A quick Saturday digest of cybersecurity news articles from other sources.
Porn blast disrupts bail hearing of alleged Twitter hacker
An alleged hacker’s bail hearing held online via Zoom with screen sharing enabled… what could possibly go wrong? Well, damn near everything as it turns out. Maybe IT needs to help these judges learn how Zoom works?
Top 5 Questions About Ransomware and Digital Extortion Methodology
The world of ransomware and digital extortion is full of threats and uncertainties. At our recent New York and Philadelphia virtual conference, cybersecurity attorney Daniel Pepper addressed five major questions surrounding ransomware. According to Pepper, the top ways he’s seeing cybercriminals gain access to corporate networks to launch ransomware are: 1) Vulnerable ports left open on the internet; 2) Phishing emails made to look quite legitimate from savvy threat actors; 3) Social engineering attacks, although a little less frequent now, aimed at convincing victims to provide credentials to a particular system; and 4) Remote Desktop Protocol (RDP) exploits are becoming the most common way in which we’re seeing ransomware deployed: through Remote Desktop Protocol (RDP) exploits…. Read more
NSA Releases Guidance on Limiting Location Data Exposure
Original release date: August 6, 2020
The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA’s guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.
WordPress Auto-Updates: What do you have to lose?
This entry was posted in WordPress Security on August 6, 2020 by Matt Barry
A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and themes directly from the WordPress admin dashboard. Read more…
New Cybersecurity Classes From Cybrary
During this time, cybersecurity is at the forefront of every organization’s mind. Increase traffic to websites, along with remote employees, has created a hotbed for hackers. Your IT and cybersecurity skills are more valuable than ever before, and right now is the best time to improve them.
We have a few new courses that we think you’d love. Check them out and let us know what you think!
- Fundamentals of Vulnerability Management
- DNSTwist Fundamentals
- Introduction to the OWASP API Security Top 10
- Incident Response Lifecycle
If you like to read, our community releases new blog posts every day, which is a great way to keep up with industry trends. The Cybrary Blog >>
Does Insurance Cover COVID-19 Losses?
In theory, it seems quite simple: You carry business interruption insurance, your business suffers significant losses that you can document, and your coverage does not exclude viruses. Still, legal experts say fulfilling such claims may be an uphill battle.
“Insurers are denying the vast majority of claims, and many policyholders have already filed lawsuits seeking court rulings that their COVID-19-related losses are covered,” said Tamara Bruno, a partner at the global law firm Pillsbury Winthrop Shaw Pittman. Read more…
Android phones could spy on users via flaws in Qualcomm chip
Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.
CIS Releases 2019 Year in Review
Original release date: August 11, 2020
The Center for Internet Security (CIS) has released its 2019 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights CIS’s role in improving cyber defense and MS-ISAC’s advances in membership, monitoring, cyber education, and information sharing with partners.
AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Original release date: August 12, 2020
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. Read more…
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com