Cybersecurity News of the Week, July 18, 2021

SecureTheVillage – Volunteers Needed for Golf Tournament

Golfer? Cybersecurity Pro? STV CyberLeader? We are looking for 10-15 people to join the STV Golf Committee for the SecureTheVillage’s inaugural golf tournament on October 20, 2021 at Moorpark CC. The tournament will be part of our activities in support of Cybersecurity Awareness Month. The Golf Committee will consist of 10-15 people to help with marketing, logistics, setup, registration, administration, fundraising, etc.  Looking to fill these rolls for the committee and have a successful inaugural tournament for the Village. To volunteer or for more information, email Board Member Jason Meshekow at jasonm@intouchis.com.

Individuals at Risk

Cyber Privacy

The Assault on Our Privacy Is Being Conducted in Private: “You have zero privacy anyway,” Scott McNealy, the chief executive of Sun Microsystems, infamously declared more than 20 years ago. “Get over it.” The New York Times, July 13, 2021

Cyber Defense

Instagram rolls out new tool to help users secure hacked accounts: Instagram has begun rolling out a new security feature that will help users secure compromised accounts and kick out hackers. TheRecord, July 15, 2021

Cyber Update

Microsoft Patch Tuesday, July 2021 Edition: Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft. KrebsOnSecurity, July 13, 2021

Cyber Warning

FBI warns cryptocurrency owners, exchanges of ongoing attacks: The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. BleepingComputer, July 9, 2021

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

When ‘Later’ Never Comes: Putting Small Business Cybersecurity First: Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. SecurityIntelligence, July 16, 2021

Information Security Management

The Evolving Role of the CISO: Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. ThreatPost, July 16, 2021

Choosing your MSP: What the Kaseya incident tells us about third‑party cyber‑risk: Lessons to learn from the Kaseya cyberincident to protect your business’ data when doing business with a MSP. WeLiveSecurity, July 13, 2021

This Company Was Hit With a Devastating Ransomware Attack—But Instead of Giving In, It Rebuilt Everything: As the threat of ransomware grows, companies have felt pressed to pay massive amounts to hackers holding systems hostage. One business decided not to give in to their attackers’ demands. Time, July 14, 2021

NIST Recommends Agencies Assume They Have Already Been Hacked: The Security Measures publication focuses on running software, while the Recommended Minimum Standards focuses on developing it. BreakingDefense, July 14, 2021

United States Government Launches First One-Stop Ransomware Resource at StopRansomware.gov: WASHINGTON – Today, as part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. The U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ), together with federal partners, have launched a new website to combat the threat of ransomware. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organizations. The new StopRansomware.gov is a collaborative effort across the federal government and the first joint website created to help private and public organizations mitigate their ransomware risk. DHS, July 14, 2021

Cyber Warning

SonicWall warns of imminent ransomware campaign on VPN hardware: Current and legacy secure VPN appliances under attack now. ITPro, July 16, 2021

Secure The Human

Comprehensive Security Awareness: An Enterprise-Wide Goal: Headlines have suggested that enterprises need a higher level of security awareness ever since it became clear that firewalls are not enough. Though IT and security leaders are often blamed for an incident, the reality is that security isn’t only security’s job or IT’s job. It’s everyone’s job. And if it’s everyone’s job, then every employee in an organization needs to develop enough sensitivity to the current threats, whatever they may be, to stay mindful and vigilant. In short, everyone should adopt a Zero Trust mindset which requires a Zero Trust culture. CSHub, July 13, 2021

Cybersecurity in Society

Cyber Crime

The 15 biggest data breaches of the 21st century: Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory. CSO, July 16, 2021

How criminals siphoned off unemployment payments directly from recipients’ accounts: As millions of Americans received unemployment payments to get through the crisis, scammers developed a new way to steal cash directly from recipients’ accounts, according to an investigation by CNBC. CNBC, July 16, 2021

Australian organisations are quietly paying hackers millions in a ‘tsunami of cyber crime’: It’s an open secret within the tight-lipped world of cybersecurity. ABC AU, July 15, 2021

‘It was my life’s savings’: How hackers use email phishing scams to steal billions: LAKE MARY, Fla. — A first-of-its-kind study investigates exactly how cyber-criminals use email phishing attacks to steal billions. The study includes surprising new information about the tactics criminals use, how quickly they attack, and how compromised emails are used to commit fraud. ABC Action News, July 9, 2021

STATE-BY-STATE BREAKDOWN OF CYBERCRIME IN AMERICA: Statistics about violent crimes, like robbery and murder, and property crimes, like theft and arson, are well-covered across the media landscape. But there’s another type of crime that can be devastating — cybercrime. Security.org, June 28, 2021

Cyber SURVEILLANCE

The USPS’ Semi-Secret Internet Surveillance Apparatus: The agency best known for delivering mail has a side hustle in online snooping. Reason, 2021

Cyber Espionage

iOS zero-day let SolarWinds hackers compromise fully updated iPhones: Flaw was exploited when government officials clicked on links in LinkedIn messages. ars technica, July 14, 2021

Know Your Enemy

2021 Cyber Threat Intelligence Report: In an era of unprecedented uncertainty, with so many devices scattered throughout enterprise networks, it’s challenging for security professionals to keep pace with demands. Accenture, July 15, 2021

Another Mercenary Spyware Vendor Comes into Focus: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. The Citizen Lab, July 15, 2021

REvil Ransomware Servers Go Dark Suggesting Possible Law Enforcement Takedown: REvil (Sodinokibi), one of the most prolific ransomware-as-a-service operations, had its servers shut down suddenly early on Tuesday morning. NetSec, July 14, 2021

National Cybersecurity

Biden Administration announces flurry of new anti-ransomware efforts: The defensive initiatives include a reward for information on nation-state actors and the formation of a new interagency ransomware task force. CSO, July 26, 2021

Cyber Defense

Global Coalition Needed to Prevent Ransomware Pandemic: INTERPOL Secretary General Jürgen Stock has called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic. HomelandSecurity Today, July 13, 2021

Cyber Law

The Changing Wind of Data Privacy Law: A Comparative Study of the European Union’s General Data Protection Regulation and the 2018 California Consumer Privacy Act: On May 25, 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) came into effect. The GDPR is expected to reshape web use and overhaul data privacy laws beyond Europe in how businesses and organizations can handle customer and user information. UCI Law, June, 2020

Cyber Enforcement

US offers up to $10 million reward for information on cyberattacks against critical infrastructure by foreign states: (CNN)The US government is offering up to $10 million for information that can identify or locate malicious cyber actors working on behalf of a foreign government to target critical US infrastructure, the US State Department announced Thursday. CNN, July 15, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge