Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

9/11 – Not Forgotten

9-11Today is the 20th anniversary of a day that I will never forget.  I was driving home after dropping my son off at school, and listening to the KQRS Morning Show with Tom Barnard on the radio when they started reporting that a plane had flown into the World Trade Center.  I made it home in time to see the second plane crash into the second tower on television.  Still gives me chills as I write this.

In the last week President Biden has gotten us out of the twenty year war in Afghanistan.  So reminiscent of Saigon, April 30 1975. And another in a long string of foreigners who failed in Afghanistan.

Two French filmmakers, Jules and Gedeon Naudet, were in New York City that day making a documentary, following the day in the the life of a rookie firefighter.  The day they captured was later broadcast on CBS in March of 2002.  It is available on DVD.  I have never seen it on TV since, which is a shame, because that terrible day was full of heroism and sacrifice, both on the ground in New York and Washington DC, and in the air over Pennsylvania on Flight 93.  The deaths of over 3000 people at the hands of Islamic terrorists should never be forgotten.

Let’s roll.

Cisco’s SD-WAN connects electric race car on the Red Bull track with a driver 43 miles away

A driverless car will do a lap before the races in Spielberg, Austria this weekend.

CISA Insights on Risk Considerations for Managed Service Provider Customers

Original release date: September 3, 2021

CISA has released a new CISA Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides Managed Service Provider (MSP) customers a framework for reducing risk.

This framework is designed for government and private sector organizations of all sizes, and it suggests considerations for IT management planning, best practices, and tools for reducing overall risk. This resource divides guidance across these areas: (1) senior executives and boards of directors (strategic decision-making); (2) procurement professionals (operational decision-making); and (3) network administrators, systems administrators, and front-line cybersecurity staff (tactical decision-making).

Read CISA’s latest blog, visit: CISA.gov/blog/2021/09/02/going-beyond-assessing-security-practices-it- service-providers.

To view this CISA Insights, please visit: CISA.gov/publication/risk-considerations-msp-customers. For additional supply chain risk management information or resources, visit CISA.gov/ict-supply-chain-library.

Fake pirated software sites serve up malware droppers as a service

Looking for free downloads of popular commercial software suites, or games?  You may end up with a nasty infection instead.

Most of the bait pages we found are hosted on WordPress blog platforms. Download buttons on these pages link to another host, passing a set of parameters that includes the package name and affiliate identifier codes to an application that then redirects the browser session to yet another intermediary site, before finally arriving at a destination.

Some clicks on bait pages are directed to a download site that hosts a packaged archive containing malware. Others are steered to browser plugins or applications that fall in a potentially unwanted grey area.

Visitors who arrive on these sites are prompted to allow notifications; If they allow this to happen, the websites repeatedly issue false malware alerts. If the users click the alerts, they’re directed through a series of websites until they arrive at a destination that’s determined by the visitor’s operating system, browser type, and geographic location.  More…

You Can Now Stop Your iPhone Apps from Tracking Your Activities

Apple has rolled out App Tracking Transparency (ATT) feature in the iOS 14.5 update. Find out how this feature works and why some groups are applauding […]

The post You Can Now Stop Your iPhone Apps from Tracking Your Activities appeared first on CHIPS.

6 cybersecurity training best practices for SMBs

Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Here are an expert’s cybersecurity training tips.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.