WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Don’t fall for fake Equifax settlement sites, warns FTC

Equifictitious sites popped up within days of Equifax agreeing to pay up to $700m to settle claims over the 2017 data breach.

Canadian Centre for Cyber Security Releases Advisory on Fileless Malware

Original release date: July 18, 2019

The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s Fileless Malware Advisory for potential infection vectors and recommended mitigations and refer to CISA’s Tip on Protecting Against Malicious Code.

Still not using HTTPS? Firefox is about to shame you

Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver.

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

Original release date: July 8, 2019

The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the following basic cybersecurity measures:

• Implement network segmentation.
• Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary.
• Be wary of external media.
• Install anti-virus software.
• Keep software updated.

Steps to Safeguard Against Ransomware Attacks

Original release date: July 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing & Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) have released a Joint Ransomware Statement with recommendations for state and local governments to build resilience against ransomware:

CIS Releases Newsletter on Cleaning Up Data and Devices

Original release date: July 31, 2019

The Center for Internet Security (CIS) July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be exploited by cyber criminals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities.

CISA encourages users and administrators to review the CIS Newsletter on Cleaning Out Your Old Data and Devices and the CISA Tip on Proper Disposal of Electronic Devices for more information.