SecureTheVillage Calendar
CyberFreedom: Protecting Our Identities. Securing Our Economy. Preserving Our Freedoms. Stan Stahl, Westwood Village Rotary Club, February 20, 2020, 11:30 – 1:30.
Thirsty Thursday Executive Cybersecurity Awareness Training: Securely lead your organization in 2020 with Howard Miller, Matt Mayo, and Jeremy Meighan, February 20, 5:30 – 7:00, Valencia, CA
How to Get Cyber Secure Without Breaking the Bank with Stan Stahl and Cheryl Washington, SCSIM Inaugural All Day Summit, February 27, 10:00 – 10:45, Long Beach, CA
Personal Cyber Security with Dr. Steve Krantz, March 10, 1:00 – 2:30, Calabasas, CA
Individuals at Risk
Identity Theft
New report finds consumers overwhelmed by Identity Theft worries: A new report from cyber security provider F-Secure finds a steady barrage of major data breaches have left a vast majority of consumers worried about the online crimes that lead to identity theft and account takeovers. Moneycontrol, February 13, 2020
Cyber Danger
Nasty Android malware reinfects its targets, and no one knows how: A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off. ars technica, February 13, 2020
Apple’s malware problem is getting worse … The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy: Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy. ReCode, February 12, 2020
More Phishing Campaigns Tied to Coronavirus Fears: As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets. BankInfoSecurity, February 11, 2020
Cyber Update
Microsoft Patch Tuesday, February 2020 Edition: Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat. KrebsOnSecurity, February 11, 2020
Cyber Defense
Check Chrome and Remove Any of These 70+ Malware Extensions: Another day, another batch of crappy Chrome extensions that you shouldn’t be using. Once again, Google has identified a number of bad actors its Chrome Web Store and given them the boot—but that doesn’t automatically remove these malware extensions from your browser, so you might want to do a quick cross-reference of any extensions that sound a little odd. LifeHacker, February 14, 2020
Cyber Humor
Information Security and Privacy Management for the Organization
Information Security Management and Governance
AI and Security … A VentureBeat Special Issue … 11 stories on how AI is both threat and salvation: Both AI and cybersecurity are nearly omnipresent in our daily lives, and the intersection of the two is of increasing importance as our world becomes more connected, more “intelligent,” and more reliant on online or automated systems. AI technology can impact existing problems in cybersecurity, national security, physical safety, and even media consumption. VentureBeat, February 2020
What Is a DDoS Attack?: After 20 years of prominence, distributed denial-of-service (DDoS) attacks may be causing more devastating effects than ever. The first DDoS attack occurred way back on July 22, 1999 when a network of 114 computers infected with a malicious script called Trin00 attacked a computer at the University of Minnesota, according to MIT Technology Review. The infected computers overwhelmed the university computer with bogus data packets, preventing it from handling legitimate requests. SecurityIntelligence, February 14, 2020
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019: Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter. DarkReading, February 13, 2020
To Break The Rules Of Cybersecurity, You Must Know The Rules Of Cybersecurity: In jazz, the art of improvisation requires a mastery of music theory. To the casual listener, a jam session may sound like musicians making things up as they go along, but there’s nothing random about the notes and rhythm. On the contrary, behind what seems like chaos is artistry born of a deep knowledge and respect for the structure of music. To be able to break the rules, the old saying goes, you first have to learn the rules. Forbes, February 12, 2020
X-Force Threat Intelligence Index Reveals Top Cybersecurity Risks of 2020: The volume of threats that security teams see on a daily basis can make it especially difficult to look at the big picture when it comes to developing an effective cybersecurity strategy. To see through the flood of data and alerts, organizations depend on actionable threat intelligence to help them understand and mitigate risks. Looking at long-term trends can also help organizations make effective decisions for allocating resources to prevent costly breaches, ransomware and destructive attacks. SecurityIntelligence, February 11, 2020
Cybersecurity in 2020: From secure code to defense in depth … An overview with links to articles that go deeper: CIO, Computerworld, CSO, InfoWorld, and Network World tackle the hot security issues, from prioritizing risk to securing digital transformation. CSO, February 10, 2020
Cybersecurity in the C-Suite & Board
Companies With Data Privacy Practices Enjoy Big Financial Benefits: Businesses investing in their privacy experience pronounced financial benefits, a new Cisco study suggests. According to the paper, entitled ‘Cisco Data Privacy Benchmark Study 2020’, businesses see an average return of 2.7 times on their original investment when they bankroll data privacy practices — confirming for the first time what had long been suspected by privacy advocates. CPO, February 12, 2020
Cyber Defense
Why Ransomware Will Soon Target the Cloud…And Basic Ideas to Help Manage it.: As businesses’ daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud. DarkReading, February 11, 2020
Secure The Human
We Need More Than Security Awareness to Combat Insider Threats: When I was new to the security industry, I firmly believed that people got infected with malware because they didn’t know how to be safe online. I thought problems happened because computers were too complicated, or the technology was too daunting, or people were just too trusting and naive. But clearly I knew better. I saw the dangers lurking on the internet and knew how attacks worked, so all I had to do to end the risk of insider threats was tell people how to protect themselves. SecurityIntelligence, February 12, 2020
Cyber Warning
Ransomware in 2020: More targeted, sophisticated, and costly: Ransomware has matured and its threat level is now on par with APTs as attackers use better tools and learn from past mistakes. CSO, February 10, 2020
Dangerous Domain Corp.com Goes Up for Sale: As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe. KrebsOnSecurity, February 8, 2020
Cyber Insurance
Ransomware Attacks Are Causing Cyber Insurance Rates to Go Through the Roof; Premiums up as Much as 25 Percent: After a brief lull, ransomware attacks have roared back as a major and persistent security problem in the past year. These attacks have become so frequent and so widespread that cyber insurance rates are spiking, with Reuters reporting some premiums increasing as much as 25% in price. CPO, February 10, 2020
Cybersecurity in Society
Cyber Crime
Wyoming health system COO shares story of ransomware attack: After experiencing a ransomware attack in September 2019, Campbell County Health COO Colleen Heeter stresses the importance of backups, according to the Laramie Boomerang. Beckers Healthcare, February 14, 2020
The FBI Issues A Powerful $3.5 Billion Cybercrime Warning: The Federal Bureau of Investigation (FBI) has released the Internet Crime Complaint Center (IC3) “2019 Internet Crime Report.” For everyone but those engaged in cybercrime, it makes for very difficult reading. Across that one year, the number of cybercrime complaints from both individuals and business organizations reached a staggering 467,361. The total cost of those reported crimes was even more mind-boggling: in excess of $3.5 billion (£2.7 billion.) Forbes, February 13, 2020
Ransomware Attacks Grow, Crippling Cities and Businesses: Hackers are locking people out of their networks and demanding big payments to get back in. New data shows just how common and damaging the attacks have become. The New York Times, February 9, 2020
Know Your Enemy
US Cyber Command, DHS, and FBI expose new North Korean malware: US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation. ZDNet, February 14, 2020
Cyber Freedom
Palm Beach County elections office allegedly hit by ransomware attack in 2016: (CNN)The office of the Palm Beach County Supervisor of Elections in Florida was allegedly hit by a ransomware attack in September 2016, according to the county elections supervisor. CNN, February 13, 2020
The Cybersecurity 202: The 2020 Census could be the next big hacking and disinformation target: Lawmakers are growing increasingly alarmed about hacking dangers targeting the 2020 Census after a watchdog detailed dozens of high-risk cybersecurity problems that should have been fixed a long time ago. The Washington Post, February 13, 2020
Why aren’t presidential candidates talking about cybercrime?: At the start of the last Democratic primary debate, the candidates were asked what makes them best prepared to be commander-in-chief. Sen. Elizabeth Warren, D-Mass., and former South Bend Indiana Mayor Pete Buttigieg highlighted tackling cyber threats. And that is where the extent of the subject ended. CyberScoop, February 13, 2020
Cybersecurity Becomes Top Priority for States, Local Govs … Cybercriminals targeting often outdated security precautions of state & local governments as evidenced by the increasing rates of ransomware attacks.: Cybercriminals are targeting the often outdated security precautions of state and local governments as evidenced by the increasing rates of ransomware attacks. Experts caution they’ll only stop once cybersecurity measures get better at the local level. Governing, February 11, 2020
Cyber Law
Significant Changes in California Privacy Regs: On February 7, 2020, the California Attorney General issued a second draft of the regulations implementing the California Consumer Privacy Act of 2018 (the “CCPA”). Interestingly, while the Attorney General had earlier stated that the final regulations would be substantially the same as the original regulations, the Attorney General has made a number of significant changes. Robert Braun, SecureTheVillage Leadership Council, JMBM Cybersecurity Lawyer Forum, February 13, 2020
3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020: During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. SecurityIntelligence, February 12, 2020
Cyber Enforcement
U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack: The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded. KrebsOnSecurity, February 10, 2020
