Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Netflix account freeze – don’t click, it’s a scam!

The telltale signs are all there… but if you’re in a hurry, this Netflix scam passes the “visual appeal” test.

National Tax Security Awareness Week is December 2–6

Original release date: November 19, 2019

The Internal Revenue Service (IRS) has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review CISA’s Tip on Preventing and Responding to Identity Theft and IRS’s article on National Tax Security Awareness Week for details about new resources and the more than 25 tax security events being held across the country throughout the awareness week.

New BBC ‘dark web’ Tor mirror site aims to beat censorship

A mirror copy of the BBC’s international news website is now available to users on the so-called dark web.

FBI Releases Article on Defending Against E-Skimming

Original release date: October 23, 2019

The Federal Bureau of Investigation (FBI) has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information (PII).

The Cybersecurity and Infrastructure Security Agency (CISA) encourages businesses and agencies that take online payments to review the FBI article and consider the following tips to help protect against e-skimming:

Users can report suspected attacks to their local FBI office or to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Old Tech Among Us – US nuclear weapons command finally ditches 8-inch floppies

The disks are part of the command centres that run the country’s nuclear missile deterrent on behalf of SACCS.

Trending Threat: Fraudulent Shipping Notifications

The Proofpoint global intelligence platform analyzes more than billions of data points a day to deliver unmatched visibility into attack patterns and methods. Our monitoring has revealed that attackers are already increasing their use of fraudulent shipping notifications ahead of the holiday season. We blocked tens of thousands of these phishing attempts throughout the month of September and into October—and attackers’ efforts are only going to escalate in November and December.

These malicious shipping alerts—which mimic messages from familiar operators like UPS, FedEx, DHL, and USPS—are being seen across a variety of industries

North Korean Malicious Cyber Activity

Original release date: October 31, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review Malware Analysis Reports MAR-10135536-8 and the page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Breaches at NetworkSolutions, Register.com, and Web.com

Top domain name registrars NetworkSolutions.comRegister.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.