A quick Saturday digest of cybersecurity news articles from other sources.
The Spycraft Revolution
An very cool. detailed, and facinating look at how technology is changing and breaking the spy game from foreignpolicy.com. Worth the read.
The world of espionage is facing tremendous technological, political, legal, social, and commercial changes. The winners will be those who break the old rules of the spy game and work out new ones. They will need to be nimble and collaborative and—paradoxically—to shed much of the secrecy that has cloaked their trade since its inception.
The balance of power in the spy world is shifting; closed societies now have the edge over open ones. It has become harder for Western countries to spy on places such as China, Iran, and Russia and easier for those countries’ intelligence services to spy on the rest of the world. Technical prowess is also shifting. Much like manned spaceflight, human-based intelligence is starting to look costly and anachronistic. Meanwhile, a gulf is growing between the cryptographic superpowers—the United States, United Kingdom, France, Israel, China, and Russia—and everyone else. Technical expertise, rather than human sleuthing, will hold the key to future success. Read more…
IC3 Issues Alert on HTTPS Phishing
Original release date: June 10, 2019
The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.
DHS Email Phishing Scam
Original release date: June 18, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering and phishing attacks:
- Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization’s helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
- Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
- Immediately report any suspicious emails to your information technology helpdesk, security office, or email provider.
AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
Original release date: June 17, 2019
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:
- Windows 2000
- Windows Vista
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
An attacker can exploit this vulnerability to take control of an affected system.
Lenovo shipping Ubuntu Linux on 2019 ThinkPad P-series models
It’s possible to purchase Lenovo’s high-performance ThinkPad systems with Ubuntu shipped from the factory, starting with 2019 models.
Yubico recalls FIPS Yubikey tokens after flaw found
Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.
iOS Shortcut for Recording the Police
“Hey Siri; I’m getting pulled over” can be a shortcut:
Once the shortcut is installed and configured, you just have to say, for example, “Hey Siri, I’m getting pulled over.” Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on “do not disturb” mode. It also sends a quick text to a predetermined contact to tell them you’ve been pulled over, and it starts recording using the iPhone’s front-facing camera. Once you’ve stopped recording, it can text or email the video to a different predetermined contact and save it to Dropbox.
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com