A quick Saturday digest of cybersecurity news articles from other sources.
Romance Scams Educational Toolkit and Webinar
This Valentine’s Day, we’re taking the opportunity to bring awareness to the prevalence of online dating and romance scams. Join us and educate your organization and community with our free toolkit, including printable tip sheets, social media graphics, an infographic, and fake dating profiles of different types of scammers!
Get your toolkit here
True Love or Candy-Coated Con: Identifying Romance Scams
Featured Speakers:
- Tonia Dudley, VP, CISO, Cofense
- Buddy Loomis, Senior Director, LE Ops & Investigations, Match Group
- Dr. Hannah Shimko, Communications and Policy Director, Online Dating Association
- Matthew O’Neill, Head of the Global Investigative Operations Center, U.S. Secret Service
Register to attend
Serious Security: The Samba logon bug caused by outdated crypto
Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated.
In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS, short for common internet file system. But there was nothing “common” or “open” about it in the early 1990s, when Australian academic Andrew Tridgell set out to correct that by implementing a compatible system that would let him connect his Unix computer to a Windows network, and vice versa.
Back then, the protocol was officially referred to as SMB, short for server message block (a name that you still hear much more frequently than CIFS), so Tridge, as Andrew Tridgell is known, understandably called his project “SMBserver”, because that’s what it was. But a a commercial product of that name already existed, so a new moniker was needed. That’s when the project became known as Samba, a delightfully memorable name that resulted from a dictionary search for words of the form S?M?B? More…
Is Cybercrime the World’s Third Largest Economy After the U.S. and China?
Cybersecurity Ventures released a new report that claims cybercrime is going to cost the world $8 trillion in 2023. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.
The number sounds outlandish, but they stated: “We expect global cybercrime damage costs to grow by 15 percent per year over the next three years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.
“Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
The 2022 Official Cybercrime Report published by Cybersecurity Ventures and sponsored by eSentire, provides cyber economic facts, figures, predictions and statistics which convey the magnitude of the cyber threat we are up against, and market data to help understand what can be done about it.
Link to the article where you can download the report and see the VIDEO:
https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isn’t great, but the good news isn’t too bad… More…
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations.
The vulnerability, an unauthenticated stored cross-site scripting vulnerability, is arguably the most dangerous variant of cross-site scripting as it provides the easiest path to site takeover, and has been assigned an identifier of CVE-2023-0084.
Mohammed reached out to the plugin developer independently the same day and a patched version was made available a few days later, on January 8, 2023.
OpenSSL fixes High Severity data-stealing bug – patch now!
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
Share
FEB
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com