Cybersecurity News of the Week, August 16, 2020

SecureTheVillage Calendar

Financial Services Cybersecurity Roundtable with Keith R. Forrester. August 21 @ 8:00 am – 10:00 am PDT

CyberFreedomWebinar: Taming The Tiger: How to Detect, Deter, & Defeat Disinformation with Marc Ambinder. September 8 @ 10:00 am – 11:00 am PDT

Information Security Management Webinar: The Great Reboot: Succeeding in a World of Catastrophic Risk and Opportunity with Bob Zukis & Others. September 10 @ 10:00 am – 11:00 am PDT

Insurance Brokers Cybersecurity Roundtable: Cybersecurity Essentials for Small & Medium Businesses with Deron T. McElroy, CISA. September 15 @ 2:00 pm – 3:00 pm PDT

Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST

Individuals at Risk

Cyber Privacy

Hacker leaks data for U.S. gun exchange site on cybercrime forum: A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. BleepingComputer, August 13, 2020

TikTok users ‘voluntarily’ giving their data to China, Justice official says: U.S. officials have repeatedly expressed concern that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment (allegations Beijing denies). cyber scoop, August 12, 2020

Identity Theft

Why & Where You Should You Plant Your Flag: Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. KrebsOnSecurity, August 12, 2020

Cyber Update

Microsoft Patch Tuesday, August 2020 Edition: Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! KrebsOnSecurity, August 11, 2020

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

How Executive Leaders Should Confront Ransomware: Recent high-profile ransomware attacks have seen victims succumb to the demands of attackers and pay the ransom. Any executive can sympathize with the urge to recover sensitive company data, and can probably understand the impulse to simply fold, hand over the ransom, and move on. CEO World, August 12, 2020

Information Security Management

What Is the Real Cost of a Data Breach? New Report Indicates It’s About $4 Million to $9 Million for SMEs: There is a growing understanding across all types of organizations that the cost of data breaches often far exceeds the cost of preventive measures. However, there is still some fuzziness as to exactly what the total bill will be given various long-term effects that are hard to quantify. CPO, August 14, 2020

You weren’t hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It’s far simpler than that … Three little words: Patches, passwords, policies: The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks. The Register, August 13, 2020

More attackers trying to sabotage incident response tactics: The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. SC Magazine, August 7, 2020

Privacy Management

PrivacyOps: Reimagining Privacy Compliance: Following several high profile incidents highlighting the harm that can be done when personal information is mishandled or abused, there is now a growing awareness that privacy is a basic human right. A wave of new privacy regulations such as the European Union’s GDPR, California’s CCPA, Brazil’s LGPD, and more aim to give consumers greater control of their personal information held by companies. CPO, August 13, 2020

Cybersecurity in Society

Cyber Privacy

DOJ Official Spells Out Concerns About TikTok, WeChat: Assistant Attorney General Says China Could Use Data Gathered for Intelligence Purposes. BankInfoSecurity, August 14, 2020

Oracle and Salesforce hit with GDPR class action lawsuits over cookie tracking consent: The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands. Techcrunch, August 14, 2020

New Ponemon Institute Report Indicates Major Consumer Privacy Gap … Most Consumers Feel They Have Little Control Over Personal Information, Want Government Regulation: A new study from the Ponemon Institute indicates that people are increasingly aware of online consumer privacy issues, but also overwhelmingly feel that they do not have the tools to protect themselves and are looking to government to intervene. CPO, August 13, 2020

Cyber Crime

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen: Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Bleeping Computer, August 15, 2020

Maze delivers on threat to publish data stolen from Canon: Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. SC Media, August 14, 2020

Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered Systems Useless: It is believed that Garmin paid the $10 million ransom. Cyber Security Hub, August 14 ,2020

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack: R1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. KrebsOnSecurity, August 14, 2020

National Cybersecurity

$28 Billion for State Security, IT Upgrades Proposed: Legislation Based on Cyberspace Solarium Commission’s Recommendations. BankInfoSecurity, August 14, 2020

Cyber Freedom

Facebook, Twitter and Google failed to protect the 2016 election. Now they want to prove they’ve learned their lesson: (CNN)For the past four years, tech giants including Facebook (FB), Google (GOOGL) and Twitter (TWTR) have invested massively in beefing up their election security efforts — creating new rules for political advertisers, hiring thousands of content moderators and building ties with law enforcement. The aim has been to avoid a repeat of the 2016 campaign, which was marred by foreign meddling and highlighted how woefully unprepared social media companies were for an attack on US democracy leveraging their platforms. CNN, August 14, 2020

Ransomware Feared as Possible Saboteur for November Election: WASHINGTON — Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal. The New York Times, August 2, 2020

Annual election security tabletop drill put officials through ‘Armageddon-like’ test: The Department of Homeland Security this week held its third annual tabletop exercise for state and local election officials, simulating how some of the worst-case scenarios, including potential cyberattacks, physical attempts to disrupt the voting process and civil unrest would play out. statescoop, July 31, 2020

MAIL-IN VOTING IN 2020 INFRASTRUCTURE RISK ASSESSMENT: Each method of voting carries risks that election officials must manage. This risk assessment is designed to assess the risks to the mail-in-voting election systems, processes, and infrastructure to inform states, localities, and industry. i This risk assessment only examines the specific risks to the election infrastructure and operations that are associated with mail-in voting. CISA, July 28, 2020

2020 Voter Registration Data Base (VRDB) Security Report: During the last presidential election year, foreign adversaries waged disinformation campaigns and, in a small number of cases, infiltrated voter registration databases (VRDBs). Now, there are a growing number of reports raising the specter of another presidential election that will be conducted under the shadow of extensive foreign interference campaigns. In 2016, the Russian government was the predominant adversary seeking to interfere with U.S. elections. This year, China and Iran have joined Russia as potential threats to the integrity of our nation’s elections. We can—and should—expect attacks on election infrastructure and other attempts to undermine voter confidence. Fortunately, election officials have continued to work tirelessly over the last few years, meaning this year’s election will be the most secure election in recent history. The Center for Election Innovation & Research, 2020

Cyber Warning

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails: The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. US Cert, August 12, 2020

Cyber Disinformation

Chinese accounts blast Trump, with help from AI-generated pictures: Chinese social media accounts are not happy with President Donald Trump. cyber scoop, August 13, 2020

Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine: A verified Twitter account impersonating a top World Health Organization official recently alleged that the Trump administration was going to test a coronavirus vaccine on Black Americans without their knowledge or informed consent. cyberscoop, August 12, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge