselves as consumers; (iii) understanding who the criminals are and why you are a target; (iv) real stories and scary examples that could happen to you. September 20, 7:30 – 9:30, The City Club

SecureTheVillage: Financial Services Cybersecurity Roundtable: The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. September 22, 7:30 – 10:00, Grandpoint Bank

SecureTheVillage: San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable: The San Fernando Valley-East (Pasadena / Glendale) Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives, IT managers, and cybersecurity experts. The San Fernando Valley-East Roundtable is intended for both for-profit and nonprofit organizations. The Roundtable functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. September 28, 7:30 -10AM. Datastream, Glendale.

Glendale Tech Week: SecureTheVillage and Citadel President Stan Stahl will join Louie Sadd, Datastream Managing Partner and SecureTheVillage Leadership Council member, and other cybersecurity panelists. October 12, 10:00 – 11:00, Glendale Central Library.

SecureTheVillage: Cybersecure Los Angeles 2017 — Get Cyber Prepared: SecureTheVillage joins UCLA Extension for its first cybersecurity conference. Learn from leading information security professionals and law enforcement, including: information security providers, cyber-insurance, financial services, law, the FBI, LA County District Attorney’s Office, and more. Leave with SecureTheVillage’s Information Security Management and Leadership ResourceKit: A practical guide for implementing an information security management and leadership program in your organization. October 19, 9:00 – 2:00, UCLA Extension, Figueroa Courtyard

 The post Cybersecurity News of the Week, September 3, 2017 appeared first on Citadel Information Group.

Jeff Snyder's, SecuirtyRecruiter.comSecurity Recruiter Blog, 719.686.8810