Cybersecurity News of the Week, March 8, 2020

SecureTheVillage Calendar

Personal Cyber Security with Dr. Steve Krantz, March 10, 1:00 – 2:30, Calabasas, CA

Webinar: How Simple Changes to Your Contracts Can Mitigate Risk Under the CCPA, Host Stan Stahl. Stan’s Guests: Matthew Seror, Shareholder Buchalter, Weiss Hamid, Associate Buchalter, March 12, 10:00 – 11:00

Personal Cyber Security with Dr. Steve Krantz, March 16, 11:15 – 12:15, Encino, CA

Protect Yourself From IDentity Theft, Stan Stahl, Karen Codman, March 18, 1:00 – 2:00, Long Beach

Protect Yourself From IDentity Theft, Stan Stahl, Karen Codman, March 18, 7:00 – 8:00, Long Beach

Financial Services Cybersecurity Roundtable – March 2020 March 20, 8:00am – 10:00am

2020 Cyber Trends: CCPA Compliance | Hack Trends – Professional Panel
April 7, 10:00 am – 1:00 pm, Long Beach

Individuals at Risk

Cyber Privacy

Unsecured databases continue leaking millions of records: UK ISP and telecom provider Virgin Media has confirmed on Thursday that one of its unsecured marketing databases had been accessed on at least one occasion without permission (though the extent of the access is still unknown). HelpNetSecurity, March 6, 2020

Clearview AI scraped billions of photos from social media to build a facial recognition app that can ID anyone … only to have its customer database leaked online … here’s everything you need to know about the mysterious company: Police departments across the United States are paying tens of thousands of dollars apiece for access to software that identifies faces using images scraped from major web platforms like Google, Facebook, YouTube, and Twitter. BusinessInsider, March 6, 2020

Cyber Defense

Meet Lockdown, The App That Reveals Who’s Tracking You On Your iPhone: In an era of mass data collection by tech giants such as Facebook and Google, it helps to be informed. Many companies are less than transparent about what they do with people’s data, leaving it down to the user to protect their own privacy. Forbes, March 6, 2020

DuckDuckGo shares a list of thousands of web trackers that gather your data: Over the past couple of years, the privacy-focused browser DuckDuckGo has been compiling a data set of web trackers. The company calls it Tracker Radar. Today, DuckDuckGo is sharing that data publicly and open sourcing the code that generates it. Engadget, March 5, 2020

Cyber Danger

Attackers Distributing Malware Under Guise of Security Certificate Updates … Approach is a twist to the old method of using fake software, browser updates, Kaspersky says: Cybercriminals can be an innovative bunch when it comes to finding new ways to distribute malware. DarkReading, March 6, 2020

Chrome extension cons cryptocurrency users out of hardware wallet key: Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. NakedSecurity, March 6, 2020

TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails: A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware. BleepingComputer, March 6, 2020

Researcher finds 670 Microsoft subdomains vulnerable to takeover: Years after it was first identified as a possibility, researchers have found it’s still child’s play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks. NakedSecurity, March 6, 2020

The Case for Limiting Your Browser Extensions: Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. KrebsOnSecurity, March 3, 2020

Cyber Update

Thousands of Netgear routers are at risk of getting hacked: What to do: Thousands of Netgear routers are at risk of getting hacked: What to do. Tom’s Guide, March 5, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management and Governance

Why cyber resilience should be a priority for every business – and how to get there: Cyberattacks today are potentially as destructive as major natural disasters. World Economic Forum, March 5, 2020

Let’s Encrypt Revokes Over 3 Million of Its Digital Certs: Let’s Encrypt, a nonprofit that has played a major role in pushing the use of encryption on the Web, today revoked more than 3 million of its digital certificates after discovering a flaw in the manner in which they were issued. DarkReading, March 5, 2020

Companies embracing IoT despite security risks: Adoption of IoT has increased across all industries yet security concerns still remain. TechRadar, March 5, 2020

Veracode’s Chris Eng: Patch Management Challenges Drive ‘Security Debt’: Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues. ThreatPost, March 5, 2020

Cyber Defense

Why You Need to Implement Multifactor-Authentication. Microsoft finds 99.9% of compromised accounts did not use multi-factor authentication … Only 11% of all enterprise accounts use a MFA solution overall: Speaking at the RSA security conference last week, Microsoft engineers said that 99.9% of the compromised accounts they track every month don’t use multi-factor authentication, a solution that stops most automated account attacks. ZDNet, March 6, 2020

Remote working due to coronavirus? Here’s how to do it securely…: Many if not most organisations have already crossed the “working from home”, or at least the “working while on the road” bridge. NakedSecurity, March 6, 2020

How to maintain safe cybersecurity practices while transitioning workers from the office to remote workstations: With the spread of coronavirus, businesses are increasingly asking staff to work from home. We asked experts how to keep cybersecurity policies in place. TechRepublic, March 5, 2020

Cyber Warning

Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns: Ryuk, DoppelPaymer, Parinacota and other ransomware groups are getting more sophisticated, Microsoft warns. ThreatPost, March 6, 2020

Cyber Talent

5 reasons to consider a career in cybersecurity: From competitive salaries to ever-evolving job descriptions, there are myriad reasons why a cybersecurity career could be right for you. WeLiveSecurity, March 3, 2020

Cybersecurity in Society

Cyber Privacy

Ex-Presidential Candidate Andrew Yang Launches Data Privacy Nonprofit: Former presidential candidate and known cryptocurrency proponent Andrew Yang has announced a new initiative to protect privacy online. CoinTelegraph, March 6, 2020

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data: The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data. KrebsOnSecurity, February 28, 2020

Know Your Enemy

New Report on Spammers and the Phishing Ecosystem Reveals Extremely Low Barriers to Entry: Spammers have always been seen as the pond scum of the cyber crime world. No technical skill and little investment is required, and the attacks are easily thwarted by automated tools; even if a spam email does slip through, it is unlikely to do any damage so long as the recipient has any skepticism about the Prince of Uganda contacting strangers out of the blue for exciting financial opportunities. A new study of the phishing ecosystem by Photon Research Team indicates that spammers are stepping up their game, however. CPO, March 4, 2020

Cyber Crime

Alleged Russian hacker goes on trial Monday in US in 2012 LinkedIn, Dropbox breaches: Data breaches like these are the reason you shouldn’t reuse passwords. CNet, March 6, 2020

Ransomware attack on sheep farmers shows there’s no room for woolly thinking in cyber security: While many Australians were preoccupied with panic-buying toilet paper, sales of another commodity encountered a very different sort of crisis. The Conversation, March 5, 2020

U.S. Critical Infrastructure Victim of Ransomware Attack: A ransomware attack has targeted critical infrastructure belonging to a U.S. based natural gas compression facility, a statement put out by the Department of Homeland Security (DHS) from February 18 has confirmed. CPO, March 5, 2020

National Cybersecurity

As the U.S. spied on the world, the CIA and NSA bickered: U.S. spy agencies were on the verge of an espionage breakthrough, closing in on the clandestine purchase of a Swiss company that could give American intelligence the ability to crack much of the world’s encrypted communications. The Washington Post, March 6, 2020

LinkedIn loophole: China’s military weaponizing professional networking platform, officials warn: U.S. officials are increasingly sounding the alarm about LinkedIn as a tool of foreign influence in American affairs. The Washington Times, February 18, 2020

Cyber Freedom

Out at Sea, With No Way to Navigate: Admiral James Stavridis Talks Cybersecurity … The former Supreme Allied Commander of NATO gives Dark Reading his take on the greatest cyberthreats our nation and its businesses face today: By any standard James Stavridis has had a remarkable career, beginning with graduating from the US Naval Academy (with a degree in electrical engineering), rising through the ranks of officers to commander of the US Southern Command and US European command, to taking on his final position as Supreme Allied Commander Europe. DarkReading, March 6, 2020

Hackers Easily Breach U.S. Voting Machines in Chilling ‘Kill Chain’ Trailer… New documentary set to premiere on HBO this month: The vulnerabilities of the United States’ election system are highlighted in the unnerving new trailer for the documentary, Kill Chain: The Cyber War on America’s Elections, debuting March 26th on HBO. Rolling Stone, March 5, 2020

Cyber Medical

How Hackers and Spies Could Sabotage the Coronavirus Fight: Intelligence services have a long history of manipulating information on health issues, and an epidemic is especially tempting for interference. Why aren’t we better prepared? Schneier on Security, February 28, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge