Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

The FBI Says Your TV Is Probably Spying On You

Last week, the FBI, that bastion of sage privacy and security advice, issued a blog post out of its Portland field office warning cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. The post is filled with some handy tips to help you protect your privacy

WordPress Releases Security and Maintenance Updates

Original release date: December 13, 2019

WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.3.1.

Almost everyone has access to the Internet nowadays – but not everyone actually stops to think about how vulnerable users actually are. Considering the fact that the Internet is so packed with countless users, not many people think that they are actually worth hacking – nor do they believe that they are worth spying on. However, an average user is under much more close surveillance than he or she may believe.
Over the years, the Internet has turned from a source of information to a place where people are bullied or exposed to fraudulent acts. The only way of protecting yourself is to know exactly what you are getting yourself into – and knowing the Internet better than it knows you.  Read more…

U.S. Cyber Command Shares Seven New Malware Samples

Original release date: November 6, 2019

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

Ransomware – What Texas Taught Us

In 2019, 23 city governments in Texas experienced a coordinated ransomware attack. Tom Merritt explains how they defended themselves and ways you can protect your own business.  We reported on the Texas ransomware attack earlier, and you might want to review our article as well.

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

Original release date: November 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.

CISA’s Fall 2019 Cyber Essentials infographic includes a list of six actions organizations can take to reduce cyber risks:

  • Drive cybersecurity strategy, investment, and culture;
  • Develop security awareness and vigilance;
  • Protect critical assets and applications;
  • Ensure only those who belong on your digital workplace have access;
  • Make backups and avoid the loss of information critical to operations; and
  • Limit damage and quicken restoration of normal operations.

CISA encourages small organizations to review CISA’s Cyber Essentials page to learn more about improving their cybersecurity resilience.

Electronic Frontier Foundation Scores Major Privacy Win at the Border 

A federal court in Boston ruled yesterday in Alasaad v. McAleenan that suspicionless searches of travelers’ electronic devices by federal agents at international airports and other U.S. ports of entry are unconstitutional.

“The government shouldn’t have the unfettered power to invade your digital privacy at the border,” said Diane Zorri, a college professor, former U.S. Air Force captain, and a plaintiff in the Alasaad case. “I’m proud to stand with EFF and the ACLU for travelers’ rights.”

The court held that the government must have reasonable suspicion of digital contraband before searching people’s electronic devices at the U.S. border. This major advance helps ensure that border agents cannot rifle through your private digital information without individualized suspicion.

Your devices contain a wealth of information about you, your networks, and your loved ones. And searches of our devices have grown all too common—perhaps even you have been searched for seemingly no reason. But no one should have their private information searched without suspicion.


Warrantless searches of devices at US borders ruled unconstitutional

The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers’ devices.


Provided by:TechRepublic

Dan Patterson, CNET and CBS News Senior Producer, and Graham Kates, CBS Investigative Reporter, volunteered to have their information hacked for research purposes. For three weeks, Stephanie “Snow” Carruthers, who is a Global Social Engineering Expert on IBM’s X-Force Red team, hacked Patterson and Kates. Earlier this year, all three of them sat down in a CBS News studio to discuss the information Carruthers gathered about the two CBS reporters, which included passwords and personal details.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.