Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Finally – Your Tax Dollars At Work Doing Something Useful for Small Business Owners

JFTC Releases Article on Protecting Small Businesses from Cyber Threats

Original release date: July 13, 2020

The Federal Trade Commission (FTC) has released an article on their Protecting Small Business playlist, which is a collection of videos with tips for small businesses to protect their networks from common cyber scams and cyberattacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages small businesses to review the FTC article, CISA Cyber Essentials page, and CISA Resources for Business page for more information on protecting against cyberattacks.

Warning Signs Before a Tor-Based Cyber Attack

Government officials are warning that Tor (The Onion Router) software is a double-edged sword. On the surface, Tor is a great security resource, allowing users to browse the web anonymously through encryption and routing. This setup, managed by the Tor Project, promotes privacy and the free, democratic use of the internet. But now, CISA and the FBI want security professionals to watch out for… Read more

AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

Original release date: July 1, 2020


This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.

This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.

Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that provides internet anonymity and anti-censorship tools. While Tor can be used to promote democracy and free, anonymous use of the internet, it also provides an avenue for malicious actors to conceal their activity because identity and point of origin cannot be determined for a Tor software user. Using the Onion Routing Protocol, Tor software obfuscates a user’s identity from anyone seeking to monitor online activity (e.g., nation states, surveillance organizations, information security tools). This is possible because the online activity of someone using Tor software appears to originate from the Internet Protocol (IP) address of a Tor exit node, as opposed to the IP address of the user’s computer.

CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes.  Click here for a full PDF version of this report, including the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK methods.

Google stops pushing scam ads on Americans searching for how to vote

You don’t have to pay to vote in the US.  Up until recently, you wouldn’t have necessarily known that, were you to have run a Google search for how or where to vote. Such a search would have been polluted with scammy ads like this one offering “same-day processing” of voter registration for $129.  No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so – and to grab your PII in the process.

Microsoft Stops an O365 Phishing Campaign That Attacked CEOs in 60+ Countries

Microsoft announced that the US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing campaign. Microsoft said the sophisticated campaign targeted users in sixty-two countries around the world, and it capitalized on fears surrounding COVID-19.  Notably, the attackers didn’t use credential-harvesting login portals to trick victims into entering their usernames and passwords. Instead, the emails contained links that requested permissions for a malicious web app that impersonated Office 365.  More…

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

These days everything you do is on video tape somewhere. And you put all your information online.  Interesting story of how the police can identify someone from news video footage and a grainy image of a tattoo by following the evidence chain from website to website.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.