A quick Saturday digest of cybersecurity news articles from other sources.
CISA Releases Securing Industrial Control Systems: A Unified Initiative
Original release date: July 7, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA’s plan to improve, unify, and focus the effort to secure ICS and protect critical infrastructure.
CISA encourages users—including ICS and critical infrastructure partners—to review Securing Industrial Control Systems: A Unified Initiative for more information.
Who’s Behind Wednesday’s Epic Twitter Hack?
Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of the attack, and point to clues about who may have been behind it. Read entire story…
CISA Releases Emergency Directive on Critical Microsoft Vulnerability
Original release date: July 16, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 20-03 addressing a critical vulnerability—CVE-2020-1350—affecting all versions of Windows Server with the Domain Name System (DNS) role enabled. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is considered “wormable” because malware exploiting it on a system could, without user interaction, propagate to other vulnerable systems.
Although Emergency Directive 20-03 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:
- CISA Emergency Directive 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday
- CISA Blog on Emergency Directive (ED 20-03) Windows DNS Server Vulnerability
- Microsoft Security Vulnerability Information for CVE-2020-1350
- Microsoft Security Blog Post: CVE-2020-1350 Vulnerability in Windows DNS Server
Is GNOME or Unity the desktop for you?
It’s 2020, and we’re talking about the Unity desktop again. Jack Wallen discusses the pros and cons of GNOME and Unity and offers his opinion on which Linux desktop might be right for you.
The U.S. is ‘looking at’ banning TikTok and other Chinese social media apps, Mike Pompeo says
Washington’s top diplomat added that people should only download the app “if you want your private information in the hands of the Chinese Communist Party.” Read more →
Company web names hijacked via outdated cloud DNS records
Why hack into a server when you can just send visitors to a fake alternative instead? US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals. Many of these sites were temporary or promotional sites that were left in place even though they are not currently being used by the original registrant. Again, it is good security practice to take it down if you are not using it.
Flashy Nigerian Instagram star extradited to US to face BEC (Business Email Compromise) charges
It’s a short jump from a Rolls Royce ride to extradition from the UAE. Goodbye, Dubai, goodbye, Palazzo Versace, hello, Chicago jail cell.
Cosmic Lynx: The Rise of A Russian BEC Group
“We have observed more than 200 BEC campaigns linked to Cosmic Lynx since July 2019, targeting individuals in 46 countries on six continents. Unlike most BEC groups that are relatively target agnostic, Cosmic Lynx has a clear target profile: large, multinational organizations. Nearly all of the organizations Cosmic Lynx has targeted have a significant global presence and many of them are Fortune 500 or Global 2000 companies.” Click through for Indications of Compromise (IOCs).
More Robocall News – U.S. Supreme Court upholds cellphone robocall ban
The Supreme Court on Monday upheld a 1991 law that bars robocalls to cellphones.
Mozilla turns off “Firefox Send” following malware abuse reports
Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks.
BYOD: A trend rife with security concerns
Researchers explored the implications of allowing employees to bring their own devices for sensitive work tasks.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com