SECURETHEVILLAGE FIRST ANNUAL GOLF TOURNAMENT
The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. Sponsorships still available.
Individuals at Risk
Cyber Privacy
Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos: The attacker who pleaded guilty to 4 federal felonies seems to have relied on social engineering to hoodwink his victims. ars technica, August 25, 2021
Browser settings to change ASAP if you care about privacy: Chrome, Firefox and more: Five minutes gives you better internet privacy. Make these browser adjustments now. Cnet, August 28, 2021
Cyber Fraud
Feds warn of alarming rise in reports of fake vaccine cards sold and used: A burgeoning online market for counterfeit COVID-19 vaccination cards is setting off alarm bells for federal health officials, who warn that the demand for fake proof of immunity is on the rise. ABC, August 27, 2021
Cyber Exposure
Microsoft Azure vulnerability exposed thousands of cloud databases: Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years. CyberScoop, August 27, 2021
Microsoft Power Apps misconfiguration exposes millions of records: The caches of data that were publicly accessible included names, email addresses and social security numbers. WeLiveSecurity, August 24, 2021
Cyber Humor
Information Security Management for the Organization
Cybersecurity in the C-Suite & Board
Clear and present danger: Why business leaders must prioritize cybersecurity: As U.S. office workers and employers weigh the pros and cons of returning to co-located workspaces, tough trade-offs emerge. Many people have grown so comfortable with remote work and now expect greater flexibility on flexible working from their employers, and some would rather quit than set foot in an office ever again. In this context, employers who insist that their workers return to the office are often portrayed as controlling retrogrades clinging to top-down management methods. What gets obscured by these arguments are the perfectly valid concerns certain employers have about keeping people close — and not least among them is cybersecurity. VentureBeat, August 26, 2021
Information Security Management
Top Strategies That Define the Success of a Modern Vulnerability Management Program: Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks. ThreatPost, August 27, 2021
Privacy Management
One Big Thing – Data Minimization: Complying with the ever-increasing number of privacy laws is a daunting task. In addition to comprehensive state laws, like California’s Consumer Privacy Act (CCPA), Virginia’s Consumer Data Protection Act and the Colorado Privacy Act, there are a multitude of targeted laws on the federal and state level. Other laws to consider include the EU’s General Data Protection Regulation (and corresponding laws in the United Kingdom, Switzerland and a host of other countries); industry specific laws, like the Health Insurance Portability and Protection Act and the Gramm-Leach-Bliley Act; privacy and security standards issued by governmental and industry authorities; and the ever-present risk of individual and class actions that follow a data breach. And the landscape is in constant flux. Cybersecurity Lawyer Forum, August 27, 2021
Cyber Warning
FBI Warns of OnePercent Group Ransomware Attacks: The Federal Bureau of Investigation (FBI) has identified a cybercriminal group that calls itself the “OnePercent Group,” and has carried out ransomware attacks against U.S. companies since November 2020 utilizing double-extortion tactics, according to an FBI flash report released on August 23. MeriTalk, August 27, 2021
FBI Warns Businesses of New Hive Ransomware: The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. InfoSecurity Magazine, August 27, 2021
Cyber Talent
Young People Are the Key to Decreasing the Skills Gap: It’s time to look at the industry skills gap differently. More and more digital native young people could potentially be coming into the industry with the right skills, but several elements block their progress. Professionals already in place need to smooth the road for them. That might involve changing some assumptions about hiring, but in the end, it could be the solution to the skills gap problem. SecurityIntelligence, August 27, 2021
Cyber Insurance
Cyber-Insurance Market Looks To Keep Up as Cyber Risks Grow, Evolve: The cyber threat continues to evolve and, with it, the cyber-insurance market. As cyber insurers attempt to keep pace with the growing exposure, premiums are increasing, and aspects of underwriters’ focus are changing. Captive.com, August 25, 2021
Cyber prices soar 25.5% in Q2: CIAB: Commercial insurance prices moderated across all account sizes with an average increase of 8.3%, but cyber saw a premium hike of 25.5%, according to The Council of Insurance Agents & Brokers’ second-quarter Commercial P/C Market Survey released Tuesday. Business Insurance, August 24, 2021
Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up: It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. CyberScoop, August 23, 2021
Cybersecurity in Society
Cyber Crime
BPL hit by cyber attack, shutting down most of its computer network: Staffers at Boston Public Library branches are using pen and paper to check out books in the wake of a cybersecurity attack that has largely shut down the BPL’s computer network, the agency said Friday. BostonGlobe, August 27, 2021
T-Mobile Says Hacker Used Specialized Tools, Brute Force: Wireless company hires Mandiant, KPMG to improve defenses. Bloomberg, August 27, 2021
Cyber Surveillance
A new wave of Hacktivists is turning the surveillance state against itself: Images and videos from oppressive regimes’ surveillance systems are being leaked in a new surge of suspected hacktivism that uses states’ own panopticons against them. TheRecord, August 27, 2021
What To Know About The Spying Scandal Linked To Israeli Tech Firm NSO: JERUSALEM — Israel takes enormous pride in its high-tech industry. But one of its star cybersecurity companies, NSO Group, is at the center of an international spying scandal that has concerned U.S. officials, and the Israeli government plays a role. NPR, August 25, 2021
Know Your Enemy
Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor: The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal. ThreatPost, August 27, 2021
Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship: The state security ministry is recruiting from a vast pool of private-sector hackers who often have their own agendas and sometimes use their access for commercial cybercrime, experts say. The New York Times, August 26, 2021
Ransomware: These four rising gangs could be your next major cybersecurity threat: Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses. ZDNet, August 25, 2021
National Cybersecurity
White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead: The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. CyberScoop, August 26, 2021
New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them: U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. CyberScoop, August 25, 2021
FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity: Today, President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats. Recent high-profile cybersecurity incidents demonstrate that both U.S. public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled. The White House, August 25, 2021
What cybersecurity leaders say they need from the federal government: The ongoing spate of ransomware attacks that have taken place over the past year underscores the need for better cooperation and information sharing between the federal government and private sector companies, cybersecurity experts say. CNBC, August 25, 2021
Could Cyberwar Make the World Safer?: The battles in a global cyberwar are visible only through periodic glances in the rearview mirror: Indra, Colonial Pipeline, SolarWinds, WannaCry. The New York Times, August 22, 2021
Cyber Defense
Ron Gula wants to make cybersecurity personal. Enter: data care: The former Tenable CEO and investor thinks changing the industry’s name can help raise awareness, and make it more welcoming. It has implications for personal responsibility, and the workforce. Technically, August 24, 2021
Cyber Lawsuit
Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents: In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware to siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily. KrebsOnSecurity, August 25, 2021
