This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Stan’s Top of the News
- Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target?: The code, which Microsoft said was installed by a Chinese government hacking group, set off alarms because Guam would be a centerpiece of any U.S. military response to a move against Taiwan. NY Times Free Link
- US officials believe Chinese hackers may still have access to key US computer networks: US officials believe Chinese hackers could still have access to sensitive US computer networks they’ve targeted in recent months as a top American cyber official told CNN he is concerned about the “scope and scale” of the activity. Link to Article.
New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. We feature info on how to freeze your credit and what ‘marriage scams’ are in Edition 1. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription!
How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.
Upcoming events. Please join us.
- Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, July 11, 1:00 pm – 2:00 pm PT. There is no meeting in June.
Cyber Humor
Cybersecurity Nonprofit of the Week … US Valor
Kudos this week to US Valor, a nonprofit with two intertwined objectives: (1) helping veterans transition back into civilian life and (2) helping America meet our cybersecurity workforce challenge. US Valor does this through an innovative Department of Labor approved Apprenticeship Program. The US Valor Cybersecurity Apprenticeship Program (CAP) is all about helping transitioning military personnel and U.S. Veterans experience a smooth transition from military life to the civilian world through its Department of Labor Registered Apprenticeship Program (RAP). I’m a proud member of US Valor’s Advisory Board and I encourage you to support them.
Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform
50/50 Women on Boards: (Video) (Podcast): In this special episode of Live on Cyber, Julie Morris interviews Heather Spilsbury, the Chief Operating Officer of 50/50 Women on Boards. Explore the inspiring journey of 5050 Women on Boards, a nonprofit dedicated to advancing women in corporate board service. Learn how the organization prioritizes safeguarding digital assets and data protection, and gain insights into practical cybersecurity measures and the importance of behavior change and awareness from their board of directors to staff and volunteers. … Stay tuned for more episodes as Julie and special guests explore cybersecurity issues, while Dr. Stan enjoys his summer break.
Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Chase bank blames woman for not protecting her account after scammers stole $160,000: A small business owner lost her life’s savings when scammers pretending to be Chase bank employees defrauded her out of $160,000. Chase refused to refund any of her money, saying she did not take appropriate steps to protect her account. Experts say the bank should adopt stricter security measures to protect customers. Link to Article.
Driver’s Licenses, Addresses, Photos: Inside How TikTok Shares User Data: Employees of the Chinese-owned video app have regularly posted user information on a messaging and collaboration tool called Lark, according to internal documents. NY Times Free Link.
Section 3 – Cybersecurity News for the Cyber-Concerned.
United Nations official and others in Armenia hacked by NSO Group spyware: At least a dozen victims were found to have been hacked by Pegasus during clashes in the region in 2021. … Researchers have documented the first known case of NSO Group’s spyware being used in a military conflict after they discovered that journalists, human rights advocates, a United Nations official, and members of civil society in Armenia were hacked by a government using the spyware. Link to Article.
Threat Actors Compromise Barracuda Email Security Appliances: The company’s ESG appliances were breached, but their other services remain unaffected by the compromise. Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module. Link to Article.
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach: Will Joe Sullivan’s conviction for obstruction in the reporting of the 2016 Uber privacy breach send a chill through the cybersecurity profession? Sullivan tells CSOs he’s worried it just might. Link to Article.
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking: A February 2022 attack knocked the giant tire maker’s North American operations offline for several days. … As a CISO that helped his company navigate through the aftermath of a crippling ransomware attack last year, Bridgestone Americas’ Tom Corridon says his biggest advice for other organizations is to designate key decision-makers for handling such crises before they happen. Link to Article.
U.S. Treasury Sanctions North Korean-Owned Binance Wallets; Says Entities Used Funds to Support WMD Programs: The Binance-hosted wallets received more than $2 million worth of various cryptocurrencies that were then sent on to North Korean entities, OFAC alleged. Link to Article
Suspicion stalks Genesis Market’s competitors following FBI takedown: A month on from an international operation that culminated in the FBI seizing the web domains used by the fraud platform Genesis Market, the cybercrime underworld remains suspicious of its surviving darknet site and slow to move to its competitors. Link to Article.
EU hands Meta record $1.3 billion fine over data transfers to US: The social media giant Meta was hit with a record €1.2 billion fine (about $1.3 billion) on Monday for illegally transferring data on European citizens to the United States. Link to Article.
Huge Tesla leak reveals thousands of safety concerns, privacy problems: The German publication Handelsblattis in possession of more than 23,000 internal files and documents from Tesla after an employee leaked the data. The files include personal information on more than 100,000 current and former employees, as well as thousands of reports of problems with Tesla’s advanced driving assistance systems, Autopilot, and “Full Self-Driving.” Link to Article.
Health insurer says patients’ information was stolen in ransomware attack: One of New England’s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack. Link to Article.
Food distributor Sysco says cyberattack potentially leaked 125,000 Social Security numbers: A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees. Link to Article.
Dish says ransomware gang stole almost 300,000 employee records: U.S. satellite television giant Dish has confirmed that hackers stole the personal information of almost 300,000 individuals during a February ransomware attack. Link to Article.
Mazars Group allegedly breached by BlackCat cybercrooks: Russia-linked ransomware syndicate ALPHV/BlackCat claims to have stolen sensitive data from Mazars Group, an international audit, accounting, and consulting firm. A post on the gang’s dark web blog says that crooks took over 700 GB of data, including agreements, financial records, and other sensitive information. Link to Article.
Section 4 – Managing Information Security and Privacy in Your Organization.
Building an Effective Cybersecurity Training Program: Just as sports teams practice and train for upcoming games, your organization should be constantly and consistently practicing and training for cybersecurity events, building the muscles and skills they’ll need to respond when a cyber-attack inevitably happens Link to Article.
