WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

It’s Hard to be a Hero – Marcus Hutchins, “the guy the saved the Internet” from WannaCry

At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.  A longer article by Andy Greenberg of Wired.  Definitely worth the read.

‘Bot or Not?’ – a game to train us to spot chatbots faking it as humans

Can you tell whether you’re talking to a human or AI?

Bot or Not is an online game that pits people against either bots or humans. It’s up to players to figure out which they’re engaging with in the 3-minute game, in which they’re forced to question not only whether their opponent is human but exactly how human they themselves are.

The creators of Bot or Not – a Mozilla Creative Awards project that was conceived, designed, developed and written by the New York City-based design and research studio Foreign Objects – say that these days, bots are growing increasingly sophisticated and are proliferating both online and offline. It’s getting tougher to tell who’s human, which can come in handy in customer service situations but is a bit scary when you think about scam bots preying on us on Tinder and Instagram, or corporate bots that try to steal your data.

Botnet blasts WordPress sites with configuration download attacks

A million sites attacked by 20,000 different computers. Researchers at WordFence say that over the past month they’ve seen close to a million different WordPress sites receive malicious requests designed to shake loose their wp-config.php files.

WordPress Releases Security and Maintenance Update

Original release date: June 11, 2020

WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.4.2.

The WordPress core team released version 5.4.2 on Wednesday, June 10. This release contains patches for a number of cross-site scripting (XSS) vulnerabilities, amongst other fixes.

Moments ago, our Threat Intelligence team posted an analysis of the vulnerabilities fixed in this release of WordPress core.

You can find full details on the official Wordfence blog

Nuclear missile contractor hacked in Maze ransomware attack

Attackers hacked and encrypted the computers of a contractor whose clients include the US military, government agencies and major military contractors.

Windows 10 adds new security and privacy features in May update

Windows 10 release 2004 is out, with a slew of new features, including several updates to its security and privacy.  Be prepared for this upgrade to take two to four hours.

IC3 Releases Alert on Mobile Banking Apps

Original release date: June 11, 2020

The Internet Crime Complaint Center (IC3) has released an alert warning consumers of cyber risks associated with mobile banking apps. As more consumers rely on mobile apps for banking, malicious cyber actors are likely to increasingly target them with app-based banking Trojans and fake banking apps.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages mobile banking app users to review IC3’s Alert and CISA’s Tip on Privacy and Mobile Device Apps for more information on protecting sensitive information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

5 steps to take if someone opens a credit card in your name

Identity theft continues to set records in the U.S. If someone opens a credit card in your name, it’s important that you take action immediately. After all, the thief still has your name and Social Security number and can strike again.  Here are 5 steps to take to prevent further fraud.

Thermal Imaging as Security Theater

[2020.05.28] From renowned cryptographer and technologist Bruce Schneier.  Seems like thermal imaging is the security theater technology of today.

These features are so tempting that thermal cameras are being installed at an increasing pace. They’re used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen patients. Despite their prevalence, thermal cameras have many fatal limitations when used to screen for the coronavirus.

• They are not intended for medical purposes.
• Their accuracy can be reduced by their distance from the people being inspected.
• They are “an imprecise method for scanning crowds” now put into a context where precision is critical.
• They will create false positives, leaving people stigmatized, harassed, unfairly quarantined, and denied rightful opportunities to work, travel, shop, or seek medical help.
• They will create false negatives, which, perhaps most significantly for public health purposes, “could miss many of the up to one-quarter or more people infected with the virus who do not exhibit symptoms,” as the New York Times recently put it. Thus they will abjectly fail at the core task of slowing or preventing the further spread of the virus.