CYBERSECURITY NEWS
FROM OUR FRIENDS AT CITADEL INFORMATION GROUP
Individuals at Risk
Cyber Privacy
Germany bans talking doll Cayla, citing security risk: A talking doll named Cayla has been banned by German authorities because the software inside her could be hacked, posing a security risk and allowing personal data to be revealed. Reuters, February 17, 2017
Cyber Warning — Financial Cyber Security
Reports that Chase customers at risk from cardless eATM fraud: Do you use Chase Bank’s eATM machines, the ones which operate using your smartphone as identification? There are reports gathering criminals may have figured out a way to circumvent security measures, and steal money from your account. While not widespread, the stories do involve large sums of money, and should serve as a reminder about the importance of good information security. Digital Trends, February 13, 2017
Cyber Defense
It’s Time for Users to Pony Up and Quit Reusing Passwords: Did you ever notice that no two Thoroughbred race horses are ever named alike? Did you ever wonder how they do that? And did you wonder if that uniqueness has anything to do with your responsibilities as a C-level executive? Security Intelligence, February 16, 2017
Cyber Update
Microsoft Cancels February 2017 Patch Tuesday: Microsoft established a fairly predictable schedule over the last decade of precisely when it issues the most important Windows updates. Known as Patch Tuesday, the second day of each month is when individuals and organization IT departments can usually plan to apply security and other updates to keep their Windows machines humming. … This time around, Microsoft is essentially cancelling Patch Tuesday completely. The company first delayed the update indefinitely, and now it’s official — the next Patch Tuesday update will arrive on March 14, 2017. Yahoo TECH, February 16, 2017
Information Security Management in the Organization
Information Security Management and Governance
The best cybersecurity advice from experts at RSA: Come to the RSA show, and you’ll find plenty of cybersecurity technology. The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more. PCWorld, February 17, 2017
Cybersecurity and Ransomware – It can get ugly when a hacker takes control of your smart building: Cyber risk affects businesses of every size and industry. A data breach can lead to negative publicity, loss of customer confidence and potential lawsuits. There can be a variety of unanticipated – and costly – business disruptions. Jeffer Mangels Butler & Mitchell, Cyber Security Lawyer Forum, February 8, 2017
Cyber Warning
Security Researchers demonstrate ease of hacking into conference phones to listen in:Criminals can gain a treasure trove of sensitive information by listening in to board meetings, suggest security researchers at Context Information Security, who have shown that some conference phone systems might be at risk from hackers. Information Security Buzz, February 17, 2017
Researchers at RSA demonstrate breach of divide between work, personal data on Android:SAN FRANCISCO–Researchers here at the RSA Conference demonstrated Thursday a way a hacker can bypass enterprise mobility management sandboxing tools known as Android for Work that are designed to segregate work and personal data on Android devices. ThreatPost, February 16, 2017
Phishing: Inside the New Attacks, incl DNC hack: Immediately after the 2016 U.S. presidential election, there was a phishing attack that impressed experts with its ingenuity. Markus Jakobbson of Agari discusses this and other recent attacks – and what we must learn from them. BankInfoSecurity, February 16, 2017
New ASLR-busting JavaScript is about to make drive-by exploits much nastier: For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities. As a result, exploits cause a simple crash rather than a potentially catastrophic system compromise. ars tehcnica, February 15, 2017
Cyber Defense
Gmail now blocks all JavaScript email attachments: As of earlier this week, anyone who tries to send a .js (JavaScript) file attachment via Gmail will be out of luck, as they’re now on Google’s list of restricted file types for attachments. Naked Security, February 17, 2017
RSA Tips for CISOs: From 10 Years Ago to Today: I’ve heard it said that experience is something you don’t get until just after you need it. That essentially defines most information security programs I’ve seen. Generally speaking, chief information security officers (CISOs) and security managers know what needs to be done. The outcome, however, is often not quite what they expected. Security Intelligence, February 17, 2017
Email Security from the Trenches: As former CIO of a large government agency, Charles Armstrong is painfully aware of email security issues. Now, as an independent consultant, he’s helping organizations defend against them. BankInfo Security, February 16, 2017
Cyber Law
$5.5 Million HIPAA Settlement for Florida Provider: Federal regulators have signed a $5.5 million HIPAA settlement with a Florida-based healthcare system for breaches related to unauthorized access to tens of thousands of patients’ information by employees that lasted for more than a year and that subsequently led to criminal charges. It’s the second largest such settlement to date. HealthCareInfo Security, February 17, 2017
Smart Television Manufacturer Settles by Paying $ 2.2 Million to the FTC and the State of New Jersey: The FTC and the State of New Jersey recently announced a settlement with Vizio, Inc., in the amount of $2.2 million for tracking consumer behavior using its smart television devices. Alston Bird, February 11, 2017
Cyber Security in Society
Cyber Crime
Yahoo announces additional breaches occurred as recently as 2016: Yahoo has sent out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo’s mail service that allowed an attacker—most likely a “state actor,” according to Yahoo—to use a forged “cookie” created by software stolen from within Yahoo’s internal systems to gain access to user accounts without a password. ars technica, February 15, 2017
Know Your Enemy
Google ranks Gmail malware targets: Here’s how your sector rates on malicious spam: Google’s breakdown of Gmail customers who receive the most spam reveals that the real-estate sector is the prime target of emails with malicious attachments or links. ZDNet, February 17, 2017
Was cybercriminal outed when he re-used same password on multiple accounts?: Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn and Myspace. KrebsOnSecurity, February 15, 2017
National Cyber Security
Hackers using ViperRAT Android malware to spy on Israeli soldiers Hackers are carrying out surveillance on members of the Israeli military by hacking into their Android phones in order to monitor activity and steal data – potentially including photos and audio recordings – according to security companies. ZDNet, February 17, 2017
Speakers at RSA Say Election-Tampering ‘a red line we should not allow anyone to cross’:As discussion about possible American collusion with Russian interference in the 2016 US presidential election heats up in Washington, the events have also been a hot topic here. RSA Conference speakers have not only tackled recent hacking events specifically, but discussed how they exacerbate the weaknesses of an already fragmented, lightly regulated voting system with highly irregular security practices. Dark Reading, February 17, 2017
Representative Chaffetz probes Trump admin handling of information security at Mar-a-Lago:Chaffetz asked the White House to provide details on security at a gathering the President’s Florida resort, and whether classified information was passed around a dinner table. UPI, February 14, 2017
Financial Cyber Security
Reworked N.Y. Cybersecurity Regulation Takes Effect in March: New York’s controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks. BankInfoSecurity, Febuary 17, 2017
Content Protection
HDR’s Potential as a Revolution for Content Protection: Piracy has long plagued the content industry, from camcorder-toting movie theater attendees to re-streaming and torrent networks. The Motion Picture Association of America estimates that piracy costs the global content industry a whopping $6.1 billion annually. MESA Alliance, February 15, 2017
Internet of Things
Researchers discover security problems under the hood of 9 Android automobile apps:In a presentation at this week’s RSA security conference in San Francisco, researchers from Kaspersky Labs revealed more bad news for the Internet of drivable things—connected cars. Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven Android apps for connected vehicles and found that the apps were ripe for malicious exploitation. Six of the applications had unencrypted user credentials, and all of them had little in the way of protection against reverse-engineering or the insertion of malware into apps. ars technica, February 17, 2017
Cyber Enforcement
FBI is ‘moving towards’ predictive cybercrime-fighting tools, assistant director says:The FBI’s cybercrime unit is developing predictive policing capabilities, Assistant Director Scott Smith said during a panel discussion at the 2017 RSA conference. February 16, 2017
Cyber Talent
Closing The Cybersecurity Skills Gap With STEM: As a nation, we should be doing more to promote educational programs that prepare today’s students for tomorrow’s jobs. DarkReading, February 17, 2017
Cyber Sunshine
Feds indict 8 in ‘Massive’ identity theft ring targeting 1 in 20 Utahns: SALT LAKE CITY — What started as a midsize marijuana bust turned into a year-and-a-half-long investigation that resulted in eight federal indictments and the dismantling of a “massive” identity theft ring, authorities said Friday. Desert News Utah, February 17, 2017
Man Jailed For Hacking Ex-Employer’s Operations: Louisiana resident Brian Johnson was sentenced to 34 months in prison and ordered to pay more than $1.1 million in damages. Dark Reading, February 17, 2017
Men Who Sent Swat Team, Heroin to Brian Krebs’ Home Sentenced: It’s been a remarkable week for cyber justice. On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation. KrebsOnSecurity, February 17, 2017
The post Cyber Security News of the Week, February 19, 2017appeared first on Citadel Information Group.
Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder Coaching, Security Recruiter Blog, 719.686.8810
This post first appeared on SecurityRecruiter.com's Security Recruiter, please read the originial post: here