Cybersecurity News of the Week, April 5, 2020

SecureTheVillage Calendar

CANCELLED: 2020 Cyber Trends: CCPA Compliance | Hack Trends – Professional Panel , April 7, Long Beach

Webinar: Security Challenges We Are All Facing, SecureTheVillage Board Member Jason Meshekow of intouch insurance and Sanjay Parikh, Critical Start’s VP of Professional Services, online, April 7 @ 11:00 am – 12:00 pm

Webinar: Preparing for CMMC Certification, SecureTheVillage Board Member Chris Rose and SecureTheVillage President Dr. Stan Stahl, Online, April 9 @ 10:00 am – 11:00 am

Personal Cyber Security with Dr. Steve Krantz, May 26 @ 1:00 pm – 2:30 pm Calabasas Senior Center Calabasas, CA

Personal Cyber Security with Dr. Steve Krantz, July 21 @ 1:00 pm – 2:30 pm Calabasas Senior Center Calabasas, CA

SecureTheVillage — In the News

CyberGuardian: A SecureTheVillage Guide for Residents – Kindle Edition – By Steve Krantz, Ph.D., Board of Directors, SecureTheVillage A CyberGuardian has the knowledge, skills, and commitment needed to meet the ongoing challenges of cybercrime, computer privacy and information security. A CyberGuardian is prepared to protect themselves, their family, their community, and their village from cybercrime. This book provides the necessary knowledge to create and maintain the skills of CyberGuardians, leading to secure villages everywhere. A safe electronic village is one where cybercrime is overwhelmingly prevented or readily mitigated when it occurs. The audience for this book, therefore, is those Internet-using villagers seeking to become CyberGuardians, to minimize the risks of today’s online environment. It is sensible to be fearful of these risks, while at the same time eager for the benefits of cyber technology.

Protecting Our Privacy: Cybersecurity advocate and SecureTheVillage Board member George Usi on how businesses can prepare for an eventual compromise: George Usi founded Rancho Cordova-based Omnistruct in 2019, selling cybersecurity compliance programs to businesses. Usi is now helping launch a Sacramento chapter of SecureTheVillage, an initiative to equip people and organizations with the knowledge and skills to combat online dangers. Comstock’s spoke with Usi about his mission to educate businesses so they can manage their risk when a cybersecurity breach occurs. Comstock’s Magazine, April 3, 2020

How to Protect Your Company Without Breaking the Bank: SecureTheVillage Founder and President Stan Stahl and the Cyber Readiness Institute’s Managing Director Kiersten Todt discuss cybersecurity management for smaller organizations in this 30 minute video recorded at a recent WSJ PRO Cybersecurity Symposium.

Individuals at Risk

Cyber Privacy

Users leave thousands of Zoom video calls exposed on open web. … Users: Protect your Zoom calls when storing them on sites like Dropbox & Google. Zoom must up its security game. So must users: Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing. The Washington Post, April 3, 2020

A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles: After inquiry from reporters, Zoom said it would disable a data-mining feature that could be used to snoop on participants during meetings without their knowledge. The New York Times, April 2, 2020

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig … Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet: Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. ThreatPost, April 2, 2020https://www.bankinfosecurity.com/washington-governor-signs-facial-recognition-law-a-14052

“World’s most secure online backup” provider SOS Records exposes 135M records: In August 2018, John McAfee boasted about the Bitfi crypto wallet app being “unhackable” and it didn’t take hackers much to hack the wallet app twice forcing the company to remove the “unhackable” tag. HackRead, April 1, 2020

Cyber Danger

‘Zoom is malware’: why experts worry about the video conferencing platform. … The company has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster.’: As coronavirus lockdowns have moved many in-person activities online, the use of the video-conferencing platform Zoom has quickly escalated. So, too, have concerns about its security. The Guardian, April 2, 2020

‘Zoombombing’ Becomes a Dangerous Organized Effort. Zoom, the videoconferencing app, has become a target for harassment and abuse coordinated in private off-platform chats: In recent weeks, as schools, businesses, support groups and millions of individuals have adopted Zoom as a meeting platform in an increasingly remote world, reports of “Zoombombing” or “Zoom raiding” by uninvited participants have become frequent. The New York Times, April 3, 2020

Watch out for the new wave of COVID-19 scams, warns IRS: Fellow US taxpayers, are you eager to get your hands on the $1,200 bailout money you’ve been hearing about? … so eager you’re open to offers to help get it faster? NakedSecurity, April 3, 2020

Attackers can use Zoom to steal users’ Windows credentials with no warning: Zoom for Windows converts network locations into clickable links. What could go wrong? ars technica, April 1, 2020

Healthcare Workers Targeted By Dangerous New Windows Ransomware Campaign Using Coronavirus As Bait: Cybercriminals, who truly deserve the epithet of cyberscum, are attacking healthcare targets with a new and dangerous Windows ransomware campaign. Forbes, March 22, 2020

Cyber Update

Firefox gets fixes for two zero-days exploited in the wild: Firefox users are advised to update their browsers to patch two bugs that are being exploited in the real world by hackers. ZDNet, April 3, 2020

Google Squashes High-Severity Flaws in Chrome Browser: Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days. ThreatPost, April 2, 2020

Cyber Defense

‘War Dialing’ Tool Exposes Zoom’s Password Problems: As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a crazy number of meetings at major corporations are not being protected by a password. KrebOnSecurity, April 2, 2020

Coronavirus fraud is so bad the FTC made a scam bingo card: With much of the country in quarantine advised to practice social distancing measures, the risk of scams has spiked. Already, coronavirus-related robocalls have gotten worse as scammers have pivoted to use fear and isolation to their advantage. Yahoo, April 1, 2020

Cyber Humor

Information Security Management in the Organization

Cybersecurity in the C-Suite & Board

You Should Be Thinking About Privacy and Security Right Now! Robert Braun, Esq., JMBM Cybersecurity Lawyer Forum. Robert is a Member of the SecureTheVillage Leadership Council: There’s no question that this is one of the most difficult times we have faced. The turnaround from nearly full employment to 3,000,000 new unemployment claims, the sequestration of two-thirds of the population, the closing of restaurants, entertainment venues, places of worship, mass furloughs and layoffs, the elimination of the social interactions which we thrive on – these are not normal times. And, moreover, the world that emerges from the Covid-19 pandemic will be very different from the world that preceded it. Cybersecurity Lawyer Forum, April 2, 2020

Cyber Warning

This is Not Your Father’s Ransomware … Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister: We all know that old expression about working hard. Your dad probably used it on you a few times. It goes: If at first you don’t succeed, try, try again. DarkReading, April 3, 2020

These scammers are looking for a way into your email accounts … Business Email Compromise (BEC) operations are becoming more successful at using email to help steal large amounts of money from targets, warns report: Business email compromise (BEC) attacks have more than doubled in the past year as cyber criminals try to use their email scams against big businesses. ZDNet, April 1, 2020

Cyber Defense

Want to Improve Cloud Security? It Starts with Logging: Remedying the “garbage in, garbage out” problem requires an understanding of what is causing the problem in the first place. DarkReading, April 3, 2020

Cybersecurity in Society

Cyber Privacy

Washington Governor Signs Facial Recognition Law: Washington Governor Signs Facial Recognition Law. BankInfoSecurity, April 2, 2020

Use of Mobile Phone Location Data to Track Coronavirus Has Positive Health Outcomes, But Raises Serious Privacy Concerns: As countries around the world struggle to control the spread of coronavirus, South Korea has been held up as a model of early success in containment. This is attributed to a number of measures that were implemented rapidly: drive-through testing sites, screenings at airports, and widespread temperature checks at building entrances among them. One added measure also appears to have been critical, but is also highly controversial: widespread tracking of mobile phone location data to trace paths of infection. CPO, April 2, 2020

Cyber Crime

What You Need To Know About Marriott’s Recent Data Breach: On Tuesday, March 31st, Marriott International announced that there may have been a data breach that compromised the information of over 5.2 million guests. This is the second time in the past two years that the hotel group has experienced such a massive breach. LifeHacker, April 3, 2020

Beazley: Ransomware attacks on clients ‘skyrocketed’ in 2019. The 2020 Beazley Breach Briefing reported a 131% increase in reported attacks against clients last year, and the insurance giant isn’t expecting the trend to slow down: Insurance giant Beazley saw a huge spike in ransomware attacks in 2019, reporting a 131% increase in client incidents, according to new research from the company. SearchSecurity, April 2, 2020

Hackers ‘without conscience’ demand ransom from dozens of hospitals and labs working on coronavirus: When hackers broke into computers at Hammersmith Medicines Research, a London-based company that carries out clinical trials for new medicines, it was a nightmare scenario for managing director Malcolm Boyce. Fortune, April 1, 2020

Cyber Attack

Nation-State DDoS Attacks May Be the “New Normal”; Leaked Documents Reveal Russia’s FSB Is Seeking to Build a Massive IoT Botnet: Documents obtained from the Russian military by a hacking group indicate that the country’s Federal Security Service (FSB) is actively working on building a giant Internet of Things (IoT) botnet. The documents specifically reference the infamous Mirai botnet as a source of inspiration, indicating that the country is seeking the ability to direct crippling distributed denial of service (DDoS) attacks against rivals. CPO, April 3, 2020

‘Elite Hackers’ Thought Behind Cyber Attack On World Health Organization: The World Health Organization (WHO) plays a vital role during the coronavirus pandemic. Abhorrent hackers don’t give two hoots as cyber attacks against the WHO double. Forbes, March 25, 2020

Cyber Defense

Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks. Goal is to help organizations – especially healthcare entities – protect against cybercriminals trying to take advantage of the pandemic: A group of cybersecurity experts from around the world — including from companies like Microsoft and Okta — have teamed to help organizations fight COVID-19-related hacking and phishing attacks. DarkReading, March 26, 2020

Cyber Freedom

The Cybersecurity 202: States plan to expand mobile voting amid coronavirus pandemic, despite security concerns: Some states are planning to dramatically expand their use of mobile voting in response to the coronavirus pandemic – even as cybersecurity experts warn such systems are unproven and too vulnerable to hacking. Washington Post, April 2, 2020

Cyber Enforcement

Russians Shut Down Huge Card Fraud Ring: Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade. KrebOnSecurity, March 26, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge