Cybersecurity News of the Week, June 4, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

FANCY BEAR GOES PHISHING: The Dark History of the Information Age, in Five Extraordinary Hacks, by Scott J. Shapiro: Don’t let the adorable title fool you: As Scott J. Shapiro acknowledges in “Fancy Bear Goes Phishing,” his new book about cybersecurity, hacking can inflict terrible harm. Shapiro is the author, with Oona A. Hathaway, of “The Internationalists”(2017), which recounts 20th-century efforts to outlaw war; among the numerous questions animating “Fancy Bear Goes Phishing” is whether hacking has opened the door to war by other means. Free Link to New York Times Article. 

8 Big Questions About A.I. Interest in artificial intelligence has exploded over the past six months. … But the technology has been steadily improving for years. So why now? … We might be focusing on the wrong word. The phenomenon currently enrapturing the world is less about artificial intelligence and more about artificial creativity. … Computers have felt smart — even if only in a semidumb kind of way — for a long time. But they have never felt so creative. … We wanted to hear more opinions and personal stories from people who have built close relationships with A.I. So we sought out and spoke with five practitioners from a wide range of perspectives who have worked with the technology in very different ways. Free Link to New York Times Article

New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. We feature info on how to freeze your credit and what ‘marriage scams’ are in Edition 1. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

Cyber Humor

Nonprofit of the Week  …  Nonprofit Cyber

Kudos this week to the 36 nonprofits comprising Nonprofit Cyber. the coalition of nonprofit organizations that focus on raising the bar in cybersecurity. Nonprofit Cyber coalition members collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index. This is the first comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses, and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber – Live on LinkedIn and Your Favorite Podcast Platform: Invasion of the Body and Mind (Data) Snatchers: (Video) (Podcast): On this special episode of Live on Cyber, discover the alarming truth about the unauthorized collection and sale of your private physical health, mental health, genetics, and fitness data. This event sheds light on the concerning practices of profiling and targeted marketing, as well as the potential weaponization of personal data without consent. This episode is an enlightening discussion that lasts 90 minutes, featuring expert insights and a Q&A session on these critical aspects: … Data Collection: Understand who has access to your data and its widespread distribution. … Data Monetization: Learn about the entities profiting from the sale of your personal information. … Data Aggregation: Explore the process of consolidating and analyzing collected data. … Utilization of Data: Discover how this information is utilized by various stakeholders and the potential risks involved. The implications of this data exploitation are far-reaching and raise numerous pressing questions: — Legal Consequences: Could your data be used against you in legal proceedings or impact your insurability? — Commercial Interests: How are pharmaceutical companies targeting advertisements and influencing medical decisions? — Personal Disputes: What are the implications for custody battles, power of attorney disputes, and inheritance matters? — Genetic Infringement: How might your genetic information be misused or infringed upon? — Lack of Transparency: Why is there a lack of awareness regarding the extent and implications of data collection? With: Alexa McCulloch, Entrepreneur & Investor in Privacy & Cybersecurity; Board Director, SecureTheVillage René Quashie, VP, Digital Health CCybersecurityonsumer Technology Association Felix Bustos III, CEO and Co-Founder, ZB Tech (HelenHealth) Sarah Robinson, Former Global Head of Trust, Meta (Facebook, Instagram) 

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.  

Don’t store money in Venmo, Cash App or PayPal, regulator says: The head of the CFPB is urging consumers to keep their funds in traditional banks and credit unions. … In its advisory, the Consumer Financial Protection Bureau recommended that people move any funds on payment apps such as PayPal into their bank accounts. … A federal consumer watchdog on Thursday warned consumers not to store money on payment apps such as Venmo, Cash App or PayPal, because that money is not automatically insured by the government and could be completely lost if the companies fail. Link to Article

Amazon Settles Complaints Over Ring Surveillance, Use of Children’s Voice Recordings: Amazon agreed Wednesday to pay $30.8 million to settle claims that it improperly retained children’s Alexa voice recordings and allowed employees of its Ring video doorbell unit to surveil customers, including Ring worker who viewed thousands of video recordings of females in their bedrooms. Link to Article. 

Section 3 – Cybersecurity News for the Cyber-Concerned.

Real-world experience’ informs new Pentagon cyber strategy: The Defense Department’s latest cyber strategy reflects lessons learned from the conflict in Ukraine and builds on the “Defend Forward” policy established in the previous 2018 version, according to a summary released on Friday. Link to Article

Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access: Ukrainian hackers have breached the systems of Skolkovo Foundation, the agency which oversees the high-tech business area located on the outskirts of Moscow. The Foundation was founded and charged by Russian former President Dmitry Medvedev to rival Silicon Valley in the U.S. Link to article

Toyota confirms another years-long data leak, this time exposing at least 260,000 car owners: Two weeks ago, Toyota said it exposed the data of more than two million customersto the internet for a decade. Today, the automotive giant said it recently discovered the data of another 260,000 car owners spilling from its systems. Link to Article

Top tire manufacturer hit by data breach leaking info on millions of customers: SimpleTire database leaked personal customer data online. SimpleTire, a company selling car tires and related services, kept an unsecured database with the sensitive data on millions of customers online, available for anyone who knew where to look. Link to Article

Industrial Giant ABB Confirms Ransomware Attack, Data Theft: Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data. Link to Article

Nearly 9 million people affected by data breach from cyberattack on dental insurer: A ransomware attack on a major dental insurance provider leaked the personal information of nearly nine million people across the United States, according to documents filed with state regulators. Link to Article

Hacker group Anonymous Sudan demands $3 million from Scandinavian Airline: The hacker group “Anonymous Sudan” has made an unexpected demandof $3 million from Scandinavian Airlines (SAS) in order to halt distributed denial-of-service attacks (DDoS) that have been targeting the airline’s websites since February. Link to Article

After Ransomware Attack, Oakland Faces Data Breach Lawsuit: A flurry of legal complaints and a lawsuit have been filed against Oakland, California, in the wake of a ransomware attack that disrupted city systems for weeks and months. … Plaintiffs have filed at least four legal claims against the city as it notifies about 13,000 current and former employees that their personal information was exposed in the attack, local newspaper Oaklandside reportedLink to Article

Phishing Domains Tanked After Meta Sued Freenom: The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. Link to Article

Critical Barracuda 0-day was used to backdoor networks for 8 monthsA critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday. Link to Article

Millions of PC Motherboards Were Sold With a Firmware Backdoor: Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say. … Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and doesn’t even put a proper lock on that hidden back entrance—they’re practically doing hackers’ work for them. Link to Article

US intelligence research agency examines cyber psychology to outwit criminal hackers: The natural human weaknesses that make defending the open internet so difficult are well understood and plenty of companies and organizations work to make the average person behind the keyboard better at digital self-defense. But what cybersecurity researchers haven’t focused much attention on until now are the psychological weaknesses of attackers. What are their deficiencies, habits or other patterns of behavior that can be used against them? What mistakes do they typically make? And how can those traits be used to stop them? Link to Article

Growing hacking threat to satellite systems compels global push to secure outer space: An international group of experts are working to build the next generation of secure-by-design space systems. … Industry experts gathered in Rome and virtually on Thursday in hopes of answering a question that has long vexed people who worry about defending outer space: How to engineer cybersecurity into complex space systems from ground stations to satellites that reach far beyond. Link to Article

Section 4 – Managing  Information Security and Privacy in Your Organization.

NIST Launches Cybersecurity Initiative for Small Businesses:: For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a cyberattack. In the face of these challenges, NIST is creating a new initiative to help. Link to Article

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge