Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

September Special Events

September is a busy time for me, there are a wedding anniversary, and three birthdays in my family in the first week.  Then there are a panoply of other special events.  At least they are special enough to be recognized in this weblog.  Here they are.  Please celebrate responsibly.  Or not.  But have some fun, we all deserve it this year.

Critical Vulnerability!  CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

Original release date: September 18, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.

Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.

ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.  More…

How this veteran got into cybersecurity with CompTIA certifications

Kira Hays has always had an interest in IT, inspired by her mother, who worked in IT. Her first computer was an Apple Macintosh Performa 575, and her mother encouraged her to tinker with it. “I was very curious about IT and had shown an aptitude in school for it. My mother gave me a giant book called the Macintosh Bible and said, ‘Read it. Learn it. And have fun,’” Hays said. “She gave me all the software, and if I broke it, I fixed it. That’s how I learned. I learned by doing.”

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

Original release date: September 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools.

22 cybersecurity courses for aspiring and in-demand IT security pros

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

Android 11 security features and improvements you need to know

Android 11 is finally released, and there are vastly improved security and privacy fixes and features you should know about Google’s mobile operating system. Jack Wallen provides the details.

Who Are the Most Powerful Countries in Cyberspace, and Who’s Gaining?

Who are the most powerful nations in cyberspace? Which countries are most capable of carrying out their national objectives through cyber means? And how can we rank the top 10 global cyber powers? Researchers at Harvard University have answered these questions in a new benchmark report called the National Cyber Power Index (NCPI). The team at the Belfer Center for Science and International Affairs at Harvard’s Kennedy School took what it calls an “all of country approach” to ranking cyber power, identifying seven national objectives that countries pursue using cyber means. According to the NCPI, the most powerful cyber countries in the world are as follows… Read more

Ransomware: Number One Cyber Insurance Claim

Coalition, a cyber insurance company, released a report detailing the categories of cyber attacks as well as the cause behind the attacks for the first half of 2020. The top category of cyber incident so far this year is ransomware. The company says that ransomware accounted for 41% of cyber claims. And the most popular attack vector was phishing, with 54% of cyber attacks starting with an email… Listen here



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.