Cybersecurity News of the Week, November 22, 2020

SecureTheVillage Calendar

Individuals at Risk

Information Security Management Webinar: PCI DSS 4.0 with Scott Pierangelo. December 10 @ 10:00 am – 11:00 am PST

Invitational Cybersecurity Workforce Workshop — Linking Supply & Demand December 15 @ 10:00 am – 12:00 pm PST

Insurance Brokers Cybersecurity Roundtable: What Your Clients Need to Know About Information Security Management with Dr. Stan Stahl, PHD. December 15 @ 2:00 pm – 3:00 pm PST

Financial Services Cybersecurity Roundtable: December 2020 December 18 @ 8:00 am – 10:00 am PST 

Dr. Steve Krantz Webinar: Personal Cybersecurity January 12, 2021 @ 1:00 pm – 3:00 pm PST

Dr. Steve Krantz Webinar: Become A CyberGuardian January 14, 2021 @ 12:30 pm – 2:00 pm PST

Cyber Privacy

Good Heavens! 10M Impacted in Pray.com Data Exposure: The information exposed in a public cloud bucket included PII, church-donation information, photos and users’ contact lists. ThreatPost, November 20, 2020

Cyber Warning

Mount Locker ransomware now targets your TurboTax tax returns: The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption. BleepingComputer, November 19, 2020

Be Very Sparing in Allowing Site Notifications: An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters. KrebsOnSecurity, November 17, 2020

How To Avoid Holiday Shopping Scams And Keep Your Data Safe: As the holiday season quickly approaches, the coronavirus pandemic has already altered this year’s shopping experience. With fewer visitors joining the in-person shopping crowds, Covid-19 has accelerated the shift away from physical stores to digital shopping by roughly five years, according to IBM’s latest U.S. Retail Index report (download required). While retailers compete for online business with massive blowout sales, enticing customers in an attempt to create the easiest shopping experience possible, threat actors have also taken notice. Forbes, November 16, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world: We know what you’re thinking: “Another year; another vendor; another threat report… Naked Security, November 19, 2020

Cybersecurity Framework: How To Create A Resilience Strategy: A cyber resilience framework, or cybersecurity framework, is a crucial component of modern-day business. In the face of rising threats from malware, phishing and high-tech threat actors, a cyber resilient company can position itself as a secure model for data protection customers can trust. SecurityIntelligence, November 19, 2020

IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have: As the chief information security officer (CISO) for IBM, I’m often asked by peers and colleagues, “What do you think of Zero Trust?” SecurityIntelligence, November 19, 2020

Ransomware Response: Time is More Than Just Money: The initial actions an organization takes in the moments after discovering a ransomware attack can have profound implications on how the attack ends. SecurityIntelligence, November 18, 2020

7 dumb ways to be a ransomware victim, and how to avoid them … Don’t make it easy for ransomware attackers. Review your Windows network for these weaknesses now. You might be surprised by what you find: Ransomware is once again in the news. Attackers are reportedly targeting health care providers and are using targeted phishing campaigns disguised as meeting invites or invoices that contain links to Google documents, which then lead to PDFs with links to signed executables that have names with distinctive words like “preview” and “test”. CSO, November 18, 2020

Cyber Warning

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns: Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. ThreatPost, November 20, 2020

Cyber Culture

Security Culture: Putting Digital Literacy First in Your Company: Building a security-first culture is as important for cybersecurity as investing in the right tech or creating and enforcing the right policies. SecureIntelligence, November 20, 2020

Cybersecurity in Society

Cyber Crime

Manchester United hit by ‘sophisticated’ cyber attack but say fan data is safe: Manchester United have been hit by a cyber attack on their systems but say they are not “currently aware of any breach of personal data associated with our fans and customers”. The Guardian, November 20, 2020

‘Resident Evil’ game maker Capcom confirms data breach after ransomware attack – TechCrunch: Capcom, the Japanese game maker behind the “Resident Evil” and “Street Fighter” franchises, has confirmed that hackers stole customer data and files from its internal network following a ransomware attack earlier in the month. TechCrunch, November 20, 2020

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks: While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks – from phishing to ransomware. ThreatPost, November 19, 2020

NetDiligence Publishes Tenth Annual Cyber Claim Study … Releases Data-Driven Analysis of Cyber Claim Payouts: PHILADELPHIA, Nov. 17, 2020 /PRNewswire/ — NetDiligence®, a leading provider of cyber risk readiness and response services, announced today it has published its tenth annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM and Experian® Data Breach Resolution. PR Newswire, November 17, 2020

Cyber Espionage

Cyber-Espionage comes out of the shadows and into the spotlight … Verizon Releases 2020 Cyber Espionage Report: Cyber espionage is a very real and constant threat for many industries and governments. Verizon, November 18, 2020

Know Your Enemy

We infiltrated an IRC botnet. Here’s what we found. … After detecting an attempt to infect one of our systems, our curiosity led us to a potentially much bigger cybercrime operation: Our Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Cybernews, November 19, 2020

Darkside Ransomware Gang Launches Affiliate Program: Using Affiliates Enables Crowdsourced Profits But Leaves Operators More Exposed. BankInfoSecurity, November 12, 2020

National Cybersecurity

Biden transition team forced to build its own cybersecurity protections: President-elect Joe Biden is preparing to take over from President Donald Trump, but his transition team isn’t getting the level of cybersecurity support usually provided by outgoing administrations, according to The Wall Street Journal. That could mean Biden’s team is more vulnerable to cyberattacks than if it had the full support and resources of the federal government. The Verge, November 20, 2020

UK Forms National Cyber Force: Agency Will Engage in Offense as Well as Defense. BankInfoSecurity, November 20, 2020

Cyber Law

IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk: Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices. ThreatPost, November 19, 2020

Michael A. Gold named one of California’s Top Cyber Lawyers by the Daily Journal: LOS ANGELES—Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce that Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, has been recognized by the Daily Journal as one of California’s Top Cyber Lawyers. Cybersecurity Lawyer Forum, November 18, 2020

Internet of Things

Fully Autonomous Cars Are Moving Forward Fast, So Are Efforts To Secure Them: Autonomous vehicles have been on a path to widespread availability and adoption for some time. But this technology is now moving forward much faster than most people realize. CPO, November 19, 2020

Cyber Enforcement

Two Romanians arrested for running three malware services: The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan. ZDNet, November 20, 2020

Convicted SIM Swapper Gets 3 Years in Jail: A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control. KrebsOnSecurity, November 20, 2020

Cyber Freedom

Trump Fires Security Chief Christopher Krebs: President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. KrebsOnSecurity, November 18, 2020

Election Security Experts Contradict Trump’s Voting Claims … In a public letter, 59 top specialists called the president’s fraud assertions “unsubstantiated” and “technically incoherent”: Fifty-nine of the country’s top computer scientists and election security experts rebuked President Trump’s baseless claims of voter fraud and hacking on Monday, writing that such assertions are “unsubstantiated or are technically incoherent.” The New York Times, November 17, 2020

Blockchain for Voting: A Warning From MIT: Blockchain technology, for all of its cryptographic cleverness, has often been mocked as the solution that’s looking for a problem. BankInfoSecurity, November 17, 2020

Cyber Talent

5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study: From the impact of the pandemic on cybersecurity careers to workers’ job satisfaction, the report offers a number of interesting findings. welivesecurity, November 20, 2020

Cyber Regulation

FTC Settlement Requires Zoom to Improve Its Security Practices; Measures Include a Mandatory Vulnerability Management Program: On the whole, Zoom has had a successful year in the sense that it added hundreds of millions of users and is projected to double its 2019 revenue. However, that growth did not come without substantial pains. The Federal Trade Commission (FTC) is catching up with some of the earliest of these issues, reaching a settlement with the video conferencing platform over longstanding complaints about the scope of its encryption and a 2018 incident that compromised certain Apple Safari browsers. The company will be required to make a number of significant changes to its security practices as a result of decisions that the FTC says “gave users a false sense of security.” CFO, November 20, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge