A quick Saturday digest of cybersecurity news articles from other sources.
‘Was the Iowa Caucus Hacked?’
People Are Searching for Answers
After a night of confusion and uncertainty in which no results were reported for the Iowa Democratic caucus, people are searching for answers. As a cybersecurity journalist, I probably consider the hacking possibilities more than most, but it was hard not to wonder. Adding to the fire was a statement from the Iowa Democratic Party that it was dealing with “inconsistencies” in the voting data. Read more
My warnings about this technology were ignored, and the result is chaos and a loss of confidence in our elections. Unless states step back from using unproven technologies in our elections this will keep happening. — Senator Ron Wyden, on the Shadow app used to report voting in the Iowa caucuses
IC3 Issues Alert on Employment Scams
Original release date: January 22, 2020
The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber criminals will conduct fake interviews and even offer positions to victims before requesting PII such as Social Security numbers and bank account information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and CISA’s Tips on Avoiding Social Engineering and Phishing Attacks and Website Security for more information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.
FBI seizes credentials-for-sale site WeLeakInfo.com
The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.
FBI to inform election officials about hacking attempts
The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.
Mac attack! The swift rise of malware targeting Apple devices
Apple Users: No you are not immune!!! The proliferation of the Mac in corporate America has certainly caught the attention of cyber-criminals. In 2019 Malwarebytes detected an alarming ascent in Mac threats. See the numbers, and what’s at stake if you’re lulled into a false sense of security. Keep reading
UPS wants to help you avoid being a victim of fraud
Fraudulent communications adopt many different forms and are the unauthorized actions of third parties. These messages, sometimes referred to as “phishing” or “spoofing”, are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers. We take fraud and the protection of our customers’ information seriously. We want to help make sure you don’t fall victim to phishing or other types of fraudulent activity whether it’s through email, text, phone, or social media.
Here are some tips to keep in mind:
- UPS will not request personal information, financial information, account numbers, IDs, passwords or copies of invoices in an unsolicited manner through email, mail, text, phone or fax, especially in exchange for the transportation of goods and services.
- If you receive a message that appears to be from UPS that you believe is fraudulent, send a screenshot of the message or forward it to fraud@ups.com for investigation.
- Learn more about how to avoid phishing scams in this article from the U.S. Federal Trade Commission: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Hack Prevents Thousands from Taking Security Awareness Training
How embarassing! Imagine the snickering around the office on this one. “Hey boss, I couldn’t watch my security awareness training course because the website got hacked!” Now that’s an awkward conversation for the security team to have. More than 4,000 employees at the Oregon Health Authority cannot take their mandatory security and privacy awareness module because the state’s iLearn portal was hacked and has been offline for a couple of weeks now. As an example of how disruptive something like this can be, you can look to the Oregon Department of Corrections. More than 5,000 employees and contractors have missed a crucial training window… Read more
Disturbing Employee Security Trends Every CISO Should Be Aware Of
Two new Harris Poll surveys reveal several concerning trends about end-user security awareness and habits. The first survey found that: the average American adult has 27 accounts which require user names and passwords; 66% use the same password for online banking, email, and social media networks; 22% use their own name as a password for at least one account; 45% change their password… Read more
Share
FEB
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com