Sanity Finally Reigns in Iowa
From Brian Krebs: Dallas County, Iowa has dropped trespassing charges against two penetration testers who were arrested and jailed last year on September 11, and held in jail until yesterday for doing the job they were hired to do The news broke as Brian was in the middle of a video interview with the two accused. More soon! And from Tech Dirt
Original release date: January 29, 2020
Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission (FTC) Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to help educate the public on how to protect against identity theft this tax season.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the FTC announcement and the following resources for more information:
- CISA’s Tip on Preventing and Responding to Identity Theft
- FTC’s article on Tax-Related Identity Theft
- Internal Revenue Service’s Taxpayer Guide to Identity Theft
Tom Yardic took a rare and bold step for a cybersecurity engineer. He directly alerted the CEO and trustees at his company that there were hundreds of thousands of unpatched security vulnerabilities across the organization due to “a long-standing cultural indifference to computer and network security.” According to Yardic’s LinkedIn, he still works for Blue Cross and Blue Shield of Minnesota, which insures some 2.8 million people and has revenue north of $6 billion. Now, he’s revealed as a whistleblower by the Minneapolis Star Tribune which broke this story: “Internal documents show that Minnesota Blue Cross allowed 200,000 vulnerabilities classified as ‘critical’ or ‘severe’ to linger for years on its… Read more
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
Wouldn’t you like to sue the so-and-so who infected your systems with ransomware, encrypted your data, and then stole it? One of the world’s largest manufacturers of cables and wires is suing its hacker, who remains anonymous. The case has a rather unique name: “Southwire Company, LLC vs. JOHN DOE, in Possession of Stolen Southwire Confidential Information, Thereby Injuring Southwire and Its Customers, Clients and Vendors.” The lawsuit reveals some interesting facts about the case, which may help answer a question running through your mind right now: is there any point in suing an unknown hacker? In this case, the answer appears to be yes. Southwire’s network was illegally accessed when ‘John Doe’ executed Maze ransomware… Read more
Tax season is in full swing, which means criminals will go to great lengths to separate you from your money, your identity, or anything of value that is within their reach. They may offer seemingly legitimate “tax services” that are actually designed to steal your identity and your tax refund. Often times, criminals will lure you in with an offer of larger write-offs or refunds. Such scams might include fake websites and tax forms that look like they belong to the Internal Revenue Service (IRS) in order to trick you into providing your personal information. continue reading →
Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.
Original release date: January 21, 2020
Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.
For more information, review:
- CISA Insight: Enhance Email and Web Security,
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-44: Guidelines on Securing Public Web Servers, and
- NIST SP 800-95: Guide to Secure Web Services.