Weekend Update – Recent Cybersecurity Alerts

Not sure if Weekend Update is going to become a regular feature on Saturdays, but you might keep an eye out for a few more of these.  What follows is a copy and paste from alert emails I receive from the FBI, Department of Justice, FTC, and US-CERT.  Also content from other bloggers, such as Sophos Naked Security block, Brian Krebs, Bruce Schneier, WordFence blog, and others that I read and follow.

FTC Releases Alert on Charity Scams

07/06/2017 09:58 PM EDT

Original release date: July 06, 2017

The Federal Trade Commission (FTC) has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam.

US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information.

IRS Launches ‘Don’t Take the Bait’ Series

07/06/2017 06:22 PM EDT

Original release date: July 06, 2017

As part of its Security Summit effort, the Internal Revenue Service (IRS) will be launching a new educational series called “Don’t Take the Bait” on July 11, 2017. As part of the “Protect Your Clients, Protect Yourself” campaign, this series will provide information about phishing scams targeting tax professionals and their clients.

US-CERT encourages tax payers and tax professionals to review the IRS alert and US-CERT’s advice on Avoiding Social Engineering and Phishing Attacks.

Hobby Lobby in the News

Remember when Hobby Lobby went to court to defend their First Amendment rights of Freedom of Religion, relative to the laughably named Affordable Care Act?  See what happens when you tick off the government?


A Cyber Attack The World Isn’t Ready For

New York Times via LinkedIn

Yet another stealth cyber attack​ ​from ​April using​ ​two cyber​ ​weapons stolen from the​ ​NSA. The attack hit IDT Corporation, whose global CIO, Mr. Ben Oni claims “The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry​.​ This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

Breach at US nuclear plants raises concerns in wake of Petya

Sophos Naked Security blog – July 3 2017

NIST Releases New Digital Identity Guidelines

I’ve been following this issue with great interest.  you can look for a post or two from me on this topic soon.

“Ransomware-proof” Windows hacked

From Naked Security

A couple of weeks ago we reported that Microsoft was trumpeting it’s new operating system, Windows 10 S, with the slogan “No known ransomware works against Windows 10 S”.

It’s one of those statements that invites you to infer more than it actually says and triggers the automatic eyeball-rolling reflex in techies of all stripes.

At the time I ventured that:

…hackers are inclined to regard claims of invulnerability, or anything close to it, as an invitation to which the appropriate response is “challenge accepted”.

Well, that challenge was accepted by security researcher Matthew Hickey on behalf of ZDNet, the original reporters of Microsoft’s marketing puffery. Hickey used “a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process”.

And the the code that carried out that attack on Microsoft’s newest operating system? It’s oldest headache: a Word macro.

Can you guess what comes in malicious Word macros these days?

IC3 Issues Internet Crime Report for 2016

06/21/2017 06:40 PM EDT

Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

Anatomy of a Phone Scam

from Naked Security

Not all attackers are high tech.  Watch out for scams coming over your lowly telephone!


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an information technology and cybersecurity instructor for several training and certification organizations. Bob has worked in corporate, military, government, and workforce development training environments Bob is a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.