A quick Saturday digest of cybersecurity news articles from other sources.
Happy Independence Day
This is the day we celebrate our liberation from the King of England and the British Empire. The United States was founded through civil disobedience and even warfare against a government that some considered oppressive and unfair. Consider this: if the British crown had won, the “founding fathers” would have been considered terrorists, and hanged. Your terrorists are my freedom fighters. Let’s keep that in mind as we pass through new revolutionary times. This is all part of the process of keeping a republic alive for another 250 years.
Digital Rights and the Black-led Movement Against Police Violence
EFF has been working tirelessly to support the digital rights of protestors fighting for justice—and to make sure that technology works for them, not against them. On this page you will find a pictorial guide of what surveillance police may be using at protests, a guide to staying safe both physically and digitally, instructions on how to get an attorney referral from EFF, a quick explainer on cell phone surveillance, an explanation of your constitutional right to film police, and much more.
A Quick and Dirty Guide to Cell Phone Surveillance at Protests
Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance. Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.
‘BlueLeaks’ exposes sensitive files from hundreds of police departments
The journalist collective DDoSecrets published nearly 270GB of data on Juneteenth: the date commemorating the end of US enslavement.
Exploiting a crisis: How cybercriminals behaved during the outbreak
From Microsoft Threat Protection Intelligence Team -In the past several months, seemingly conflicting data has been published about cybercriminals taking advantage of the COVID-19 outbreak to attack consumers and enterprises alike. Big numbers can show shifts in attacker behavior and grab headlines. Cybercriminals did indeed adapt their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information. More…
United States wants HTTPS for all government sites, all the time
Making .GOV domains secure – it’ll take “a few years” yet
New Threat Hunting Blog: Introducing Malware of the Day
Keith Chew has published the first installment of our new blog series, “Malware of the Day!”. Each week we will select a replication sample of real-world malware that has been propagated “in-the-wild” and perform a basic dynamic malware analysis upon it.
The primary objective is to capture the network traffic generated by running malware samples in a lab environment and share them with the community. Our goal is to help you more easily identify potential threats on your network by becoming familiar with the network communication methods commonly seen from observed malware.
iOS 14, macOS Big Sur, Safari to give us ‘No, thanks!’ option for ad tracking
At WWDC, Apple promised to double down on data protection in its upcoming iOS 14, macOS Big Sur, and Safari releases.
Power Play: What John Bolton’s New Book Says About U.S. Cybersecurity
John Bolton’s new book is a hot topic right now on both sides of the political aisle. But one thing you may not hear about in mainstream media coverage is what the former U.S. Ambassador and National Security Advisor has to say about the Trump administration’s view on cybersecurity, and what he and the president were trying to accomplish. In “The Room Where It Happened: A White House Memoir,” Bolton writes that the Obama administration’s defensive approach to nation-state cyber attacks was not aggressive enough, and that he and Trump wanted to give U.S. military hackers more freedom to go on cyber offense. “We needed to do two things: first, we needed a Trump Administration cyber strategy, and second, we needed to scrap the Obama-era rules and replace… Read more
Share
JUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com