Cybersecurity News of the Week, August 29, 2021


The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. Sponsorships still available.

Individuals at Risk

Cyber Privacy

Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos: The attacker who pleaded guilty to 4 federal felonies seems to have relied on social engineering to hoodwink his victims. ars technica, August 25, 2021

Browser settings to change ASAP if you care about privacy: Chrome, Firefox and more: Five minutes gives you better internet privacy. Make these browser adjustments now. Cnet, August 28, 2021

Cyber Fraud

Feds warn of alarming rise in reports of fake vaccine cards sold and used: A burgeoning online market for counterfeit COVID-19 vaccination cards is setting off alarm bells for federal health officials, who warn that the demand for fake proof of immunity is on the rise. ABC, August 27, 2021

Cyber Exposure

Microsoft Azure vulnerability exposed thousands of cloud databases: Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years. CyberScoop, August 27, 2021

Microsoft Power Apps misconfiguration exposes millions of records: The caches of data that were publicly accessible included names, email addresses and social security numbers. WeLiveSecurity, August 24, 2021

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

Clear and present danger: Why business leaders must prioritize cybersecurity: As U.S. office workers and employers weigh the pros and cons of returning to co-located workspaces, tough trade-offs emerge. Many people have grown so comfortable with remote work and now expect greater flexibility on flexible working from their employers, and some would rather quit than set foot in an office ever again. In this context, employers who insist that their workers return to the office are often portrayed as controlling retrogrades clinging to top-down management methods. What gets obscured by these arguments are the perfectly valid concerns certain employers have about keeping people close — and not least among them is cybersecurity. VentureBeat, August 26, 2021

Information Security Management

Top Strategies That Define the Success of a Modern Vulnerability Management Program: Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks. ThreatPost, August 27, 2021

Privacy Management

One Big Thing – Data Minimization: Complying with the ever-increasing number of privacy laws is a daunting task. In addition to comprehensive state laws, like California’s Consumer Privacy Act (CCPA), Virginia’s Consumer Data Protection Act and the Colorado Privacy Act, there are a multitude of targeted laws on the federal and state level. Other laws to consider include the EU’s General Data Protection Regulation (and corresponding laws in the United Kingdom, Switzerland and a host of other countries); industry specific laws, like the Health Insurance Portability and Protection Act and the Gramm-Leach-Bliley Act; privacy and security standards issued by governmental and industry authorities; and the ever-present risk of individual and class actions that follow a data breach. And the landscape is in constant flux. Cybersecurity Lawyer Forum, August 27, 2021

Cyber Warning

FBI Warns of OnePercent Group Ransomware Attacks: The Federal Bureau of Investigation (FBI) has identified a cybercriminal group that calls itself the “OnePercent Group,” and has carried out ransomware attacks against U.S. companies since November 2020 utilizing double-extortion tactics, according to an FBI flash report released on August 23. MeriTalk, August 27, 2021

FBI Warns Businesses of New Hive Ransomware: The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. InfoSecurity Magazine, August 27, 2021

Cyber Talent

Young People Are the Key to Decreasing the Skills Gap: It’s time to look at the industry skills gap differently. More and more digital native young people could potentially be coming into the industry with the right skills, but several elements block their progress. Professionals already in place need to smooth the road for them. That might involve changing some assumptions about hiring, but in the end, it could be the solution to the skills gap problem. SecurityIntelligence, August 27, 2021

Cyber Insurance

Cyber-Insurance Market Looks To Keep Up as Cyber Risks Grow, Evolve: The cyber threat continues to evolve and, with it, the cyber-insurance market. As cyber insurers attempt to keep pace with the growing exposure, premiums are increasing, and aspects of underwriters’ focus are changing., August 25, 2021

Cyber prices soar 25.5% in Q2: CIAB: Commercial insurance prices moderated across all account sizes with an average increase of 8.3%, but cyber saw a premium hike of 25.5%, according to The Council of Insurance Agents & Brokers’ second-quarter Commercial P/C Market Survey released Tuesday. Business Insurance, August 24, 2021

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up: It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. CyberScoop, August 23, 2021

Cybersecurity in Society

Cyber Crime

BPL hit by cyber attack, shutting down most of its computer network: Staffers at Boston Public Library branches are using pen and paper to check out books in the wake of a cybersecurity attack that has largely shut down the BPL’s computer network, the agency said Friday. BostonGlobe, August 27, 2021

T-Mobile Says Hacker Used Specialized Tools, Brute Force: Wireless company hires Mandiant, KPMG to improve defenses. Bloomberg, August 27, 2021

Cyber Surveillance

A new wave of Hacktivists is turning the surveillance state against itself: Images and videos from oppressive regimes’ surveillance systems are being leaked in a new surge of suspected hacktivism that uses states’ own panopticons against them. TheRecord, August 27, 2021

What To Know About The Spying Scandal Linked To Israeli Tech Firm NSO: JERUSALEM — Israel takes enormous pride in its high-tech industry. But one of its star cybersecurity companies, NSO Group, is at the center of an international spying scandal that has concerned U.S. officials, and the Israeli government plays a role. NPR, August 25, 2021

Know Your Enemy

Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor: The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal. ThreatPost, August 27, 2021

Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship: The state security ministry is recruiting from a vast pool of private-sector hackers who often have their own agendas and sometimes use their access for commercial cybercrime, experts say. The New York Times, August 26, 2021

Ransomware: These four rising gangs could be your next major cybersecurity threat: Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses. ZDNet, August 25, 2021

National Cybersecurity

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead: The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. CyberScoop, August 26, 2021

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them: U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. CyberScoop, August 25, 2021

FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity: Today, President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats. Recent high-profile cybersecurity incidents demonstrate that both U.S. public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled. The White House, August 25, 2021

What cybersecurity leaders say they need from the federal government: The ongoing spate of ransomware attacks that have taken place over the past year underscores the need for better cooperation and information sharing between the federal government and private sector companies, cybersecurity experts say. CNBC, August 25, 2021

Could Cyberwar Make the World Safer?: The battles in a global cyberwar are visible only through periodic glances in the rearview mirror: Indra, Colonial Pipeline, SolarWinds, WannaCry. The New York Times, August 22, 2021

Cyber Defense

Ron Gula wants to make cybersecurity personal. Enter: data care: The former Tenable CEO and investor thinks changing the industry’s name can help raise awareness, and make it more welcoming. It has implications for personal responsibility, and the workforce. Technically, August 24, 2021

Cyber Lawsuit

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents: In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware to siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily. KrebsOnSecurity, August 25, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge