WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Netflix account freeze – don’t click, it’s a scam!

The telltale signs are all there… but if you’re in a hurry, this Netflix scam passes the “visual appeal” test.

National Tax Security Awareness Week is December 2–6

Original release date: November 19, 2019

The Internal Revenue Service (IRS) has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review CISA’s Tip on Preventing and Responding to Identity Theft and IRS’s article on National Tax Security Awareness Week for details about new resources and the more than 25 tax security events being held across the country throughout the awareness week.

New BBC ‘dark web’ Tor mirror site aims to beat censorship

A mirror copy of the BBC’s international news website is now available to users on the so-called dark web.

FBI Releases Article on Defending Against E-Skimming

Original release date: October 23, 2019

The Federal Bureau of Investigation (FBI) has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information (PII).

The Cybersecurity and Infrastructure Security Agency (CISA) encourages businesses and agencies that take online payments to review the FBI article and consider the following tips to help protect against e-skimming:

• Keep software updated.
• Change default credentials and create strong, unique passwords on all systems.
• Implement multi-factor authentication.
• Do not click on links, and be wary of email attachments in messages.
• Segment and segregate networks and functions.

Users can report suspected attacks to their local FBI office or to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Old Tech Among Us – US nuclear weapons command finally ditches 8-inch floppies

The disks are part of the command centres that run the country’s nuclear missile deterrent on behalf of SACCS.

Trending Threat: Fraudulent Shipping Notifications

The Proofpoint global intelligence platform analyzes more than billions of data points a day to deliver unmatched visibility into attack patterns and methods. Our monitoring has revealed that attackers are already increasing their use of fraudulent shipping notifications ahead of the holiday season. We blocked tens of thousands of these phishing attempts throughout the month of September and into October—and attackers’ efforts are only going to escalate in November and December.

These malicious shipping alerts—which mimic messages from familiar operators like UPS, FedEx, DHL, and USPS—are being seen across a variety of industries

North Korean Malicious Cyber Activity

Original release date: October 31, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review Malware Analysis Reports MAR-10135536-8 and the page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Breaches at NetworkSolutions, Register.com, and Web.com