Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Potential Hurricane Harvey Phishing Scams

08/28/2017 02:40 PM EDT  Original release date: August 28, 2017

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Review the Federal Trade Commission information on Charity Scams.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Hackable flaw in connected cars is ‘unpatchable’, warn researchers

Potentially fatal flaw could take a generation of cars to eliminate – but is this a ‘tempest in a thimble’?

Are you a student? Your personal data is there for the asking

Your college can – and will – hand over your personal details to anyone who asks, warns a researcher who is calling for better protection for students

DNSSEC Key Signing Key Rollover

08/21/2017 11:38 AM EDT  Original release date: August 21, 2017

On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol.

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.

US-CERT encourages administrators to update their DNSSEC KSK before October 11, 2017. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information.

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

06/13/2017 11:45 AM EDT  Original release date: June 13, 2017 | Last revised: August 23, 2017

Systems Affected

Networked Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information related to HIDDEN COBRA activity, go to https://www.us-cert.gov/hiddencobra.

 

Be Sociable, Share!

2
SEP
0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.