A quick Saturday digest of cybersecurity news articles from other sources.
FSB hackers drop files online
Russia is working to de-anonymize TOR. A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online.
IRS Reminds Tax Professionals: Create a Data Security Plan
Original release date: July 24, 2019
The Internal Revenue Service (IRS) has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and implementing appropriate safeguards. Creating a data security plan is part of the Taxes. Security. Together. checklist, which the IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information.
Building Resilience to Foreign Interference, Misinformation Activities
Original release date: July 22, 2019
As part of the effort to #Protect2020, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation). The Department of Homeland Security (DHS) views foreign interference as malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining the interests of the United States and its allies.
Responding to foreign interference requires a whole of society approach—CISA has made available the following foreign interference resources to #Protect2020:
- The War on Pineapple: Understanding Foreign Interference in 5 Steps
- Foreign Interference Taxonomy
- Social Media Bots Overview
Recent WordPress Vulnerabilities Targeted by Malvertising Campaign
The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads.
In today’s post we’ll discuss the scope of this campaign, including the specific code injections used by the attackers as well as some detail regarding the infrastructure behind the redirects.
You can read all about it on the official Wordfence blog…
Firefox to pile on more native privacy features
Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.
Louisiana Declares Cybersecurity State of Emergency
A series of ransomware attacks on school district systems leads the governor to declare the state’s first cybersecurity state of emergency.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com