Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

The ‘90s Internet: When 20 hours online triggered an email from my ISP’s president

1998 plea for restraint reveals a lost world where the ‘Net was an opt-in experience.

“When checking the system this morning, I noticed your account logged in for over 20 hours,” begins a December 1998 email from the president of my dial-up Internet service provider (ISP) at the time. “Our service is unlimited, but we ask that you actually be using the connection while logged in.”

60,000 Androids have stalkerware-type app Spyhide installed

Stalkerware-type app Spyhide is coded so badly that it’s possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device.

SEC demands four-day disclosure limit for cybersecurity breaches

When is a ransomware attack a reportable matter? And how long have you got to decide?  Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit.

Simply put, if you’re running a company that offers shares to the public, you need to comply with the rules and regulations of the SEC, which are supposed to give your investors some sort of protection against unsubstantiated claims that disingenuously talk up a proposal, or that sneakily misrepresent the level of risk involved.

As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a “recovery program” might not be enough to get things going again……cybersecurity lapses can have dramatic, long-term effects on the value of a business investment.  More…

FBI Warns of Increased Tech Support Scams Using Snail Mail

The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.

“Tech support scammers usually initiate contact with older adult victims through a phone call, text, email, or pop-up window purporting to be support from a legitimate company,” the FBI says. “The scammer informs the victim of fraudulent activity or potential refund for a subscription service.

“Subsequent emails, pop-ups, and texts contain a phone number for the victim to call for assistance. Once the victim calls the number, a scammer tells the victim they have a refund for the victim, however, the only way the money can be sent is by connecting to the victim’s computer and depositing it into the victim’s bank account.”

The scammer then tricks the victim into downloading a remote access tool onto their computer. “The scammer tells the victim they can assist with the refund and convinces the victim to download a software program allowing the scammer remote access to the victim’s computer,” the Bureau says.

“Once a connection is established, the victim is convinced to log on to their bank account. The scammer then supposedly transfers an amount to the victim’s bank account but ‘accidentally’ deposits a much larger amount than intended. The scammer points this ‘error’ out and tells the victim to return the extra money or the scammer will lose their job.”

After playing on the victim’s emotions, the scammer convinces the victim to send the extra money back in cash.

“The scammer instructs the victim to send the money in cash, wrapped in a magazine(s), or similar method of concealment, via a shipping company to a name and address provided by the scammer,” the Bureau says. “Most recently, scammers have instructed victims to ship packages containing money to pharmacies and retail businesses that are equipped to receive shipping company packages.”

The FBI gives the following recommendations to help users avoid falling for these scams:

  • “Never download software at the request of an unknown individual who contacted you.
  • “Never allow an unknown individual who contacted you to have control of your computer.
  • “Do not click on unsolicited pop-ups, links sent via text messages, or email links or attachments. Do not contact the telephone number provided in a pop-up, text, or email.
  • “Never send cash via mail or shipping companies.”

New-school security awareness training enables your employees to recognize social engineering attacks.

Blog post with links:

No More Incandescent Light Bulbs

A rule issued in 2007, rolled back by the Trump administration, and updated last year by the Biden administration, effectively bans the sale of common incandescent light bulbs. The rule went fully into effect on August 1, 2023.  I suspect there might be an exception for incandescent heat lamps.  But seriously, the money you can save switching to LED is considerable, so get with the program!



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.