Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

End of an Era – Microsoft is Ending Support for Windows 7 and Windows Server 2008 R2

Original release date: October 17, 2019

Personal note:  Windows 7 has been, and may always be, my favorite operating system of all time.  I have come to respect Windows 10, and of course I use it every day, but I have never loved it the way I loved 7.  Gonna miss you babe.  Don’t tell anyone that I still have you running in the lab.


On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates.  Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2.

Scam Of The Week: Phishing Attacks Using Better Benefits And Pay Raise Bait

Bad guys are now capitalizing on the benefits election/enrollment season and the yearly pay raise process which usually gets effective Jan 1st. These criminals are still improving their game, these benefits and pay-themed phishing emails are not quite as convincing as the recent tax-themed phishing attacks.

Holiday Shopping, Phishing, and Malware Scams

Original release date: November 8, 2019

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

CISA encourages users to remain vigilant and take the following precautions:

National Critical Infrastructure Security and Resilience Month

Original release date: November 1, 2019

November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping our Nation and communities safe and secure. Everyone is involved in the mission to protect CI and can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages critical infrastructure owners and operators to download the Critical Infrastructure Security and Resilience Month Toolkit and to visit CISA’s Critical Infrastructure Security and Resilience Month resource page throughout November for information and updates.

Phishy text message tries to steal your cellphone account

Which sort of company is most likely to contact you via SMS? Why, your mobile phone provider, of course!

Bitcoin money trail leads cops to ‘world’s largest’ child abuse site

The Darknet server running the site, “Welcome to Video”, and the website’s convicted admin were tracked down by a global police force.

Much-attacked Baltimore uses ‘mind-bogglingly’ bad data storage

IT workers have been storing files on their computers’ hard drives. One councilman’s alleged response: “That can’t be right? That’s real?”

How to protect your organization’s website against typo-squatting

Hundreds of fake domains have been set up against some of the presidential candidates through typo-squatting, according to a report from digital risk company Digital Shadows.

Virtual Hard Disk Images Containing Malware Are Ignored by Antivirus *and* Windows!

This disturbing find by a CERT researcher demonstrates how attackers can encode malicious files within a Virtual Hard Disk (VHD) image that acts in the same way as a ZIP archive.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.