A quick Saturday digest of cybersecurity news articles from other sources.
Anniversary of the dedication of the ENIAC computer in 1946.
ENIAC (/ˈiːniæk, ˈɛ-/; Electronic Numerical Integrator and Computer) was among the earliest electronic general-purpose computers made. It was Turing-complete, digital and able to solve “a large class of numerical problems” through reprogramming.
ENIAC was completed in 1945 and first put to work for practical purposes on December 10, 1945. ENIAC was formally dedicated at the University of Pennsylvania on February 15, 1946 and was heralded as a “Giant Brain” by the press. It had a speed on the order of one thousand times faster than that of electro-mechanical machines; this computational power, coupled with general-purpose programmability, excited scientists and industrialists alike. The combination of speed and programmability allowed for thousands more calculations for problems, as ENIAC calculated a trajectory in 30 seconds that took a human 20 hours (allowing one ENIAC hour to displace 2,400 human hours)
Mozilla bans Firefox extensions for executing remote code
I like Firefox for their commitment to privacy and security. Mozilla’s policy is unambiguous – add-ons must be self-contained and not load remote code, which opens up the user to all sorts of risks.
Fraud spike prompts Chrome developer lock-out
Over at Google there are similar problems with browser extensions. Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store.
Keeping Kids Safe Online
Six out of ten Americans are concerned about their privacy online, so we’ve created an updated guide on ways to keep kids safe while using the internet. We have included each state’s internet safety laws as well as tips for keeping kids safe online – both at school and at home. We believe this would be a valuable resource for parents and teachers. You can view our resource here: https://www.allconnect.com/blog/keeping-kids-safe-online
UN hacked via unpatched SharePoint server
UN staffers: the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks. The hackers targeted a total of 42 servers, compromising the Active Directory domains of UN offices in Geneva, Vienna, and at the Office of the High Commissioner for Human Rights, The three hacked locations employ around 4,000 staff. Geneva was the hardest hit, with 33 hacked servers, according to The New Humanitarian.
[Heads-Up] Scam of the Week: Coronavirus Phishing Attacks in the Wild
Yup, you can count on it, when there is a worldwide health scare, the bad guys are on it like flies on $#!+. We are seeing a new malicious phishing campaign that is based on the fear of the Coronavirus, and it’s the first of many.
The message is obviously not from the CDC and at the time of this writing, there are very very few local cases in America. Let’s hope it stays that way.
Here is a sample of the message that is being used. Your users can delete the message if they receive it, or use your existing reporting mechanisms. There will be many other social engineering attacks using this same scare. Here are a screen shot of the real attack, a screenshot of the simulated phishing attack we urge you to send your users, and a ready-to-send email blurb for employees:
Coronavirus “safety measures” email is a phishing scam
Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Take care out there!
IRS Launches “Identity Theft Central” Webpage
Original release date: February 4, 2020
The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, tax professionals, and businesses to review the IRS news release and CISA’s Tip on Preventing and Responding to Identity Theft for more information.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com