Cyber Security News of the Week, February 12, 2017

Individuals at Risk

Cyber Privacy

‘Give Us Your Passwords’: What happens if border agents are allowed to demand access to your phone and online accounts—and turn you away if you don’t comply? The Atlantic, February 10, 2017

Cyber Warning

Macro Malware Hits Mac Users: After hounding Windows users for well over two decades, macro malware has taken its first steps towards affecting the other operating system on which the Microsoft Office suite is available, and that’s Apple’s macOS. BleepingComputer, February 10, 2017

Reminder to Beware of Fake Ads as Scammers slip fake Amazon ad under Google’s nose: Last year, Google says it took down 1.7bn bad ads. Well, it missed a whopper on Wednesday: a bad ad perfectly spoofed to look like a legit Amazon ad. Anybody who clicked on it was whisked to a Windows support scam, according to ZDNet. Naked Security, February 10, 2017

Information Security Management in the Organization

Information Security Management and Governance

IANS Research Identifies Stakeholder Collaboration as Key to Improving Information Security Posture: A new study based on two years of work by IANS Research looks at the work of chief information security officers (CISOs) and their role in enterprises. BetaNews, February 9, 2017

Cyber Awareness

SANS Security Awareness Blog | 2017 Planning Ideas and 2016 Lessons Learned: At the end of December I led a webcast reviewing some of the key lessons learned in 2016 and what we can do in 2017 to keep improving the practice, and impact, of security awareness programs. After working with hundreds of clients and awareness officers from around the world throughout last year, here are some specific lessons learned from 2016 and tips to make your program more effective in 2017. SANS, February 7, 2017

Cyber Warning

Newly discovered ‘Ticketbleed’ flaw undermines HTTPS connections for almost 1,000 sites: Encrypted connections established by at least 949 of the top 1 million websites are leaking potentially sensitive data because of a recently discovered software vulnerability in appliances that stabilize and secure Internet traffic, a security researcher said Thursday. ars technica, February 9, 2017

Cyber Defense

Microsoft unveils a bonanza of security capabilities: Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco. PCWorld, February 10, 2017

Keep Employees Secure, Wherever They Are: Nearly 80% of professionals work remotely at least one day a week, and 1.55 billion others are expected to work outside the boundaries of the corporate office by 2020, according to Frost & Sullivan research. This shift to a mobile workforce is causing technology disruption because remote workers require different solutions and infrastructure, which can increase vulnerabilities. DarkReading, February 10, 2017

Cyber Update

Update WordPress to 4.7.2 as 1.5M Unpatched Sites Hacked Following Vulnerability Disclosure: Attackers have taken a liking to a content-injection vulnerability disclosed last week and patched in WordPress 4.7.2 that experts has been exploited to deface 1.5M sites so far. ThreatPost, February 10, 2017

Cyber Talent

To Be, or Not To Be— Certified? That Is the Question. Or, Is It?> I’m lucky. I get to fly all over the world and talk to security teams of all sizes. Regardless of the technology discussion at hand, the one question I seem to get asked the most is, “What certifications should I go get?” A close second is, “Are they worth it?” ITSP, January 31, 2017

Cyber Security in Society

Cyber Crime

Fast Food Chain Arby’s Acknowledges Breach: Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide. KrebsOnSecurity, February 9, 2017

InterContinental Confirms Breach at 12 Hotels: InterContinental Hotels Group (IHG), the parent company for thousands of hotels worldwide including Holiday Inn, acknowledged Friday that a credit card breach impacted at least a dozen properties. News of the breach was first reported by KrebsOnSecurity more than a month ago. KrebsOnSecurity, February 6, 2017

Know Your Enemy

Spies, hackers & cybersecurity firms compete to find & exploit software flaws: Spies, hackers, and cybersecurity firms compete to find and exploit software flaws, often to infiltrate criminal networks or track terrorists. A look into this complex ecosystem. CS Monitor, February 10, 2017

National Cyber Security

State-sponsored hackers targeting prominent journalists, Google warns: Google has warned a number of prominent journalists that state-sponsored hackers are attempting to steal their passwords and break into their inboxes, the journalists tell POLITICO. Politico, February 10, 2017

Talinn 2.0 – There’s Cyberwar and Then There’s the Big Legal Gray Area: The Russian government-backed hacks of Democratic political organizations that upended the 2016 presidential contest represent the sort of legal gray area U.S. adversaries will continue to exploit if nations don’t create rules of the road in cyberspace, the director of an updated manual on international cyber law said Wednesday. Nextgov, February 9, 2017

Tallinn 2.0 – International Law Applicable to Cyber Operation – Analyzes Legality of Russian DNC Hack: Legally speaking, what can a nation do when its election system is hacked by another country? That’s just one of the many kinds of cases the new Tallinn Manual on the International Law Applicable to Cyber Operations attempts to address. FCW, February 9, 2017

White House CISO Out in Apparent Cybersecurity Staff Shakeup: The Obama-appointed chief information security officer was charged with keeping the president and his staff safe from cyber-threats posed by hackers and nation-state attackers. ZDNet, February 9, 2017

Former government contractor charged with stealing top-secret documents: A former government contractor accused in a massive theft of top secret information has been indicted on charges of mishandling classified materials. LA Times, February 9, 2017

Rep. Jim Langevin – Open Letter to Trump “Important lessons on cybersecurity”:Dear President Trump, In my eight terms in Congress, I have seen cybersecurity explode onto the national stage as an issue of paramount importance to our national security. As you begin to craft your legacy in this emerging domain, I encourage you to use the successes and failures of your predecessor to guide your efforts. The Hill, February 7, 2017

Stewart Baker & Corin Stone, Exec Director of the National Security Agency – Steptoe Cyberlaw: Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector. He responds well to my skeptical questioning, and even my suggestion that his vision of “defense dominance” would be more marketable if paired with thigh-high leather boots and a bull whip. #50ShadesofCyber. Steptoe Cyberblog, February 6, 2017

Cyber Law

New Zealand Privacy Chief Backs $1 Million Fines for Breaches: New Zealand’s privacy commissioner is recommending new civil penalties against companies of up to NZ$1 million (US$718,000) for a “serious” data breach to keep up with sterner penalties adopted by Australia and the European Union. BankInfoSecurity, February 10, 2017

House Passes Long-Sought Email Privacy Bill: The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge. KrebsOnSecurity, February 7, 2017

Judge Breaks Precedent, Orders Google to Give Foreign Emails to FBI: A potentially major blow for privacy advocates occurred on Friday when a U.S. magistrate ruled against Google and ordered it to cooperate with FBI search warrants demanding access to user emails that are stored on servers outside of the United States. The case is certain to spark a fight, because an appeals court ruled in favor of Microsoft in a similar case recently. Gizmodo, February 5, 2017

Financial Cyber Security

A rash of invisible, fileless malware is infecting banks around the globe: Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network was infected with malware that was unlike anything they had ever seen. Virtually all of the malware resided solely in the memory of the compromised computers, a feat that had allowed the infection to remain undetected for six months or more. Kaspersky eventually unearthed evidence that Duqu 2.0, as the never-before-seen malware was dubbed, was derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran’s nuclear program. ars technica, February 8, 2017

Critical Infrastructure

Security of Power Grid at Risk from Smart Devices says Research from Mich Tech: Reliability measures of electrical grid has risen to a new norm as it involves physical security and cybersecurity. Threats to either can trigger instability, leading to blackouts and economic losses. PHYS.ORG, February 10, 2017

Cybersecurity Is a Missing Piece of the Smart City Puzzle: While the concern over smart city security is broadly distributed, a survey of government IT professionals reveals that actions to address these concerns are few and far between. GovernmentTechnology, February 10, 2017

Internet of Things

How IoT hackers turned a university’s network against itself: A university found its own network turned against it – as refrigerators and lights overwhelmed it with searches for seafood. ZDNet, February 10, 2017

Cyber Sunshine

Alleged Russian Hacker With Ties To ‘Notorious Cybercriminals’ Arrested In LA: Alexander Tverdokhlebov is being held on charges of conspiring with another hacker to steal money from online bank accounts. DarkReading, February 10, 2017

‘Top 10 Spammer’ Indicted for Wire Fraud: Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation. KrebsOnSecurity, February 8, 2017

The post Cyber Security News of the Week, February 12, 2017 appeared first on Citadel Information Group.

Source: Cyber security news of the week

IN THE NEWS

Request Free Quote Form

Reload

By signing or submitting this form, you agree to the terms and conditions and privacy policy of this website.

AWARDS & RECOGNITION

The true measure of a Private Investigator isn’t the awards, but what the awards say about the Private Investigator: dedication and commitment to the client.