A quick Saturday digest of cybersecurity news articles from other sources.
Securing New Devices / Data Privacy Day
From MS-ISAC –
The holiday season has sadly come to an end, but hopefully you were able to treat yourself to some of the latest gadgets! Just remember that, however impressive the latest iPhone or gaming computer might be, the ability and knowledge to properly secure these devices is more important than ever, as any device that connects to the internet is potentially vulnerable and could become compromised. In honor of Data Privacy Day (January 28), here are five great tips to keep in mind that can help you securely configure your new devices! continue reading →
DDoS-Guard To Forfeit Internet Space Occupied by Parler
Parler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from their stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients — including the Internet addresses currently occupied by Parler.
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
Original release date: January 15, 2021
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
Europol announces bust of “world’s biggest” dark web marketplace
Dark web servers are hard to find – but not impossible.
Zoom Insider Targeted Users in China Dissident Crackdown, FBI Charges
A complaint and arrest warrant were recently unsealed in U.S. federal court, charging former Zoom employee Xinjiang Jin, also known as Julien Jin, with several crimes he carried out on behalf of China. Jin worked for U.S.-based Zoom in the People’s Republic of China (PRC). The FBI says he helped the PRC reveal political opponents and shut down Zoom meetings that took place in May and June 2020. The meetings involved U.S. citizens and were part of efforts to commemorate the 1989 Tiananmen Square massacre. He also fabricated evidence that hosts and attendees of these meetings were involved with terrorist organizations and the distribution of child pornography. Jin is believed to be in China, and the FBI released a wanted poster. The U.S. government has long warned… Read more
SolarWinds Breach: ‘Possible Tip of the Attack Iceberg’
As organizations worldwide continue examining their networks for tactics, techniques, and procedures used in the SolarWinds cyberattack, something surprising is happening. Some revealed the attack TTPs were being carried out within their network despite having not applied any of the compromised SolarWinds updates or use the SolarWinds Orion product. And other organizations reported finding… Read more
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com