Cybersecurity News of the Week, May 24, 2020

SecureTheVillage Calendar

TownHallWebinar: Online Event: Doing it…. Online with Dr. Steve Krantz. June 3 @ 1:00 pm – 2:30 pm PDT

TownHallWebinar: Ephemeral Messaging: Balancing the Benefits and Risks from Leadership Council Member Driven. June 3 @ 2:00 pm – 3:00 pm EDT

TownHallWebinar: Securing Your Home and Family (Part 2) – SecureTheVillage. June 11 @ 10:00 am – 11:00 am PDT

Financial Services Cybersecurity Roundtable: Cyber and the Insider Threat – June 2020. June 19 @ 8:00 am – 10:00 am PDT

STVHappyHour: A CIO and a Cyberinsurance Broker Walk Into a Bar … June 23 @ 4:30 pm – 5:30 pm PDT

TownHallWebinar: Up On Cyber 2020. June 25 @ 8:00 am – 12:30 pm PDT

TownHallWebinar: Personal Cyber Security with Dr. Steve Krantz. July 21 @ 1:00 pm – 2:30 pm PDT Calabasas Senior Center Calabasas, CA

Individuals at Risk

Cyber Privacy

Beware calls from unknown numbers – this top messaging app has placed millions of iOS and Android users at risk … Security flaw discovered in Signal messaging app for Android and iOS – so update now: Researchers have identified a security vulnerability in popular privacy-centric messaging app Signal. TechRadar, May 21, 2020

Unemployment Data Leaked: Names, Full SSN, Addresses: As if adjusting to Covid-19 life, trying to stay safe, losing a job and struggling with finances weren’t enough. The newly unemployed now have one more thing to add to the list. NBC reports that four states—possibly more—are warning unemployment applicants “that their personal information may have been leaked.” Boy, when it rains, it really does pour. Forbes, May 21, 2020

I tried to delete myself from the internet. Here’s what I learned: It was MyLife that broke me. After spending hours studying FAQ pages, sending terse emails and making occasional phone calls in an earnest-if-naive attempt to take back some control of my personal information online, I had my first demoralizing moment. CNN, May 21, 2020

Cyber Defense

5 Simple Ways to Make Your Gmail Inbox Safer: These built-in features protect your data and can help keep your inbox tidy too. Wired, May 23, 2020

How your passwords can end up for sale on the dark web … And what you can do about it: San Francisco (CNN Business)Last month, Zoom joined a long list of companies whose user data has fallen prey to hackers. More than half a million account logins for the hugely popular video conferencing platform were discovered on the dark web, either offered for free or for next to nothing. CNN, May 7, 2020

Cyber Danger

Hacked Zoom installers taking over PCs — protect yourself now: Two more corrupted Zoom installers are out there waiting for people to download and run them, Trend Micro researchers reported today (May 21). Tom’s Guide, May 21, 2020

Nasty Bluetooth flaw hits billions of devices — what to do now: A flaw in an older version of the Bluetooth protocol lets hackers pair their devices with yours, potentially leaving billions of devices open to attack. Affected devices may include, but are not limited to, iPhones, Pixels, Samsung Galaxy phones, Lenovo, Apple and HP laptops, and Sennheiser, Philips and Plantronics headphones. Tom’s Guide, May 20, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management and Governance

What is the future of cybersecurity?: More of our personal lives and business activities are being conducted online than ever, making cybersecurity a key issue of our time. Understanding what the future of cybersecurity is will show you how to make the best use of your resources and stay safe not just today, but tomorrow too. TechRadar, May 19, 2020

Privacy Management

Two Years In, IT Thought Leaders Evaluate GDPR’s Impact: It’s been two years since the General Data Protection Regulation, or GDPR, was put into force by the European Union on May 25, 2018. eWeek, May 22, 2020

Who Owns Privacy? How the privacy problem is breaking down organizational silos and driving new cross-functional collaborations: With GDPR, CCPA, and a US federal bill being actively considered by Congress, we’ve reached a regulatory ‘point of no return’ with privacy compliance. GDPR alone has generated over 30 large fines worth more than 400 million euros in less than 24 months… And we’ve yet to observe the initial cost of non-compliance with CCPA. CPO, May 21, 2020

Tackling Privacy by Design: Practical Advice Following Multiple Implementations: When advising clients on Privacy by Design (PbD) implementation, I often feel like the voice in his or her head is saying, “I see your lips moving, but all I hear is blah, blah, blah.” After experiencing those moments a few times, it occurred to me how professionals living in the PbD space are speaking a different language from business owners, product and service designers, and those in charge of privacy compliance for their organization. The purpose of this article is to demystify PbD (a bit), and to offer some practical advice for businesses looking to implement PbD in its products and services. CPO, May 21, 2020

Cyber Danger

Are Your Devices Patched & Up-to-Date? … Hacked Law Firm May Have Had Unpatched Pulse Secure VPN: A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say. BankInfoSecurity, May 21, 2020

Microsoft warns of ‘massive’ COVID-19 email phishing campaign: What to do: Here’s how to spot the phishing emails. Laptop Magazine, May 21, 2020

Know Your Enemy

Silent Night Banking Trojan Charges Top Dollar on the Underground: The malware-as-a-service is advanced, obfuscated and modular — and built for mass campaigns. ThreatPost, May 21, 2020

Hot Offering on Darknet: Access to Corporate Networks … More Ads Offer Access for a Substantial Price: Positive Technologies: The number of darknet forum advertisements offering full access to corporate networks jumped almost 70% during the first quarter of 2020, compared to the previous quarter, posing a significant potential risk to corporations and their now remote workforces, according to security firm Positive Technologies. BankInfoSecurity, May 21, 2020

Cyber Warning

Forget BYOD, this is BYOVM: Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems: With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine. TheRegister, May 21, 2020

Cyber Talent

Changing Cybersecurity Behaviors in the Workplace: A Critique of the Evidence: With human aspects of cybersecurity increasingly recognized as a core part of organizational security management, it is crucial that information security leadership colleagues understand how secure employee behavior is shaped and promoted. InfoSecurity, May 22, 2020

Cybersecurity in Society

Cyber Privacy

Grandmother’s Refusal to Remove Photos From Facebook Tests Privacy Law: A Dutch court ruled a woman violated Europe’s General Data Protection Regulation after refusing to take down photos of her grandchildren from social media. The New York Times, May 22, 2020

Essays: The Public Good Requires Private Data: There’s been a fundamental battle in Western societies about the use of personal data, one that pits the individual’s right to privacy against the value of that data to all of us collectively. Until now, most of that discussion has focused on surveillance capitalism. For example, Google Maps shows us real-time traffic, but it does so by collecting location data from everyone using the service. Schneier on Security, May 16, 2020

Cyber Crime

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs: A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. KrebsOnSecurity, May 16, 2020

Cyber Espionage

NSO Group Impersonates Facebook Security Team to Spread Spyware — Report: An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal. ThreatPost, May 22, 2020

Know Your Enemy

Modern Vigilantes … ‘Robin Hood of ransomware’ wreaks revenge on shady businesses: A hacking group has begun targeting companies carrying out “loan scams.” TechRadarPro, May 21, 2020

This Service Helps Malware Authors Fix Flaws in their Code: Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. KrebsOnSecurity, May 18, 2020

Cyber Talent

Virtual cybersecurity school teaches kids to fix security flaws and hunt down hackers: (CNN Business)When Christopher Boddy was 14 years old, he’d log onto his computer after school to spend hours playing a game that taught him the basics of digital forensics, ethical hacking and cryptography. CNN, May 20, 2020

Cyber Enforcement

Ukraine Nabs Suspect in 773M Password ‘Megabreach’: In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case. KrebsOnSecurity, May 19, 2020

Government Powers in Coronavirus Age

How the Coronavirus Pandemic Will Permanently Expand Government Powers: Ten leading global thinkers on an expansion of government powers. Foriegn Policy, May 16, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge