Cybersecurity News of the Week, March 15, 2020

SecureTheVillage Calendar

CANCELLED Personal Cyber Security with Dr. Steve Krantz, March 16, 11:15 – 12:15, Encino, CA

CANCELLED “Preparing for CMMC Certification” – San Fernando Valley Chapter of The Aerospace & Defense Forum March 17, 7:00 am – 9:00 am

CANCELLED Protect Yourself From IDentity Theft, Stan Stahl, Karen Codman, March 18, 1:00 – 2:00, Long Beach

CANCELLED Protect Yourself From IDentity Theft, Stan Stahl, Karen Codman, March 18, 7:00 – 8:00, Long Beach

Financial Services Cybersecurity Roundtable – March 2020 March 20, 8:00am – 10:00am … In-Person: Cancelled. Online: ToBeDecided

CANCELLED 2020 Cyber Trends: CCPA Compliance | Hack Trends – Professional Panel April 7, 10:00 am – 1:00 pm

Individuals at Risk

Cyber Privacy

Confessions app Whisper spills almost a billion records: Researchers who uncovered a data exposure from mobile app Whisper earlier this week have released more details about the incident. NakedSecurity, March 13, 2020

Data of millions of eBay and Amazon shoppers exposed: Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. NakedSecurity, March 12, 2020

Cyber Danger

Live Coronavirus Map Used to Spread Malware: Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. KrebsOnSecurity, March 12, 2020

Cyber Update

Microsoft Patch Tuesday, March 2020 Edition: Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. KrebsOnSecurity, March 10, 2020

Firefox 74 offers privacy and security updates: Just a month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements. These include a privacy tweak to the way it handles the WebRTC multimedia streaming protocol. NakedSecurity, March 12, 2020

Cyber Defense

In Major Takedown, Microsoft Disrupts Botnet Linked to Criminals In Russia that Infected 9 Million Computers to Spew Spam and Malware: Employees had tracked the group, believed to be based in Russia, as it hijacked nine million computers around the world to send spam emails meant to defraud unsuspecting victims. The New York Times, March 10, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management and Governance

How to Leverage NIST Cybersecurity Framework for Data Integrity … Together with the National Cybersecurity Center of Excellence, NIST has released a series of practice guides that focuses on data integrity: Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized manner. Tripwire is very proud to have contributed and collaborated with other technology vendors in the development of these practice guides. TripWire, March 10, 2020

Security Culture

A Cybersecurity Culture Score … Looking at the Business Model for Information Security, a way of thinking about information security in a holistic way: In the rush to use technology to counter security threats, organizations often ignore their deep-rooted cultural issues. The Business Model for Information Security (BMIS), which was created by Dr. Laree Kiely and Ms. Terry Benzel at USC and later was acquired by ISACA, is a way of thinking about information security in a holistic way. info security, March 13, 2020

Cyber Warning

Hackers find new target as Americans work from home during outbreak: Experts are warning of a new wave of cyberattacks targeting Americans who are forced to work from home during the coronavirus outbreak. The Hill, March 14, 2020

DoppelPaymer Ransomware Ups the Threat Level by Posting Victim’s Data Publicly If They Don’t Pay: While ransomware is a serious problem, it is also one that can be handled with proper preparation. An organization that fully backs up its systems at regular intervals can usually avoid a payment simply by restoring files. Cyber crime is a world of constant adaptation and escalation, however, and there has been a dangerous mutation. The new DoppelPaymer ransomware doesn’t just lock up data, but also threatens to post the victim’s data to a public leaks site if the ransom isn’t paid. CPO, March 12, 2020

Hackers are working harder to make phishing and malware look legitimate: A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses. TechRepublic, March 11, 2020

Cyber Talent

Keys to Hiring Cybersecurity Pros When Certification Can’t Help: There just aren’t enough certified cybersecurity pros to go around — and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates. DarkReading, March 10, 2020

Cybersecurity in Society

Cyber Crime

One man lost his life savings in a SIM hack. Here’s how you can try to protect yourself: Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million. CNN, March 13, 2020

Ransomware Attacks on Healthcare Providers Rose 350% in Q4 2019: A Corvus analysis reveals the vast majority of ransomware attacks on healthcare providers stem from phishing incidents, as attacks jumped a whopping 350 percent in the last quarter of 2019. HealthITSecurity, March 9, 2020

Cyber Attack

Ransomware halts health organization’s ability to inform public on COVID-19: Officials at the Champaign-Urbana Public Health District were dealt a blow in their ability to inform the public about the Coronavirus outbreak when it was attacked with ransomware knocking its website offline. SC Media, March 13, 2020

Know Your Enemy

Ransomware Gangs Hit Larger Targets, Seeking Bigger Paydays: Targeted ransomware attacks continue to increase as gangs seek to obtain bigger ransom payoffs from larger targets, security experts warn. BankInfoSecurity, March 9, 2020

National Cybersecurity

Congress, Warning of Cybersecurity Vulnerabilities, Recommends Overhaul … A yearlong effort by a bipartisan group of lawmakers suggests steps to deter attacks, including clearer communication of operations: WASHINGTON — A yearlong congressional study of American cyberspace strategy concludes that the United States remains ill-prepared to deter attacks, including from Russia, North Korea and Iran. It calls for an overhaul of how the United States manages its offensive and defensive cyberoperations. The New York Times, March 11, 2020

Saying the Country is “dangerously insecure in cyber” a U.S. Cybersecurity Report Calls for Major Government Role in Cyber Insurance: A major government report on cybersecurity that warns the nation is seriously underprepared for cyber attacks calls for the creation of a federally-funded center to develop cybersecurity insurance certifications and a public-private partnership on cyber risk models. InsuranceJournal, March 11, 2020

Cyber Gov

Federal employees may soon be ordered to work from home. That could pose serious cybersecurity risks … The coronavirus outbreak may prompt the federal government’s biggest telework experiment to date: Hundreds of thousands of federal workers and congressional staff may soon be asked to work remotely full time as the coronavirus spreads, putting reams of sensitive government data at higher risk of hacking and threatening to overwhelm outdated government computer systems. The Washington Post, March 13, 2020

Ransoming government. What state and local governments can do to break free from ransomware attacks: As malware attacks increasingly hold various governments ransom over critical data, to pay or not to pay can become an impossible dilemma. Taking simple steps to secure IT infrastructure and data can help government organizations avoid this dilemma. Deloitte, March 11, 2020

Cybersecurity company linked to FBI raid of LA DWP files claim against city … A cybersecurity firm that worked for DWP alleges widespread security gaps at utility and that DWP & city staff concealed those vulnerabilities from regulators: Ardent Cyber Solutions LLC submitted a 10-page claim against the city earlier this year, alleging retaliation and breach of contract. The firm alleges that Mayor Eric Garcetti personally ordered its contract canceled as a “retaliatory measure” after Ardent alerted officials to the utility’s physical and cybersecurity problems, according to the claim. The Los Angeles Times, March 10, 2020

Critical Infrastructure

The Threat to U.S. Critical Infrastructure Is Real: It’s Past Time to Act Accordingly: The threat to U.S. critical infrastructure posed by foreign state-owned enterprises is real and America is not doing enough to inoculate itself against it and effectively manage the risk to our economic and national security. HSToday, March 14, 2020

Cyber Enforcement

Europol takes down SIM-swap hacking rings responsible for theft of millions of euros … Arrests have been made across Europe in an effort to stamp out gangs specializing in SIM-swapping attacks: Europol, with help from local law enforcement, has made a series of arrests across Europe in a crackdown on SIM-swapping attacks. ZDNet, March 13, 2020

FBI Arrests Alleged Owner of, a Top Broker of Stolen Accounts: FBI officials last week arrested a Russian computer security researcher on suspicion of operating, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. KrebsOnSecurity, March 10, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge