Cybersecurity News of the Week, February 9, 2020

Citadel Information Group is now Miller Kaplan

Miller Kaplan, a top-100 certified public accounting firm, announced this week that the firm has acquired Citadel Information Group.

With Citadel now Miller Kaplan, the Cybersecurity News of the Week and the Weekend Vulnerability and Patch Report are moving to SecureTheVillage.

As a co-founder of Citadel and founder of SecureTheVillage I’m excited by this transition. You’ll be hearing soon of a major contribution Miller Kaplan will be making to SecureTheVillage, an investment that will give SecureTheVillage the resources we need to meet our village’s cybersecurity and privacy challenges.

Stan Stahl, Ph.D.
Founder and President

SecureTheVillage Calendar

Preparing for CMMC Certification with Stan Stahl and Chris Rose, South Bay Chapter of The Aerospace & Defense Forum, February 12, 7AM – 9AM, Torrance, CA

CyberFreedom: Protecting Our Identities. Securing Our Economy. Preserving Our Freedoms. Stan Stahl, Westwood Village Rotary Club, February 20, 2020, 11:30 – 1:30.

Thirsty Thursday Executive Cybersecurity Awareness Training: Securely lead your organization in 2020 with Howard Miller, Matt Mayo, and Jeremy Meighan, February 20, 5:30 – 7:00, Valencia, CA

How to Get Cyber Secure Without Breaking the Bank with Stan Stahl and Cheryl Washington, SCSIM Inaugural All Day Summit, February 27, 10:00 – 10:45, Long Beach, CA

Personal Cyber Security with Dr. Steve Krantz, March 10, 1:00 – 2:30, Calabasas, CA

Individuals at Risk

Cyber Privacy

How to use Firefox’s tools to protect your privacy while browsing: Like many of today’s browsers, Firefox has been making changes to try to answer its users’ call for more online privacy. This includes blocking third-party trackers by default as well as a VPN it calls the Firefox Private Network. The Verge, February 7, 2020

Facebook, Google, YouTube order Clearview to stop scraping faceprints: Clearview AI, the facial recognition company that’s scraped the web for three billion faceprints and sold them all (or given them away) to 600 police departments so they could identify people within seconds, has received yet more cease-and-desist letters from social media giants. NakedSecurity, February 7, 2020

How To Protect Your Phone Number On Twitter: The bad news is that Twitter has disclosed a failure to protect users’ phone numbers, again. The good news is that Twitter users can take steps to protect themselves. EFF, February 5, 2020

When Your Used Car is a Little Too ‘Mobile’: Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended. KrebsOnSecurity, February 5, 2020

Sprint Exposed Customer Support Site to Web: Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity, January 29, 2020

Cyber Danger

Hackers imitating CDC, WHO with coronavirus phishing emails: Cybercriminals are now using fears over the outbreak to steal email credentials, security officials say. TechRepublic, February 7, 2020

New malware impacting online banking tricks users: A new malware is spreading among online banking users, stealing their passwords by disabling any autofill functions their devices might have and forcing them to manually retype their passwords as the malware copies the data. InsuranceBusiness, February 7, 2020

Watch out for these Android applicatons claiming to clean and speed up your smartphone—they actually install malware: Android apps claiming to enhance the performance of a user’s phone actually contained the ability to download thousands of malware variants, researchers say. Newsweek, February 7, 2020

Researcher says millions of IoT and surveillance devices that use HiSilicon chips have a trivial backdoor: The Chinese giant has another hot potato on its hands. Techspot, February 7, 2020

Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack: New exploit builds on previous research involving Philips Hue Smart Bulbs. Dark Reading, February 6, 2020

Cyber Defense

IRS Introduces New Tool In The Fight Against Identity Theft … Identity Theft Central is a resource on how to report identity theft, how taxpayers can protect themselves against phishing, online scams and more: Despite a steep drop in tax-related identity theft in recent years, the scam remains serious enough to earn a spot on the agency’s 2019 “Dirty Dozen” list of tax scams. That’s why the Internal Revenue Service (IRS) has dedicated a section of its website to address identity theft. Identity Theft Central is intended to improve online access to information on identity theft and data security protection for taxpayers, tax professionals, and businesses. Forbes, February 6, 2020

Cyber Humor

Information Security Management for the Organization

Information Security & Privacy Management

What Leadership Qualities for CISOs Are Most Important in 2020?: Organizations today have to balance the need for continuous evolution along the digital continuum with the need to protect their data and operations and keep cyber risk at an acceptable level. The chief information security officer (CISO) role is uniquely positioned to help organizations manage those dualities, but it requires a different set of leadership qualities for CISOs that goes well beyond their traditional role as guardians of all things technological. SecurityIntelligence, February 7, 2020

NIST releases draft guidance on ransomware and cyber-attack; seeks public comment: The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain. ComplianceWeek, February 7, 2020

90% of CISOs Would Cut Pay for Better Work-Life Balance: Businesses receive $30,000 of ‘free’ CISO time as security leaders report job-related stress taking a toll on their health and relationships. DarkReading, February 6, 2020

Cyber Warning

Why you can’t bank on backups to fight ransomware anymore … Ransomware operators stealing data before they encrypt means backups are not enough: Not every ransomware attack is an unmitigated disaster. But even the most prepared organizations, it seems, can have small-scale disasters in the era of mass scans, spear phishes, and targeted ransomware. ars technica, February 7, 2020

Is your MSP / IT Vendor putting you at risk? New ESET study finds MSPs Not Proactive Enough with Cybersecurity: MSPs increasingly are coming under fire for their lack of cybersecurity, and new research by ESET shows nearly half admitted waiting until after an attack to invest in cybersecurity products. Channel Futures, February 7, 2020

RobbinHood – the ransomware that brings its own bug … When you need a vulnerability to exploit, but there isn’t one… why not simply bring your own, along with your malware?: Ransomware is one of the most feared cybercrime problems of the modern era. NakedSecurity, February 7, 2020

Cybersecurity in Society

Know Your Enemy

The time I sabotaged my editor with ransomware from the dark web: As you may be aware, there’s money to be made on the internet. The question, of course, is how. Not everyone has the reality-distortion skills to start their own tech unicorn, or the Stanford connections to become an early employee there, or the indifference to sunlight necessary to become a world-class Fortnite gamer. Not everyone lives in the relatively few places where software engineering jobs are well-paying and plentiful. Bloomberg, February 6, 2020

National Cybersecurity

The Cybersecurity 202: Here’s why NSA rushed to expose a dangerous computer bug: The National Security Agency is known for keeping secrets. But a bug it recently discovered in Microsoft’s operating system was so potentially catastrophic that it fast-tracked a lengthy decision-making process to alert the company and the public as quickly as possible. The Washington Post, February 6, 2020

Cyber Freedom

5 Measures to Harden Election Technology: Voting machinery needs hardware-level security. The stakes are the ultimate, and the attackers among the world’s most capable.Dark Reading, February 7, 2020

How Can We Make Election Technology Secure?: In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well. DarkReading, February 6, 2020

Iowa Election Snafu: What Happens When IT And Cybersecurity Best Practices Are Ignored: The wireless application that malfunctioned during the Iowa caucuses this week is a shining example of what happens when information technology (IT) and cybersecurity best practices and standards are ignored by the leaders of organizations. Forbes February 6, 2020

Cyber Law

Analyzing the 2020 Nebraska Consumer Data Privacy Act: On January 8, 2020 Nebraska state Senator Carol Blood introduced the Nebraska Consumer Data Privacy Act (LB746) (the “Act”). CPO, February 6, 2020

Cyber Enforcement

Booter Boss Busted By Bacon Pizza Buy: A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service. KrebsOnSecurity, February 4, 2020

Fake News

How Deepfakes Will Make Us Question Everything in 2020 … If anyone can claim that what they said was the result of a deepfake, how can we distinguish the truth anymore?: We’ve written about deepfakes before, but there’s one overlooked side effect that must be brought to our attention: As the technology improves and becomes more commonplace, what’s stopping anyone from claiming that what they definitively said was the result of a deepfake? SecurityIntelligence, February 4, 2020

Cyber Miscellany

Biased AI Is Another Sign We Need to Solve the Cybersecurity Diversity Problem: Artificial intelligence (AI) excels at finding patterns like unusual human behavior or abnormal incidents. It can also reflect human flaws and inconsistencies, including 180 known types of bias. Biased AI is everywhere, and like humans, it can discriminate against gender, race, age, disability and ideology. SecurityIntelligence, February 6, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge