SecureTheVillage Calendar
Technology & Security Management HappyHour: LA Cyber Lab with Policy Director for Cybersecurity Chris Covino. August 25 @ 4:30 pm – 5:30 pm PDT
CyberFreedomWebinar: Taming The Tiger: How to Detect, Deter, & Defeat Disinformation with Marc Ambinder. September 8 @ 10:00 am – 11:00 am PDT
Information Security Management Webinar: The Great Reboot: Succeeding in a World of Catastrophic Risk and Opportunity with Bob Zukis & Others. September 10 @ 10:00 am – 11:00 am PDT
Insurance Brokers Cybersecurity Roundtable: Cybersecurity Essentials for Small & Medium Businesses with Deron T. McElroy, CISA. September 15 @ 2:00 pm – 3:00 pm PDT
Financial Services Cybersecurity Roundtable: Top Cybersecurity Threats of 2020 with Sherri Davidoff of LMG Security. September 25 @ 8:00 am – 10:00 am PDT
Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST
Individuals at Risk
Cyber Warning
Over a Billion Android Phones Turned Into Perfect Spying Tools by Security Flaws: Over a billion smartphones are affected by a set of 400 security flaws, turning them into perfect spying tools, Check Point has revealed. The recently discovered vulnerability affects over 40% of Android phones around the world — 90% of them are currently in the US market. CPO, August 20, 2020
Cyber Defense
10 cybersecurity myths you need to stop believing: On the Dark Web, you can purchase cybercrime “how-to kits” that gather lists of breached names, account numbers, passwords, and even telephone support lines for the victims to call. It’s not difficult to get on the Dark Web. Tap or click here for my short guide that tells you how to access the Dark Web. USA Today, August 20, 2020
Cyber Humor
Information Security Management for the Organization
Information Security Management
When Your Heartbeat Becomes Data: Benefits and Risk of Biometrics: Knowing who your users are today is more important than ever. This explains, in part, why integrating biometric usage into identity and access management (IAM) appears appealing. Throw in some artificial intelligence (AI) to help manage all these data points, and the future of biometrics looks pretty wild. SecurityIntelligence, August 21, 2020
The Blackbaud Breach – Focus on Vendors: In July of this year, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of administration, fundraising, and financial management software, notified its clients that it had discovered and stopped a ransomware attack. Robert Braun, JMBM Cybersecurity Lawyer Forum, August 21, 2020
Digital Transformation: Breaking Down Silos for Better Data Security: Today, enterprises are under pressure to improve the power and reduce the cost of running mission-critical business applications by migrating to modern software architectures. By breaking down the silos between adjacent teams and the tools they use, security teams can do this at the same time as they take steps toward zero trust and true security unification. SecurityIntelligence, August 20, 2020
Vendor security in the cross-hairs as Instacart discloses security incident caused by two contractors … Instacart says two employees at a third-party support vendor accessed “more shopper profiles than was necessary.”: Grocery delivery and pick-up service Instacart disclosed a security incident caused by two employees working for a company providing tech support services for Instacart shoppers. ZDNet, August 20, 2020
How the shift to remote working has impacted cybersecurity … Cybercriminals have adapted by exploiting improperly secured VPNs, cloud-based services, and business email, says Malwarebytes: Triggered by the coronavirus lockdown, the abrupt transition to a work from home (WFH) venue forced organizations to scramble to support a larger remote workforce. Such a quick shift means that certain security measures and requirements inevitably fell by the wayside. At the same time, cybercriminals found a new opportunity for attack with remote workers and improperly secured connections and technologies. Together, these trends have created a more vulnerable environment affecting the cybersecurity defenses of many organizations. TechRepublic, August 20, 2020
How to think about cybersecurity in the era of COVID-19: Cyber incidents are consistently ranked at the top of business concerns, and it’s easy to see why: According to one estimate, the global cost of cybercrime will rise to $6 trillion a year by the end of 2021. MIT, August 20, 2020
Cybersecurity in the C-Suite & Board
Former Uber Security Chief Charged With Concealing Hack: Joe Sullivan, who led Uber’s security team through the company’s most tumultuous period, was fired by the company’s newly installed chief executive in 2017. New York Times, August 20, 2020
Cyber Warning
FBI, CISA Echo Warnings on ‘Vishing’ Threat: The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. KrebsOnSecurity, August 21, 2020
Voice Phishers Targeting Corporate VPNs: The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. KrebsOnSecurity, August 19, 2020
Cyber Talent
The cybersecurity skills shortage is getting worse: New research from ESG and ISSA illustrates a lack of advancement in bridging the cybersecurity skill shortage gap. CSO, August 21, 2020
Your Newest Cybersecurity Professional Is Already in Your Company: The cybersecurity talent gap is real. The 2019/2020 Official Annual Cybersecurity Jobs Report predicts that there will be 3.5 million security jobs left unfilled globally by 2021. The cybersecurity profession hit a 0% unemployment rate and the pay is good. So, why are security leaders struggling to fill positions? It could be because they are looking for the perfect candidate that doesn’t exist. Meanwhile, their newest security team member may already be working in their company. SecurityIntelligence, August 20, 2020
Cybersecurity in Society
Cyber Privacy
Consumer Privacy Concerns Vary With Location, Social Circumstances; Expectations of Privacy Do Not Necessarily Mirror Offline Models: A new study of privacy concerns from the University of Notre Dame upends the notion that traditional “reasonable expectation of privacy” models also apply to digital tracking and data collection. Respondents had nuanced views of how location data collection and data privacy should work in public spaces, views that run counter to traditional notions that privacy is very limited when in a public area. CPO, August 21, 2020
Cyber Crime
Ransomware Attacks on Travel Companies Spread, Sparking Complacency Fears: A spate of ransomware attacks on travel companies worries some security professionals, who believe the criminals are upping their games. Some criminal groups may be plowing part of the payouts they get from shakedowns into launching more sophisticated attacks. Skift, August 21, 2020
University of Utah pays $457,000 to ransomware gang … University officials restored from backups, but they had to pay the ransomware gang to prevent them from leaking student data: The University of Utah revealed today that it paid a ransomware gang $457,059 in order to avoid having hackers leak student information online. ZDNet, August 21, 2020
Ransomware Payday: Average Payments Jump to $178,000: Ransomware gangs continue to see bigger payoffs from their ransom-paying victims. BankInfoSecurity, August 20, 2020
Did Jack Daniels Thwart a Ransomware Attack or Not?: Jack Daniels says it successfully fended off the attack, but the REvil ransomware gang has put stolen data up for auction on the darknet. CoinTelegraph, August 20, 2020
Ransomware Attack on Carnival May Have Been Its Second Compromise This Year: Security vendor Prevailion says it observed signs of malicious activity on the cruise operator’s network between at least February and June. DarkReading, August 18, 2020
Cyber Defense
SEC issues proposals to bolster CAT cybersecurity … The SEC proposed amendments to the national market system plan governing the comprehensive database, in an effort to boost data security: In an effort to improve data security related to the consolidated audit trail, the SEC on Friday proposed amendments to the national market system plan governing the comprehensive database. Pensions&Investments, August 22, 2020
Google fixes major Gmail bug seven hours after exploit details go public … Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer: Google has patched on Wednesday a major security bug impacting the Gmail and G Suite email servers. August, 20, 2020
Microsoft Put Off Fixing Zero Day for 2 Years: A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. KrensOnSecurity, August 17, 2020
Know the Enemy
Honor Among Thieves: Dark Web Marketplaces Rise and Fall on Unspoken Digital “Pirate’s Code”: Even as they deal in stolen credit card numbers and illegal drugs, the patrons of dark web marketplaces expect these underground retail outlets to abide by certain general terms of fair play. New research from threat intelligence firm Digital Shadows indicates that these markets endure based largely on perceptions of honest dealing that are comparable to the standards expected from legitimate retail sites. CPO, August 20, 2020
Cyber Danger
NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory: The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a new Cybersecurity Advisory about previously undisclosed Russian malware. NSA, August 13, 2020
Cyber Freedom
74 Days From the Presidential Election, Security Worries Mount: With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election. DarkReading, August 21, 2020
Election Security: A Progress Report From CISA’s Krebs … Sizing Up Efforts at the State and Local Level to Enhance Protections: State and local governments are better equipped to ensure election security than they were four years ago, says Christopher Krebs, director of the Cybersecurity Infrastructure and Security Agency, who calls on election officials to serve as “risk managers.” BankInfoSecurity, August 18, 2020
Senate Final Report on 2016 Russian Election Hacking Details … Russian President Vladimir Putin ordered hack of Democratic National Committee’s computer networks to hurt Clinton, help Trump, and undermine the election process: The Senate Intelligence Committee Tuesday released its fifth and final report on Russia’s attempts to influence the 2016 election, providing more details on how Russian hackers resided on Democratic National Committee servers for months and citing shortcomings in the FBI’s investigation. GovInfoSecurity, August 18, 2018
US Intelligence Adds More Details on Election Interference: Russia, China, Iran Look to Influence 2020 Presidential Election. GovInfoSecurity, August 8, 2020
