A quick Saturday digest of cybersecurity news articles from other sources.
Pac-Man Turns 40
The classic arcade game—which turns 40 on May 22—made history by launching an unprecedented merchandise empire. But Pac-Man was innovative in other ways, too. During a time when video games’ default audience was adult men, Pac-Man successfully engaged women and children, becoming one of the first games to broaden the medium’s appeal in both the U.S. and Japan. Read more on Smithsonian.
Clearview AI won’t sell vast faceprint collection to private companies
… nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.
Celebrity personal data taken in ransomware attack
Ransomware crooks are apparently threatening to dump personal data for a long list of celebs including Lady Gaga, Madonna, Nicki Minaj and more.
North Korean Malicious Cyber Activity
Original release date: May 12, 2020
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released the three malware samples to the malware aggregation tool and repository, VirusTotal. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above, U.S. Cyber Command’s VirusTotal page, and CISA’s North Korean Malicious Cyber Activity page for more information.
A new job scam is doing the rounds, preying on people that want to make 5,000 dollars a month doing work from home. It sounds like a great deal, but this scam is run by criminals that will try to use their victims for money laundering. If you get an email claiming you can make this much money to make ends meet since you or a family member was laid off due to the coronavirus pandemic, use your delete key. In general, be very careful with any Internet “work from home” schemes, many of these are fraudulent. Do not give out any personal information to these criminals and warn your family members and friends.
Securing Your YouTube Channel
At YouTube, we take account security seriously, and we’re dedicated to ensuring that you’re best equipped with the tools to protect your Google Account. To secure your channel, we encourage you to take four simple steps:
- Enable 2-Step Verification, which means you’ll protect your account with both your password and an additional device.
You can activate 2SV for your Google Account by visiting g.co/2sv and clicking “Get Started”. - Set channel-level permissions under ‘Settings’ on your dashboard and check they’re correct on a regular basis, as this determines who has access to your YouTube channel.
- Create a strong password and do not share. A secure password, that includes a combination of upper- and lowercase letters, numbers and symbols, and updated recovery information help protect your Google Account. We recommend you do not share your password with anyone.
- Avoid & report phishing and malware scams. Phishing is an attempt to trick you into revealing personal information, such as a password, or to download files or software, which can be ‘malware’ that’s designed to harm your computer or mobile device. Knowing what to look for means you can get ahead of potential scams like these.
For more in-depth best practices, we have put together a list of things you can do right now to stay safer online.
If you would like further support, please contact the YouTube Creator Support team.
Thank you,
Team YouTube
Thunderspy – why turning your computer off is a cool idea!
Thunderbolt ports can provide direct access to the memory in your laptop… just how hard is it for crooks to do so when you aren’t looking?
This month’s Bug With An Impressive Name, or BWAIN for short, is Thunderspy. As well as a cool name, Thunderspy also has its own logo, its own domain name, its own website and a “recorded live” video showing a Thunderspy attack in action. There’s also a technical paper that’s detailed but nevertheless readable, by security researcher Björn Ruytenberg from Eindhoven University of Technology in The Netherlands. As you’ve probably guessed, Thunderspy gets its name from Thunderbolt, a type of hardware interconnection system for plugging high-performance external devices into your computer. Read more…
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com