Cybersecurity News of the Week, April 14, 2019

Need To Talk With An Investigator?

text pihelp to 797979

Sunday, April 14, 2019

Individuals at Risk

Cyber Privacy

Amazon Workers Are Listening to What You Tell Alexa. A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands: Tens of millions of people use smart speakers and their voice software to play games, find music or trawl for trivia. Millions more are reluctant to invite the devices and their powerful microphones into their homes out of concern that someone might be listening. Bloomberg, April 10, 2019

How to stop robocalls spamming your phone: No matter what your politics, beliefs, or even your sports team, we can all agree on one thing: robocalls are the scourge of modern times. Techcrunch, April 10, 2019

Cyber Danger

Cybercrime market selling full digital fingerprints of over 60,000 users: Genesis service is selling users’ personal data, complete with digital fingerprints, such as account credentials, cookies, browser user-agent details, and more. ZDNe, April 9, 2019

Cyber Update

Patch Tuesday Lowdown, April 2019 Edition: Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. KrebsOnSecurity, April 9, 2019

Verizon has issued a firmware update to patch three flaws in routers that the company supplies to new customers of its Fios service: One of the flaws gives attackers way to gain root access to devices, Tenable says. Dark Reading, April 9, 2019

Cyber Defense

Cybersecurity Experts: Securing #IoT Devices on IoT Day: Today is IoT Day! On this day, we celebrate the power and potential of Internet of Things (IoT) devices to revolutionize our business processes. Research giant Gartner predicts IoT devices shall number over 20 billion globally by next year. Solutions Review, April 9, 2019

Cyber Warning

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns: It’s tax season in the U.S., which means one thing for cybercriminals: opportunity. While the deadline for filing is April 15, tax season stretches on for months beforehand, starting from the time businesses prepare employee payroll information such as W-2 forms. This gives cybercriminals plenty of time to launch campaigns in the hopes of ensnaring individuals and businesses in their various tax fraud, financial fraud and identity theft schemes. SecurityIntelligence April 8, 2019

Cyber Humor

Information Security Management in the Organization

Cybersecurity in the C-Suite

Six Information Security Management Questions for the Chief Executive: What data or information do you have that—if stolen, changed, destroyed, or otherwise compromised—would negatively impact your bottom-line, your competitive position, or put you in legal jeopardy? Executive Guide, Citadel Information Group, April 9, 2019

Information Security Management and Governance

Forget Russia, China And Iran, Up To 80% Of Cybersecurity Threats Are Closer To Home: According to reports this week, the theft of more than $15 million from UniCredit in China came to light late last year, when cybersecurity loopholes were exploited to access clients’ money. “UniCredit regrets this incident and apologizes to those affected,” said a spokesperson. “The safety and security of our clients’ assets is our primary concern and all efforts have been made to ensure that a similar malicious incident cannot reoccur.” Forbes, April 11, 2019

Are The New York Cybersecurity Regulations The U.S. Equivalent Of GDPR? … Not quite; but legal operations folks need to pay attention, particularly with respect to third-parties: Two years ago, New York’s Department of Financial Services (DFS), which regulates companies in the financial services industry, promulgated regulations in an effort to establish minimum cybersecurity requirements for companies that do business in New York (see 23 NYCRR 500 or click here). AboveTheLaw, April 9, 2019

5 Cybersecurity Myths Banks — and other organizations — Should Stop Believing: In his 2019 letter to shareholders, JPMorgan Chase’s CEO Jamie Dimon wrote: The threat of cyber security may very well be the biggest threat to the U.S. financial system.” This isn’t news to bankers. In Cornerstone Advisors’ annual What’s Going On in Banking study, cybersecurity has been a top concern of C-level bank and credit union execs for the past few years. Forbes, April 8, 2019

Security Think Tank: Incident response vital to guard against catastrophic cyber attack: When it comes to cyber attacks, enterprises have traditionally focused security controls around prevention. Naturally, prevention is the first objective, but recognising that 100% prevention is impossible, security controls in the detection and response groups are receiving increasing consideration. ComputerWeekly, April 8,

Legal and IT Departments Team Up for CCPA, GDPR Privacy Procedures. New survey shows many companies aren’t fully confident in their GDPR & CCPA readiness: Data privacy laws are changing fast, and legal departments can’t bring companies up to speed alone. Corporate Counsel, April 4, 2019

Cyber Talent

Stop Looking for the Purple Squirrel: What’s Wrong With Today’s Cybersecurity Hiring Practices: It is entirely possible, even probable, that the cybersecurity skills gap is, at least partly, something of our own making: our fixation with purple squirrels. Most employers want them and spend weeks, months—even years—looking for purple squirrels to fill critical cybersecurity roles. The problem with this approach is, of course, that they do not exist. And, while organizations are searching for purple squirrels, they are passing over the red, gray, tree or flying squirrels, many of which are not only more common—expanding the sea of candidates—but might be exactly the right squirrel for the job. ISACA, 2019

Cybersecurity in Society

Cyber Privacy

THE PRIVACY PROJECT. How Capitalism Betrayed Privacy. The forces of wealth creation once fostered the right to be left alone. But that has changed: For much of human history, what we now call “privacy” was better known as being rich. Privacy, like wealth, was something that most people had little or none of. Farmers, slaves and serfs resided in simple dwellings, usually with other people, sometimes even sharing space with animals. They had no expectation that a meaningful part of their lives would be unwatchable or otherwise off limits to others. That would have required homes with private rooms. And only rich people had those. The New York Times, April 10, 2019

The Privacy Project: The New York Times is launching an ongoing examination of privacy: The New York Times is launching an ongoing investigation into privacy. The New York Times, April 10, 2019

Know Your Enemy

TajMahal cyber-espionage campaign uses previously unseen malicious tools. Malware’s new techniques include stealing documents sent to print, stealing files burned to a CD, and more – and it isn’t linked to any known threat actor: A newly discovered form of malware deployed as part of a highly stealthy cyber-espionage campaign comes with several new malicious functionalities. It appears to be the work of a completely new operation, with no known links to any known threat actors or hacking groups. ZDNet, April 10, 2019

US government publishes details on North Korea’s HOPLIGHT malware: The US government has put out a security alert today about a new malware strain used by North Korean hackers, which the US government has named HOPLIGHT. ZDNet, April 10, 2019

Cybercrime groups raise the bar for security teams by borrowing APT techniques: For the past several years, an increasing number of cyberecrime groups have adopted techniques and procedures traditionally used by state-sponsored actors. This trend has caught many organizations unprepared, especially small and medium-sized businesses whose defenses are generally focused on regular malware. CSO, April 10, 2019

A Year Later, Cybercrime Groups Still Rampant on Facebook: Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members. KrebsOnSecurity, April 8, 2019

Report: FIN6 Shifts From Payment Card Theft to Ransomware. FireEye Finds Cybercrime Group Is Adding LockerGoga, Ryuk Ransomware to Its Arsenal: FIN6, a cybercrime group that has focused on attacking point-of-sale devices to steal credit card numbers, now also is waging ransomware attacks that target businesses with either LockerGoga or Ryuk, according to a new analysis from security firm FireEye. BankInfoSecurity, April 8, 2019

National Cybersecurity

Bill would create cybersecurity grant program for state and local governments: U.S. Sens. Mark Warner and Cory Gardner introduced legislation Monday that would authorize the Department of Homeland Security to give state and local governments grants to purchase additional cybersecurity resources and hire more information-security personnel. StateScoop, April 9, 2019

Cyber Talent

18 California Cyber Teams Heading to CyberPatriot National Competition: Once again, this year, California’s cyber athletes will be well represented at the annual CyberPatriot XI National Finals later this spring. California Cyberhub, February 26, 2019

Cyber Fraud

Berkeley High student tried to rig his own election, exposing flaw in district’s cybersecurity: Large-scale voting fraud in a Berkeley High student government election has gotten two candidates disqualified and revealed a vulnerability in the district’s technology system. Berkleyside, April 9, 2019

Content Security

MPAA: Misapplication of GDPR Abets Copyright Violation. Says FTC needs reasonable and timely access to domain name owner data: Movie studios say that misapplication of the European Union’s General Data Protection Regulation (GDPR) is making it harder to identify and stop online video and film pirates, as well as to protect consumers, public safety and cybersecurity. BC, April 8, 2019

Cyber Lawsuit

Yahoo tries to settle 3-billion-account data breach with $118 million payout. Verizon-owned Yahoo boosted offer after judge rejected first settlement: Yahoo and plaintiffs, in a case over a data breach affecting three billion user accounts, have agreed to a settlement that would require Yahoo to pay $117.5 million. ars techncia, April 10, 2019

Critical Infrastructure

Mysterious safety-tampering malware infects a second critical infrastructure site: Use of game-changing Triton malware to target safety systems isn’t an isolated incident. ars technica, April 10, 2019

Report: PG&E sanctioned for physical and cybersecurity-related violations: Pacific Gas & Electric, DTE Energy and City Utilities of Springfield, Missouri, have been sanctioned for violating critical infrastructure protection rules designed to protect the country’s electric system from cyber and physical attacks, the Wall Street Journal reported, citing newly release documents. Utility Dive, April 8, 2019

Cyber Enforcement

Julian Assange Charged by U.S. With Conspiracy to Hack a Government Computer: WASHINGTON — The United States has charged WikiLeaks founder Julian Assange of conspiring to hack a computer as part of the 2010 release of reams of secret American documents, according to an indictment unsealed Thursday, putting him just one flight away from being in American custody after years of seclusion in the Ecuadorean embassy in London. The New York Times, April 11, 2019

UK Man Gets Six-Year Sentence for Global Ransomware Scheme. Victims Infected When They Clicked on Ads: A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.’s National Crime Agency announced Tuesday. BankInfoSecurity, April 9, 2019


World Economic Forum Releases Report About Blockchain Cybersecurity: The World Economic Forum (WEF) released a report about blockchain cybersecurity on April 5. CoinTelegraph, April 8, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage May Webinar
CCPA, Part 2: Data Privacy Management
May 2 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage June Webinar
CCPA, Part 3: Minimum Reasonable Security Practices
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am


The post Cybersecurity News of the Week, April 14, 2019 appeared first on Citadel Information Group.

Source: Cyber Security News