SecureTheVillage – Volunteers Needed for Golf Tournament
Golfer? Cybersecurity Pro? STV CyberLeader? We are looking for 10-15 people to join the STV Golf Committee for the SecureTheVillage’s inaugural golf tournament on October 20, 2021 at Moorpark CC. The tournament will be part of our activities in support of Cybersecurity Awareness Month. The Golf Committee will consist of 10-15 people to help with marketing, logistics, setup, registration, administration, fundraising, etc. Looking to fill these rolls for the committee and have a successful inaugural tournament for the Village. To volunteer or for more information, email Board Member Jason Meshekow at jasonm@intouchis.com.
Individuals at Risk
Cyber Privacy
BIG BROTHER IS ACTUALLY RONALD MCDONALD: When I was on the road between appointments before Covid 19, I’d find a Starbucks where I could have a cup of coffee, get on the free Wi-Fi and do some work. Then one day, I read that Starbucks’ biggest competitor isn’t Peet’s or Coffee Bean & Tea Leaf. It’s McDonald’s. The Food Lawyers, June 15, 2021
Cyber Update
Microsoft Issues Emergency Patch for Windows Flaw: Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers. KrebsOnSecurity, July 7, 2021
Secure The Human
Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work: In a world in which bad news dominates, social engineering scams that carry a promise of good news can be incredibly lucrative for cyber criminals. SecurityIntelligence, July 1, 2021
Cyber Humor
Information Security Management for the Organization
Information Security Management
Public cloud security ‘just barely adequate,’ experts say: Between the sharp rise in cyberattacks and overall rapid migration to the cloud, cloud security is quickly becoming a top concern for enterprises. And the more clouds are being used, the more there is to worry about. VentureBeat, July 9, 2021
How stopping lateral movement can defend against ransomware [Q&A]: Over the last couple of years the number of ransomware attacks has soared. While high profile attacks make the headlines organizations of all sizes are at risk. BetaNews, July 9, 2021
Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: 2nd Public Draft of NISTIR 8286A Available for Comment: A second public draft of NISTIR 8286A is available: “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management.” The comment period is open through August 6, 2021. NIST, July 6, 2021
Cyber Talent
‘Barely able to keep up’: America’s cyberwarriors are spread thin by attacks: A once-quiet epidemic, ransomware has emerged in 2021 as a major national security issue. NBC, July 8, 2021
Cybersecurity in Society
Cyber Crime
CNA warns customers it suffered a major data breach: Cybercriminals obtained customer information before infecting CNA’s systems with ransomware. TechRadarPro, July 9, 2021
Column: He spent 24 years building his business. A ransomware attack blew it to smithereens: Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down? LA Times, July 9, 2021
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software: Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago. KrebsOnSecurity, July 8, 2021
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks: Financial services firm says data was stolen by exploiting flaws discovered in December. ars technica, July 8, 2021
RNC says contractor breached in hack, GOP data secure: The Republican National Committee (RNC) on Tuesday acknowledged that one of its contractors had been breached by hackers linked to Russia but said its data had not been accessed. The Hill, July 6, 2021
Up to 1,500 businesses infected in one of the worst ransomware attacks ever: Mass compromise is having cascading effects around the world. ars technica, July 6, 2021
Cyber SURVEILLANCE
[VISUAL] The Overlapping Infrastructure of Urban Surveillance, and How to Fix It: Between the increasing capabilities of local and state police, the creep of federal law enforcement into domestic policing, the use of aerial surveillance such as spy planes and drones, and mounting cooperation between private technology companies and the government, it can be hard to understand and visualize what all this overlapping surveillance can mean for your daily life. We often think of these problems as siloed issues. Local police deploy automated license plate readers or acoustic gunshot detection. Federal authorities monitor you when you travel internationally. EFF, June 24, 2021
Cyber Privacy
ProtonMail, DuckDuckGo, others ask EU & US regulators to ban surveillance-based advertising: A group of privacy-first tech companies, including the likes of ProtonMail, DuckDuckGo, Vivaldi, Tutanota, and Startpage, have published an open letter today asking EU and US regulators to take action and ban surveillance-based advertising. TheRecord, July 7, 2021
Cyber Defense
The U.S. Desperately Needs a Civilian Cybersecurity Corps: Here is how we maximize its scale and potential. NextGov, July 9, 2021
New York City Opens Cyberattack Defense Center: Initiative brings together government agencies and business groups to share intelligence and respond to digital threats. The Wall Street Journal, July 8, 2021
Know Your Enemy
The anatomy of a ransomware attack: Inside the hacks that lock down computer systems and damage businesses. The Washington Post, July 9, 2021
Where do all those cybercrime payments go?: Here on Naked Security, we’ve regularly asked the question, or at least implied it: “Where do you think all those cybercrime payments go?” NakedSecurity, July 9, 2021
This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted: Ransomwhere keeps a publicly available running tally of ransoms paid out to cybercriminals in bitcoin. Gizmodo, July 6, 2021
Cyber Insurance
Cyber Insurance Industry in Crosshairs of Ransomware Criminals: In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered. InsuranceJournal, July 7, 2021
National Cybersecurity
Biden Warns Putin to Act Against Ransomware Groups, or U.S. Will Strike Back: Mr. Biden’s phone call appeared to be a pointed ultimatum to stop the hackers, who have attacked computer networks in the United States with relative impunity. The New York Times, July 9, 2021
The NSA’s ‘New’ Mission: Get More Public With the Private Sector: The National Security Agency’s gradual emergence from the shadows was “inevitable” in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100. DarkReading, July 8, 2021
Top lawyer for U.S. cyberwarriors calls for military cyber response to global criminal hackers: The U.S. has long been reluctant to respond forcefully with cyber weapons to hacking by either nations or criminals, partly because the U.S. is vulnerable. NBC, July 8, 2021
Revisiting a Framework on Military Takedowns Against Cybercriminals: In an April Lawfare post, Jason Healey offered a five-part test to determine the appropriateness of using U.S. military cyberspace operations to respond to criminal cyber activities. The test counsels that the military should operate against criminal cyber threats based solely on their imminence, the perils they pose, their magnitude, and their link to major nation-state adversaries. LawFare, July 2, 2021
Cyber Lawsuit
Kroger, British Airways Agree to Settle Data Breach Lawsuits: U.S.-based pharmacy and supermarket chain Kroger and U.K.-based British Airways have each agreed to settle class action lawsuits filed in the wake of two massive data breaches. BankInfoSecurity, July 6, 2021
Cyber Law
Colorado third state to enact comprehensive privacy law: Colorado became the third state to pass a comprehensive data privacy law when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on Wednesday. Compiance Week, July 8, 2021
Connecticut Governor Lamont signs bill offering companies a shield from data breach lawsuits: bill shielding Connecticut businesses from liability for data breaches as long as they adopt and maintain approved cybersecurity protocols is now law. HBJ, July 7, 2021
New York Department of Financial Services Issues New Guidance on Ransomware Prevention: DFS Guidance Identifies Key Cybersecurity Measures to Reduce Risk of Ransomware Attacks. Superintendent Linda A. Lacewell today announced that the New York State Department of Financial Services (DFS) has issued new guidance on preventing ransomware attacks. In the guidance, DFS identifies cybersecurity controls that significantly reduce the risk of a ransomware attack and should be implemented by companies wherever possible. DFS NY, June 30, 2021