A quick Saturday digest of cybersecurity news articles from other sources.
October is National Cybersecurity Awareness Month –
Own It. Secure It. Protect It.
The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.
Under the overarching theme of ‘Own IT. Secure IT. Protect IT.’, the 16th annual National Cybersecurity Awareness Month (NCSAM) is focused on encouraging personal accountability and proactive behavior in security best practices, digital privacy and draw attention to careers in cybersecurity. NCSAM 2019 will address the following online safety messages and identify opportunities for behavioral change:
-
Own IT.
- Never Click and Tell: staying safe on social media
- Update Privacy Settings
- Keep Tabs on Your Apps: best practices for device applications
-
Secure IT.
- Shake Up Your Passphrase Protocol: create strong, unique passphrases
- Double Your Login Protection: turn on multi-factor authentication
- Shop Safe Online
- Play Hard To Get With Strangers: how to spot and avoid phish
-
Protect IT.
- If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
- Stay Protected While Connected: Wi-Fi safety
- If You Collect It, Protect It: keeping customer/consumer data and information safe
Heads-Up: Amazon Phishing Attack in Progress
HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing emails purport to be notifications from Amazon informing the recipient that they need to update their information within twenty-four hours or their account will be permanently disabled.
When a victim clicks the “Update Now” button in the email, they’ll be taken to a convincing imitation of an Amazon login page. After the victim enters their credentials, the phishing page will present a form for them to input their name, address, city, state, ZIP code, phone number, and date of birth. Next, they’ll be asked to provide their credit card and bank account information.
Ransomware Protection Strategies
Original release date: September 6, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent, mitigate, and recover against ransomware:
- CISA Insights: Ransomware Outbreak
- CISA resource page on ransomware
- FireEye blog and report on ransomware protection and containment strategies
Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.
BEC Overtakes Ransomware Atop AIG Cyber Insurance Claims Top 10 List
Global insurer AIG issued a new cyber claims report from its EU office, and it reveals that Business Email Compromise (BEC) now makes up the largest percentage of cyber insurance claims. BEC is so prevalent, it makes up nearly one-in-four cyber insurance claims according to the report, which focuses on Europe, the Middle East, and Asia (EMEA). According to Stephen Dougherty, Financial Fraud Investigator for the U.S. Secret Service, BEC is run by increasingly complex criminal organizations who have a huge financial incentive to perpetrate the crime. “The average loss from a bank robbery is about $3,000; the average loss from a successful BEC attack is nearly $130,000.”
MS-ISAC Releases Security Event Primer on Malware
Original release date: September 10, 2019
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network, obtain sensitive data, and damage systems.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Event Primer – Malware, see CISA’s Tip on Protecting Against Malicious Code, and implement the recommended best practices.
Mozilla increases browser privacy with encrypted DNS
Mozilla is about to turn on-by-default an oft-overlooked privacy feature in Firefox. The desktop version of the browser will soon automatically encrypt your website requests using a feature called DNS-over-HTTPS (DoH). This is a good thing.
Google experiments with DNS-over-HTTPS in Chrome
Following hot on Mozilla’s trail, Google officially announced its own DNS-over-HTTPS (DoH) experiment in Chrome this week.
WordPress Plugin Vulnerabilities
The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Attackers are abusing this exploit chain to inject malvertising code which creates redirects and popup ads associated with a known campaign.
Also, the Threat Intelligence team recently discovered an authentication bypass vulnerability in the GiveWP plugin installed on over 70,000 WordPress sites. The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible. This vulnerability exists in GiveWP versions 2.5.4 and earlier and we recommend immediate updating to version 2.5.5 or later.
Share
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com