A quick Saturday digest of cybersecurity news articles from other sources.
North Korean Malicious Cyber Activity
Original release date: August 19, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as BLINDINGCAN—used by North Korean actors.
Meet George Jetson
Japan has launched a new flying car that gets us closer to the day when flying is possible for anyone. Japan’s SkyDrive Inc., among the myriads of “flying car” projects around the world, has carried out a successful though modest test flight with one person aboard.
Will President Trump Pardon Edward Snowden?
Will Trump pardon Snowden? And why is this question suddenly coming up now? The issue popped up as Marcel Kolaja and more than two dozen members of the EU Parliament sent an open letter to President Trump, asking him to consider Snowden a whistleblower who deserves protection instead of a criminal who deserves prosecution. Snowden, a former contractor at the NSA, is charged with espionage… Read more
Inside an FBI Sting: The Ransomware Gang Trying to Bribe Your Employees
The DOJ just unsealed charges in a bombshell case that everyone in cybersecurity should read. We go inside an FBI cyber sting that reveals high-dollar bribery efforts by ransomware operators. These bribes can turn employees into malicious insiders who secretly help launch an attack on your organization. The court documents read like a John Grisham novel: the money, the deceit, the opportunity for revenge—it is all here. But this case is real, with real lessons for InfoSec. This scheme came to the surface on July 16, prosecutors say, when Russian national Egor Kriuchkov used WhatsApp to message an employee at a company he wanted to attack. According to industry publication Electrek, the target was Tesla… Read more
Confessions of an ID Theft Kingpin, Part I
At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.
NordVPN: How to protect your organization from DDoS attacks
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.
2020 CWE Top 25 Most Dangerous Software Weaknesses
Original release date: August 20, 2020
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.
Using AI to fight hand-crafted Business Email Compromise
Using natural language models to identify Business Email Compromise (BEC)
10 WordPress Security Mistakes You Might Be Making
On August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. Read entire article and /or watch video
Linux is finally getting this popular password manager
After ten years of asking and the longest forum thread in the company’s history, 1Password is heading to Linux.
What’s the difference between credit freeze and a credit lock?
Data breaches are frequent and far reaching, putting your credit information at risk. The only way to ensure no one can access your credit file without your permission is with a credit freeze or credit lock. Learn the difference and how you can use them to protect your credit file.
Working Remotely: How to be Safe, Secure, and Successful
Between working at the office, or school, or remotely, the principles of security can become something of a moving target. For some, this creates an uncertainty with making sure that the right policies are applied. Reducing risk on at-home networks, keeping information secure during virtual meetings and having a strong password policy are some best practices that can be implemented quickly and effectively from wherever you are working.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com