Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Second company claims it can unlock iPhone X

A tiny US company called Grayshift is reportedly quietly touting software it claims can unlock Apple’s flagship handsets, the iPhone X and 8.


How women are helping to fight cybercrime

We asked some female Sophos professionals about their roles in cybersecurity.


Microsoft patches RDP vulnerability. Update now!

Microsoft has released a preliminary fix for a vulnerability rated Important and which is present in all supported versions of Windows in circulation.


Amazon’s trying to get Alexa to stop laughing at us

News on the artificial intelligence frontier.  Amazon’s Alexa has been startling people by randomly laughing, and it is creeping people out.


Russia accused of burrowing into US energy networks

Russia has been accused of so many things recently, it’s easy to lose track. Now we can add cyber-intrusion and more to the list.


TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

03/15/2018 09:40 AM EDT

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).


880,000 payment cards affected in travel company data breach

Orbitz believes crooks may have gotten at customers’ names, addresses, dates of birth, and more.

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.