A quick Saturday digest of cybersecurity news articles from other sources.
WordPress turns 15 on Sunday May 27
WordPress will be 15 years old this May 27th, 2018! On Sunday, May 27th, we’re planning a global event celebrating the WordPress 15th Anniversary with WordPress community groups around the world.
Alexa, Siri and Google can be tricked by commands you can’t hear
Researchers have shown how attackers could trick voice assistants.
CIA’s “Vault 7” mega-leak was an inside job, claims FBI
The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.
Red Hat admins, patch now – don’t let your servers get pwned!
A command injection bug in Red Hat’s DHCP client could allow an attacker to run any command on your computer. As root.
FBI Releases Article on Digital Defense Against ID Theft
05/16/2018 03:10 AM EDT Original release date: May 16, 2018
FBI has released an article on building a digital defense against identify theft. FBI explains that the growing number of data breaches put more people at risk of becoming a victim of identity theft. However, implementing basic security practices can help users minimize their risk.
NCCIC encourages consumers to review the FBI Article and the following NCCIC Tips for more information:
- Preventing and Responding to Identity Theft
- Avoiding Social Engineering and Phishing Attacks
- Choosing and Protecting Passwords
Mozilla Releases Security Update for Thunderbird
05/18/2018 09:15 PM EDT Original release date: May 18, 2018
Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.
IRS Warns Tax Professionals of Phishing Scam
05/24/2018 07:37 PM EDT Original release date: May 24, 2018
The Internal Revenue Service (IRS) has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners should be wary of unsolicited emails and forward email phishing attempts related to this scam to phishing@irs.gov.
NCCIC encourages users and administrators to review the IRS news release and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks for more information.
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com