Finally – Your Tax Dollars At Work Doing Something Useful for Small Business Owners
Original release date: July 13, 2020
The Federal Trade Commission (FTC) has released an article on their Protecting Small Business playlist, which is a collection of videos with tips for small businesses to protect their networks from common cyber scams and cyberattacks.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages small businesses to review the FTC article, CISA Cyber Essentials page, and CISA Resources for Business page for more information on protecting against cyberattacks.
Government officials are warning that Tor (The Onion Router) software is a double-edged sword. On the surface, Tor is a great security resource, allowing users to browse the web anonymously through encryption and routing. This setup, managed by the Tor Project, promotes privacy and the free, democratic use of the internet. But now, CISA and the FBI want security professionals to watch out for… Read more
Original release date: July 1, 2020
This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.
This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.
Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that provides internet anonymity and anti-censorship tools. While Tor can be used to promote democracy and free, anonymous use of the internet, it also provides an avenue for malicious actors to conceal their activity because identity and point of origin cannot be determined for a Tor software user. Using the Onion Routing Protocol, Tor software obfuscates a user’s identity from anyone seeking to monitor online activity (e.g., nation states, surveillance organizations, information security tools). This is possible because the online activity of someone using Tor software appears to originate from the Internet Protocol (IP) address of a Tor exit node, as opposed to the IP address of the user’s computer.
CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes. Click here for a full PDF version of this report, including the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK methods.
You don’t have to pay to vote in the US. Up until recently, you wouldn’t have necessarily known that, were you to have run a Google search for how or where to vote. Such a search would have been polluted with scammy ads like this one offering “same-day processing” of voter registration for $129. No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so – and to grab your PII in the process.
Microsoft announced that the US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing campaign. Microsoft said the sophisticated campaign targeted users in sixty-two countries around the world, and it capitalized on fears surrounding COVID-19. Notably, the attackers didn’t use credential-harvesting login portals to trick victims into entering their usernames and passwords. Instead, the emails contained links that requested permissions for a malicious web app that impersonated Office 365. More…
These days everything you do is on video tape somewhere. And you put all your information online. Interesting story of how the police can identify someone from news video footage and a grainy image of a tattoo by following the evidence chain from website to website.