Last week, the FBI, that bastion of sage privacy and security advice, issued a blog post out of its Portland field office warning cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. The post is filled with some handy tips to help you protect your privacy
Original release date: December 13, 2019
WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.3.1.
Original release date: November 6, 2019
U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.
In 2019, 23 city governments in Texas experienced a coordinated ransomware attack. Tom Merritt explains how they defended themselves and ways you can protect your own business. We reported on the Texas ransomware attack earlier, and you might want to review our article as well.
Original release date: November 6, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.
CISA’s Fall 2019 Cyber Essentials infographic includes a list of six actions organizations can take to reduce cyber risks:
- Drive cybersecurity strategy, investment, and culture;
- Develop security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid the loss of information critical to operations; and
- Limit damage and quicken restoration of normal operations.
CISA encourages small organizations to review CISA’s Cyber Essentials page to learn more about improving their cybersecurity resilience.
A federal court in Boston ruled yesterday in Alasaad v. McAleenan that suspicionless searches of travelers’ electronic devices by federal agents at international airports and other U.S. ports of entry are unconstitutional.
“The government shouldn’t have the unfettered power to invade your digital privacy at the border,” said Diane Zorri, a college professor, former U.S. Air Force captain, and a plaintiff in the Alasaad case. “I’m proud to stand with EFF and the ACLU for travelers’ rights.”
The court held that the government must have reasonable suspicion of digital contraband before searching people’s electronic devices at the U.S. border. This major advance helps ensure that border agents cannot rifle through your private digital information without individualized suspicion.
Your devices contain a wealth of information about you, your networks, and your loved ones. And searches of our devices have grown all too common—perhaps even you have been searched for seemingly no reason. But no one should have their private information searched without suspicion.
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers’ devices.
Dan Patterson, CNET and CBS News Senior Producer, and Graham Kates, CBS Investigative Reporter, volunteered to have their information hacked for research purposes. For three weeks, Stephanie “Snow” Carruthers, who is a Global Social Engineering Expert on IBM’s X-Force Red team, hacked Patterson and Kates. Earlier this year, all three of them sat down in a CBS News studio to discuss the information Carruthers gathered about the two CBS reporters, which included passwords and personal details.