SecureTheVillage Calendar
Financial Services Cybersecurity Roundtable with Keith R. Forrester. August 21 @ 8:00 am – 10:00 am PDT
CyberFreedomWebinar: Taming The Tiger: How to Detect, Deter, & Defeat Disinformation with Marc Ambinder. September 8 @ 10:00 am – 11:00 am PDT
Information Security Management Webinar: The Great Reboot: Succeeding in a World of Catastrophic Risk and Opportunity with Bob Zukis & Others. September 10 @ 10:00 am – 11:00 am PDT
Insurance Brokers Cybersecurity Roundtable: Cybersecurity Essentials for Small & Medium Businesses with Deron T. McElroy, CISA. September 15 @ 2:00 pm – 3:00 pm PDT
Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST
Individuals at Risk
Cyber Privacy
Hacker leaks data for U.S. gun exchange site on cybercrime forum: A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. BleepingComputer, August 13, 2020
TikTok users ‘voluntarily’ giving their data to China, Justice official says: U.S. officials have repeatedly expressed concern that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment (allegations Beijing denies). cyber scoop, August 12, 2020
Identity Theft
Why & Where You Should You Plant Your Flag: Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. KrebsOnSecurity, August 12, 2020
Cyber Update
Microsoft Patch Tuesday, August 2020 Edition: Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! KrebsOnSecurity, August 11, 2020
Cyber Humor
Information Security Management for the Organization
Cybersecurity in the C-Suite & Board
How Executive Leaders Should Confront Ransomware: Recent high-profile ransomware attacks have seen victims succumb to the demands of attackers and pay the ransom. Any executive can sympathize with the urge to recover sensitive company data, and can probably understand the impulse to simply fold, hand over the ransom, and move on. CEO World, August 12, 2020
Information Security Management
What Is the Real Cost of a Data Breach? New Report Indicates It’s About $4 Million to $9 Million for SMEs: There is a growing understanding across all types of organizations that the cost of data breaches often far exceeds the cost of preventive measures. However, there is still some fuzziness as to exactly what the total bill will be given various long-term effects that are hard to quantify. CPO, August 14, 2020
You weren’t hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It’s far simpler than that … Three little words: Patches, passwords, policies: The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks. The Register, August 13, 2020
More attackers trying to sabotage incident response tactics: The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. SC Magazine, August 7, 2020
Privacy Management
PrivacyOps: Reimagining Privacy Compliance: Following several high profile incidents highlighting the harm that can be done when personal information is mishandled or abused, there is now a growing awareness that privacy is a basic human right. A wave of new privacy regulations such as the European Union’s GDPR, California’s CCPA, Brazil’s LGPD, and more aim to give consumers greater control of their personal information held by companies. CPO, August 13, 2020
Cybersecurity in Society
Cyber Privacy
DOJ Official Spells Out Concerns About TikTok, WeChat: Assistant Attorney General Says China Could Use Data Gathered for Intelligence Purposes. BankInfoSecurity, August 14, 2020
Oracle and Salesforce hit with GDPR class action lawsuits over cookie tracking consent: The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands. Techcrunch, August 14, 2020
New Ponemon Institute Report Indicates Major Consumer Privacy Gap … Most Consumers Feel They Have Little Control Over Personal Information, Want Government Regulation: A new study from the Ponemon Institute indicates that people are increasingly aware of online consumer privacy issues, but also overwhelmingly feel that they do not have the tools to protect themselves and are looking to government to intervene. CPO, August 13, 2020
Cyber Crime
U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen: Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Bleeping Computer, August 15, 2020
Maze delivers on threat to publish data stolen from Canon: Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. SC Media, August 14, 2020
Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered Systems Useless: It is believed that Garmin paid the $10 million ransom. Cyber Security Hub, August 14 ,2020
Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack: R1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. KrebsOnSecurity, August 14, 2020
National Cybersecurity
$28 Billion for State Security, IT Upgrades Proposed: Legislation Based on Cyberspace Solarium Commission’s Recommendations. BankInfoSecurity, August 14, 2020
Cyber Freedom
Facebook, Twitter and Google failed to protect the 2016 election. Now they want to prove they’ve learned their lesson: (CNN)For the past four years, tech giants including Facebook (FB), Google (GOOGL) and Twitter (TWTR) have invested massively in beefing up their election security efforts — creating new rules for political advertisers, hiring thousands of content moderators and building ties with law enforcement. The aim has been to avoid a repeat of the 2016 campaign, which was marred by foreign meddling and highlighted how woefully unprepared social media companies were for an attack on US democracy leveraging their platforms. CNN, August 14, 2020
Ransomware Feared as Possible Saboteur for November Election: WASHINGTON — Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal. The New York Times, August 2, 2020
Annual election security tabletop drill put officials through ‘Armageddon-like’ test: The Department of Homeland Security this week held its third annual tabletop exercise for state and local election officials, simulating how some of the worst-case scenarios, including potential cyberattacks, physical attempts to disrupt the voting process and civil unrest would play out. statescoop, July 31, 2020
MAIL-IN VOTING IN 2020 INFRASTRUCTURE RISK ASSESSMENT: Each method of voting carries risks that election officials must manage. This risk assessment is designed to assess the risks to the mail-in-voting election systems, processes, and infrastructure to inform states, localities, and industry. i This risk assessment only examines the specific risks to the election infrastructure and operations that are associated with mail-in voting. CISA, July 28, 2020
2020 Voter Registration Data Base (VRDB) Security Report: During the last presidential election year, foreign adversaries waged disinformation campaigns and, in a small number of cases, infiltrated voter registration databases (VRDBs). Now, there are a growing number of reports raising the specter of another presidential election that will be conducted under the shadow of extensive foreign interference campaigns. In 2016, the Russian government was the predominant adversary seeking to interfere with U.S. elections. This year, China and Iran have joined Russia as potential threats to the integrity of our nation’s elections. We can—and should—expect attacks on election infrastructure and other attempts to undermine voter confidence. Fortunately, election officials have continued to work tirelessly over the last few years, meaning this year’s election will be the most secure election in recent history. The Center for Election Innovation & Research, 2020
Cyber Warning
Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails: The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. US Cert, August 12, 2020
Cyber Disinformation
Chinese accounts blast Trump, with help from AI-generated pictures: Chinese social media accounts are not happy with President Donald Trump. cyber scoop, August 13, 2020
Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine: A verified Twitter account impersonating a top World Health Organization official recently alleged that the Trump administration was going to test a coronavirus vaccine on Black Americans without their knowledge or informed consent. cyberscoop, August 12, 2020
