Cybersecurity News of the Week, January 5, 2020

Individuals at Risk

Cyber Privacy

Here’s what you need to know about recent Amazon Ring hacking cases…Do home security devices make you safer or put you more at risk?: SALT LAKE CITY — A California lawsuit filed Dec. 26 details eight alleged instances of Amazon Ring security devices being hacked by strangers who taunted children, yelled racist obscenities or threatened to kill device owners via the two-way speaker system. DesertNews, January 3, 2020

iPhone: How to remove location data from photos and videos before sharing: Need to share some photos or videos but want to retain a bit more privacy than normal? Follow along for how to remove location data from photos and videos on iPhone before sharing. 9to5Mac, January 2, 2020

Identity Theft

Who am I? Defining Digital Identity: Developing a trusted standard for digital identity is one of the most important engineering challenges facing product designers, developers, manufacturers and security practitioners as we all work together to manage the growing digital risks of a hyperconnected world. CPO, January 2, 2020

Cyber Defense

How to Secure Your Wi-Fi Router and Protect Your Home Network: Router security has improved a bunch in recent years, but there are still steps you can take to lock yours down even better. Wired, January 4, 2020

The first thing to do after you’re involved in a hack, according to experts: There were a bunch of big data hacks in 2019, and 2020 will likely be just as bad as the number of cyberattacks increase. (The average number of security breaches in the last year grew by 11% from 130 in 2017 to 145 in 2018, according to Accenture research.) January 2, 2020

20 tips for 2020: Mistakes to avoid: In the first instalment of this two-article series we will be looking at cybersecurity habits to avoid when using your computing devices. welivesecurity, December 30, 2019

Cyber Humor

Information Security Management in the Organization

Information Security Management and Governance

5 Key Security Lessons From The Cloud Hopper Mega Hack: In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the computing cloud. The men, who remain at large, are thought to be part of a Chinese hacking collective known as APT10. Forbes, January 3, 2020

2020 Cybersecurity Trends to Watch … Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise: The wheels of 2020’s biggest cybersecurity threats have already been set motion. Mobile, the cloud and artificial intelligence, to name a few, are trends that will continue to be exploited by criminals. Couple that with the rapid growth of software development and a cybersecurity skills shortage and that should be enough to keep security pros on their toes. Here is what experts say the year ahead in cybersecurity has in store. ThreatPost, December 31, 2020

GDPR Simplified for Small & Medium Sized Businesses: Cloud computing has become a prevalent force, bringing economies of scale and breakthrough technological advances to modern organizations, but it is more than just a trend. Cloud computing has evolved at an incredible speed and, in many organizations, is now entwined with the complex technological landscape that supports critical daily operations. CPO, December 31, 2020

How AI and Cybersecurity Will Intersect in 2020: Understanding the new risks and threats posed by increased use of artificial intelligence. DarkReading, December 30, 2020

Cybersecurity in the C-Suite

Trust and privacy in 2020 – how should brands approach CCPA, and privacy-assured marketing?: California’s CCPA, now in effect, brings data privacy into focus on U.S. shores. But does meeting privacy guidelines like GDPR and CCPA lead customers to trust marketers? Not so fast. diginomica, January 3, 2020

Cybersecurity Trends And Best Practices For Insurers And Businesses: In 2020, businesses will focus on issues surrounding cybersecurity awareness with renewed vigor. Many CEOs are already setting new standards for securing their networks of computers. According to Accenture, cybercrime is set to cost businesses $5.2 trillion in potential revenue opportunities worldwide in the next five years, and no business is immune to an attack. Forbes, December 30, 2020

Cyber Privacy

GDPR Simplified for SMBs: The General Data Protection Regulation (GDPR) — a European Union (EU) data privacy law with a global reach — has been in the news since May 25, 2018, the day it took effect. Since then, we’ve seen numerous reports on compliance challenges, gray areas, and fines. CPO, December 30, 2020

Cyber Warning

FBI Warns of Maze Ransomware Focusing on U.S. Companies: Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first. Bleeping Computer, January 3, 2020

Cyber Lawsuit

Maze Ransomware Victim Sues Anonymous Attackers … Southwire Also Obtains Irish Court Injunction, Forcing Blackmail Site Offline: A Georgia manufacturer that was hit by the Maze ransomware gang is fighting back by suing its attackers even though their true identity remains unknown. BankInfoSecurity, January 3, 2020

Cybersecurity in Society

Cyber Privacy

California’s Privacy Law Is Finally Here. Now What? … With the CCPA in effect, state residents have new privacy rights they can start using now. The rest of the country could benefit, too: After months of lobbying, hand-wringing, and debate, the California Consumer Privacy Act (CCPA) finally went into effect Jan. 1. ConsumerReports, January 2, 2020

Cyber Crime

US Restaurant Chain Landry’s Hit by POS Malware … including Morton’s, Bubba Gump and Rainforest Café: A major US hospitality chain has revealed that POS malware affecting scores of its restaurant brands may have led to customer card data theft over several months in 2019. InfoSecurity, January 3, 2020

London-based Forex Company – Travelex Suffers Cyber-Attack: London-based forex exchange company–Travelex, has been hit by a cyber-attack on New Year’s Eve forcing the exchange to suspend all online services and its official website immediately to limit the damages. CISO MAG, January 3, 2020

Company shuts down because of ransomware, leaves 300 without jobs just before holidays … Company tells employees to seek new employment after suspending all operations right before Christmas: An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn’t go according to plan following a ransomware incident that took place at the start of October 2019. ZDNet, January 3, 2020

Ransomware may have cost the US more than $7.5 billion in 2019: It was another big year for ransomware, the extremely profitable style of cyberattack in which computer systems and data are taken over by hackers and held hostage until the victim hands over a payoff. MIT Technology Review, January 2, 2020

Ransomware Hackers Have Started Leaking City Of Pensacola Data: Earlier this month the government of the city of Pensacola, Florida fell victim to the Maze ransomware. The group behind the incident threatened to start releasing files if a $1 million payment wasn’t made. Forbes, December 31, 2019

National Cybersecurity

‘A cyberattack should be expected’: U.S. strike on Iranian leader sparks fears of major digital disruption: Iran’s cyber troops long have been among the world’s most capable and aggressive — disrupting banking, hacking oil companies, even trying to take control of a dam from afar — while typically stopping short of the most crippling possible actions, say experts on the country’s capabilities. The Washington Post, January 3, 2020

Cyber Freedom

Our Government’s Approach to Cybersecurity Is a Costly Mess. Here’s What Would Fix the Problem: Who’s responsible for protecting the 2020 presidential elections against cyber attacks? Time, January 2, 2020

Email Domains Vulnerable to Election Infrastructure Cyber Attack: Email is being “significantly overlooked” as threat vector in securing election infrastructure, a recent report said. MSSP Alert, December 31, 2019

Cyber Enforcement

Microsoft disrupts North Korean hacker group called Thallium: Microsoft has revealed it has detected a comprehensive network of cyberattacks originating from North Korea. The hacking group has been dubbed Thallium, and it is the fourth nation-state group Microsoft has identified deploying malicious cyberactivity, following Russia, China and Iran. New Atlas, January 1, 2020

Cyber History

Meet the Mad Scientist Who Wrote the Book on How to Hunt Hackers … Thirty years ago, Cliff Stoll published The Cuckoo’s Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker: In 1986, Cliff Stoll’s boss at Lawrence Berkeley National Labs tasked him with getting to the bottom of a 75-cent accounting discrepancy in the lab’s computer network, which was rented out to remote users by the minute. Stoll, 36, investigated the source of that minuscule anomaly, pulling on it like a loose thread until it led to a shocking culprit: a hacker in the system. Wired, December 18, 2019

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge