Weekend Update – Recent Cybersecurity Alerts

Not sure if Weekend Update is going to become a regular feature on Saturdays, but you might keep an eye out for a few more of these.  What follows is a copy and paste from alert emails I receive from the FBI, Department of Justice, FTC, and US-CERT.  Also content from other bloggers, such as Sophos Naked Security block, Brian Krebs, Bruce Schneier, WordFence blog, and others that I read and follow.

FTC Releases Alert on Charity Scams

07/06/2017 09:58 PM EDT

Original release date: July 06, 2017

The Federal Trade Commission (FTC) has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam.

US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information.

IRS Launches ‘Don’t Take the Bait’ Series

07/06/2017 06:22 PM EDT

Original release date: July 06, 2017

As part of its Security Summit effort, the Internal Revenue Service (IRS) will be launching a new educational series called “Don’t Take the Bait” on July 11, 2017. As part of the “Protect Your Clients, Protect Yourself” campaign, this series will provide information about phishing scams targeting tax professionals and their clients.

US-CERT encourages tax payers and tax professionals to review the IRS alert and US-CERT’s advice on Avoiding Social Engineering and Phishing Attacks.

Hobby Lobby in the News

Remember when Hobby Lobby went to court to defend their First Amendment rights of Freedom of Religion, relative to the laughably named Affordable Care Act?  See what happens when you tick off the government?


A Cyber Attack The World Isn’t Ready For

New York Times via LinkedIn

Yet another stealth cyber attack​ ​from ​April using​ ​two cyber​ ​weapons stolen from the​ ​NSA. The attack hit IDT Corporation, whose global CIO, Mr. Ben Oni claims “The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry​.​ This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

Breach at US nuclear plants raises concerns in wake of Petya

Sophos Naked Security blog – July 3 2017

NIST Releases New Digital Identity Guidelines

I’ve been following this issue with great interest.  you can look for a post or two from me on this topic soon.

“Ransomware-proof” Windows hacked

From Naked Security

A couple of weeks ago we reported that Microsoft was trumpeting it’s new operating system, Windows 10 S, with the slogan “No known ransomware works against Windows 10 S”.

It’s one of those statements that invites you to infer more than it actually says and triggers the automatic eyeball-rolling reflex in techies of all stripes.

At the time I ventured that:

…hackers are inclined to regard claims of invulnerability, or anything close to it, as an invitation to which the appropriate response is “challenge accepted”.

Well, that challenge was accepted by security researcher Matthew Hickey on behalf of ZDNet, the original reporters of Microsoft’s marketing puffery. Hickey used “a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process”.

And the the code that carried out that attack on Microsoft’s newest operating system? It’s oldest headache: a Word macro.

Can you guess what comes in malicious Word macros these days?

IC3 Issues Internet Crime Report for 2016

06/21/2017 06:40 PM EDT

Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

Anatomy of a Phone Scam

from Naked Security

Not all attackers are high tech.  Watch out for scams coming over your lowly telephone!


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.