Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Sanity Finally Reigns in Iowa

From Brian Krebs:  Dallas County, Iowa has dropped trespassing charges against two penetration testers who were arrested and jailed last year on September 11, and held in jail until yesterday for doing the job they were hired to do The news broke as Brian was in the middle of a video interview with the two accused. More soon!  And from Tech Dirt

Tax Identity Theft Awareness Week

Original release date: January 29, 2020

Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission (FTC) Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to help educate the public on how to protect against identity theft this tax season.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the FTC announcement and the following resources for more information:

Ethics the Insider Threat? Security Engineer Becomes a Whistleblower

Tom Yardic took a rare and bold step for a cybersecurity engineer. He directly alerted the CEO and trustees at his company that there were hundreds of thousands of unpatched security vulnerabilities across the organization due to “a long-standing cultural indifference to computer and network security.” According to Yardic’s LinkedIn, he still works for Blue Cross and Blue Shield of Minnesota, which insures some 2.8 million people and has revenue north of $6 billion. Now, he’s revealed as a whistleblower by the Minneapolis Star Tribune which broke this story: “Internal documents show that Minnesota Blue Cross allowed 200,000 vulnerabilities classified as ‘critical’ or ‘severe’ to linger for years on its… Read more

3 security tips to protect yourself from online skimming attacks

E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.

Company Sues ‘John Doe’ Hacker for Ransomware Attack — Should You?

Wouldn’t you like to sue the so-and-so who infected your systems with ransomware, encrypted your data, and then stole it? One of the world’s largest manufacturers of cables and wires is suing its hacker, who remains anonymous. The case has a rather unique name: “Southwire Company, LLC vs. JOHN DOE, in Possession of Stolen Southwire Confidential Information, Thereby Injuring Southwire and Its Customers, Clients and Vendors.” The lawsuit reveals some interesting facts about the case, which may help answer a question running through your mind right now: is there any point in suing an unknown hacker? In this case, the answer appears to be yes. Southwire’s network was illegally accessed when ‘John Doe’ executed Maze ransomware… Read more

New Year, New You…Same W-2 Tax Scam

Tax season is in full swing, which means criminals will go to great lengths to separate you from your money, your identity, or anything of value that is within their reach. They may offer seemingly legitimate “tax services” that are actually designed to steal your identity and your tax refund. Often times, criminals will lure you in with an offer of larger write-offs or refunds. Such scams might include fake websites and tax forms that look like they belong to the Internal Revenue Service (IRS) in order to trick you into providing your personal information.  continue reading →

Update now! Popular WordPress plugins have password bypass flaws

Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.

Reminder: Safeguard Websites from Cyberattacks

Original release date: January 21, 2020

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.

For more information, review:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.