A quick Saturday digest of cybersecurity news articles from other sources.
The FBI Says Your TV Is Probably Spying On You
Last week, the FBI, that bastion of sage privacy and security advice, issued a blog post out of its Portland field office warning cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. The post is filled with some handy tips to help you protect your privacy
WordPress Releases Security and Maintenance Updates
Original release date: December 13, 2019
WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.3.1.
U.S. Cyber Command Shares Seven New Malware Samples
Original release date: November 6, 2019
U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.
Ransomware – What Texas Taught Us
In 2019, 23 city governments in Texas experienced a coordinated ransomware attack. Tom Merritt explains how they defended themselves and ways you can protect your own business. We reported on the Texas ransomware attack earlier, and you might want to review our article as well.
CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments
Original release date: November 6, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.
CISA’s Fall 2019 Cyber Essentials infographic includes a list of six actions organizations can take to reduce cyber risks:
- Drive cybersecurity strategy, investment, and culture;
- Develop security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid the loss of information critical to operations; and
- Limit damage and quicken restoration of normal operations.
CISA encourages small organizations to review CISA’s Cyber Essentials page to learn more about improving their cybersecurity resilience.
Electronic Frontier Foundation Scores Major Privacy Win at the Border
A federal court in Boston ruled yesterday in Alasaad v. McAleenan that suspicionless searches of travelers’ electronic devices by federal agents at international airports and other U.S. ports of entry are unconstitutional.
“The government shouldn’t have the unfettered power to invade your digital privacy at the border,” said Diane Zorri, a college professor, former U.S. Air Force captain, and a plaintiff in the Alasaad case. “I’m proud to stand with EFF and the ACLU for travelers’ rights.”
The court held that the government must have reasonable suspicion of digital contraband before searching people’s electronic devices at the U.S. border. This major advance helps ensure that border agents cannot rifle through your private digital information without individualized suspicion.
Your devices contain a wealth of information about you, your networks, and your loved ones. And searches of our devices have grown all too common—perhaps even you have been searched for seemingly no reason. But no one should have their private information searched without suspicion.
And
Warrantless searches of devices at US borders ruled unconstitutional
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers’ devices.
Dan Patterson, CNET and CBS News Senior Producer, and Graham Kates, CBS Investigative Reporter, volunteered to have their information hacked for research purposes. For three weeks, Stephanie “Snow” Carruthers, who is a Global Social Engineering Expert on IBM’s X-Force Red team, hacked Patterson and Kates. Earlier this year, all three of them sat down in a CBS News studio to discuss the information Carruthers gathered about the two CBS reporters, which included passwords and personal details.
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com