SECURETHEVILLAGE FIRST ANNUAL GOLF TOURNAMENT
The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. A limited number of foursomes and sponsorships are still available.
Individuals at Risk
Cyber Privacy
IOTW: Ransomware thieves publish major airlines’ passenger information: Ransomware group LockBit attacks Bangkok Airways and releases passenger data including passport and credit card information. CyberSecurity Hub, September 3, 2021
Cyber Defense
Microsoft accounts can now go fully passwordless: You can delete your Microsoft account password. TheVerge, September 15, 2021
Cyber Update
Microsoft Patch Tuesday, September 2021 Edition: Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. KrebsOnSecurity, September 14, 2021
Cyber Warning
Beware of these 5 common scams you can encounter on Instagram: From cybercriminal evergreens like phishing to the verification badge scam, we look at the most common tactics fraudsters use to trick their victims. WeLiveSecurity, September 13, 2021
Cyber Misc
Jaw-dropping moments in WSJ’s bombshell Facebook investigation: New York (CNN Business)This week the Wall Street Journal released a series of scathing articles about Facebook, citing leaked internal documents that detail in remarkably frank terms how the company is not only well aware of its platforms’ negative effects on users but also how it has repeatedly failed to address them. CNN, September 16, 2021
Cyber Humor
Information Security Management for the Organization
Information Security Management
FBI and CISA warn of state hackers exploiting critical Zoho bug: The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. BleepingComputer, September 16, 2021
REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out: Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13. ThreatPost, September 16, 2021
X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments: As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses still control their own destiny when it comes to cloud security. Misconfigurations across applications, databases and policies could have stopped two-thirds of breached cloud environments observed by IBM in this year’s report. Security Intelligence, September 15, 2021
Close to half of on-prem databases contain vulnerabilities, with many critical flaws: The Microsoft Exchange attack wave revealed the risks, but patching isn’t always straightforward. ZDNet, September 14, 2021
What is a cyberattack surface and how can you reduce it?: Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. WeLiveSecurity, September 14, 2021
What Is Zero Trust? It Depends What You Want to Hear: The cybersecurity world’s favorite catchphrase isn’t any one product or system, but a holistic approach to minimizing damage. Wired, Septemer 12, 2021
Secure The Human
Cybersecurity Training: How to Build a Company Culture of Cyber Awareness: When I attended new employee orientation at a global technology company several decades ago, I remember very brief cybersecurity training. The gist was to contact someone in IT if we noticed any potential issues. While I was with the company, I only thought about cybersecurity when I passed the server room, and I could only peek into that locked, dark room full of machines when one of the tech guys opened the door. Back then, I always felt that it was someone else’s job to keep our data safe. Time and experience have changed the way I look at things. SecurityIntelligence, September 15, 2021
Cybersecurity in Society
Cyber Crime
Customer Care Giant TTEC Hit By Ransomware: TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. KrebsOnSecurity, September 15, 2021
Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020: Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh. TheRecord, September 15, 2021
Ransomware encrypts South Africa’s entire Dept of Justice network: The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. BleepingComputer, September 15, 2021
Cyber Attack
Anonymous hacks and leaks data from domain registrar Epik: Hacktivist group Anonymous has successfully breached and leaked the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years, such as Gab, Parler, and The Donald. TheRecord, September 15, 2021
Cyber Leak
Over 60 million wearable, fitness tracking records exposed via unsecured database: Data sources included Apple’s HealthKit and Fitbit. ZDNet, September 13, 2021
Cyber Espionage
Pegasus: iPhone hit by NSO Group spyware to hack Saudi activist: Canada-based research group discovers Israeli-developed exploit named ‘Forcedentry’ while testing a Saudi activist’s iPhone. Middle East Eye, September 14, 2021
Know Your Enemy
How Attackers Invest in Cloud-Focused Cybercrime: A new study reveals an active underground market for access credentials to tens of thousands of cloud accounts and resources. Attackers appear to be in lockstep with enterprise organizations in the march to the cloud — but with an entirely different set of objectives, research shows. DarkReading, September 15, 2021
This US company sold iPhone hacking tools to UAE spies: An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates. Technology Review, September 15, 2021
National Cybersecurity
America Has a GPS Problem: The system is essential but also vulnerable. We need a backup. The New York Times, January 23, 2021
Cyber Law
Twitch sues users over alleged “hate raids” against streamers: Lawsuit accuses anonymous users of “targeting black and LGBTQIA+ streamers.” ars technica, September 11, 2021
Cyber Defense
First on CNN Business: Moody’s is spending $250 million to measure the risk of America’s biggest companies getting hacked: (CNN Business)Moody’s is spending hundreds of millions of dollars to better evaluate the cybersecurity risks that face America’s largest corporations. CNN, September 13, 2021
Ransomware Stopper: Mandatory Ransom Payment Disclosure: “Silence is gold.” So says ransomware operator Ragnar Locker in the latest “press release” to be issued via its Tor-based data leak site. BankInfoSecurity, September 10, 2021
Cyber Enforcement
This wannabe hacker was caught in a pretty embarrassing way: Hacker is accused of cracking over 2000 passwords every week. TechRadar, September 12, 2021
‘Every message was copied to the police’: the inside story of the most daring surveillance sting in history: Billed as the most secure phone on the planet, An0m became a viral sensation in the underworld. There was just one problem for anyone using it for criminal means: it was run by the police. The Guardian, September 11, 2021
