Individuals at Risk
Identity Theft
She responded to a smishing scam. Then the spam texts got worse. Experts explain why. Text message scams are on the rise, but there’s little that can be done to stop them: It took just a momentary lapse in judgment for Alyssa Beckwith to fall for the scam. Yahoo, May 6, 2021
Cyber Privacy
96% of US users opt out of app tracking in iOS 14.5, analytics find: Some of the first data on user behavior exceeds advertisers’ worst fears. ars technica, May 7, 2021
They Told Their Therapists Everything. Hackers Leaked It All: A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach. Wired, May 4, 2021
Cyber Update
Severe vulnerabilities in Dell firmware update driver found and fixed: Dell firmware update driver 2.3 can be exploited to gain kernel-level privilege. ars technica, May 5, 2021
Cyber Defense – World Password Day
Google will automatically enroll users in two-factor authentication soon: Google hates passwords, so it’s trying to replace them with two-factor authentication. PCWorld, May 6, 2021
Class Is In Session With Dashlane’s “Worst Password Awards”: NEW YORK, May 5, 2021 /PRNewswire/ — Ahead of World Password Day, Dashlane shares its first-ever, mid-year Worst Password Awards—a reminder of how easy it is to make a password faux pas, even when we think we’re protected. Dashlane champions the awareness that World Password Day brings for creating strong and unique passwords for every account, but unfortunately the “holiday” is not always a cause for celebration. As data breaches continue to make headlines, it’s clear that people and businesses need more education and easy-to-use tools that align with their online behaviors in order to pass the cybersecurity test. THe Record, May 5, 2021
Planning Our Passwordless Future: All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. DarkReading, May 5, 2021
The Wages of Password Re-use: Your Money or Your Life: When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. KrebsOnSecurity, May 4, 2021
The password hall of shame (and 10 tips for better password security): Banish these common passwords now and employ these tips for better password security. CSO, April 15, 2021
Cyber Humor
Information Security Management for the Organization
Cybersecurity in the C-Suite & Board
Leading from the Top: Information Security Governance: Most of the business leaders and executives that I talk to frame information security as a problem for IT to manage and solve; however, IT cannot and should not manage or solve this problem on their own. David Lam, Partner & CISO, Miller Kaplan, LA Business Journal, May 3, 2021
Information Security Management
Malicious Office 365 Apps Are the Ultimate Insiders: Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. KrebsOnSecurity, May 5, 2021
Secure The Human
Cybersecurity: Don’t blame employees—make them feel like part of the solution: Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice. TechRepublic, May 6, 2021
Cyber Insurance
Insurer AXA Halts Ransomware Crime Reimbursement in France: In an apparent industry first, the global insurance company AXA says it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. US News & World Report, May 6, 2021
Cybersecurity in Society
Cyber Crime
Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel: Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack. ZDNet, May 8, 2021
Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage: NEWTOWN, N.D. — On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information. NativeNewsOnline, May 7, 2021
Microsoft: Business email compromise attack targeted dozens of orgs: Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started. BleepingComputer, May 7, 2021
Ransomware Recovery Costs More Than Double in a Year, Now Average $1.85 Million: A new report from cybersecurity firm Sophos indicates that ransomware recovery costs have shot up in the past year, with the average case approaching $2 million in total expenses. This is up from an average of $761,000 in 2020. CPO, May 7, 2021
Ryuk ransomware attack caused by student pirating software: A software crack came with an info-stealer. TechRadarPro, May 7, 2021
Scripps Health’s Cyber Outage Caused By ‘Ransomware Attacks’: Cal. Dept. of Public Health: On Friday, the California Department of Public Health (CDPH) described the ongoing situation at Scripps Heath as a case of “ransomware attacks.” NBC, May 7, 2021
Massive DDoS Attack Disrupts Belgium Parliament: A large-scale incident earlier this week against Belnet and other ISPs has sent a wave of internet disruption across numerous Belgian government, scientific and educational institutions. ThreatPost, May 6, 2021
Cyber Defense
U.S. Federal Agencies Unite to Mitigate Ransomware Menace – MSSP Alert: The ransomware scourge, which previously had caught the federal government’s interest, has now captured its full attention as cyber extortion attacks on agencies, schools, hospitals and other big game targets have skyrocketed. MSSP Alert, May 7, 2021
National Cybersecurity – Solar Winds
US, UK Agencies Warn Russian Hackers Are Adapting Based on Government Advisories: The adversary is changing its tools to avoid detection while attacking the vulnerabilities governments issue warnings about. NextGov, May 7, 2021
SolarWinds: Hackers Accessed Our Office 365 Since Early 2019: Hackers persistently accessed SolarWinds’ internal systems, Microsoft Office 365 environment and software development environment for months before carrying out their vicious cyberattack, the company said. CRN, May 7, 2021
National Cybersecurity
The Cybersecurity 202: Lawmakers want greater resources, authorities for CISA to protect critical infrastructure. Cyber Readiness Institute calls out urgent need to strengthen cyber readiness of small & Medium-sized businesses.: Leading voices in Congress say the nation’s top cybersecurity agency needs better resources to handle growing threats to critical services like water and power. Washington Post, May 7, 2021
Cyber Law
Key Developments in CCPA Litigation for Q1 2021: As we move deeper into the second year of CCPA litigation, the substantive issues continue to develop and we remain focused on the patterns and implications of recent filings and rulings. In this post, we highlight notable developments in three cases that occurred in the first quarter of 2021. These cases raise significant issues regarding judicial interpretation of the private right of action in the CCPA, the definition of a “data breach,” and CCPA plaintiffs’ ability to access pre-complaint discovery. AdLawAccess, May 4, 2021
Internet of Things
A Tesla is a computer on wheels, so don’t be surprised how it got hacked: Like any gadget, a Tesla is a computer just waiting to get hacked. Fox, May 8, 2021
Cyber Misc
Opposition to Net Neutrality Was Faked, New York Says: The state attorney general’s office reached an agreement that levies millions in penalties on third-party services that generated the comments. New York Times, May 6, 2021
