Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Package Theft Statistics

  • More than one-quarter of consumers (26%) have had a package stolen, and most porch pirate incidents occurred at single-unit residential homes (49%) rather than an apartment or condominium (42%).
  • The average value of a stolen package was $81.91, according to respondents.
  • Among package theft victims, 22% had a doorbell camera when the theft occurred and 25% never received a refund for the stolen item(s).
  • 38% believe that doorbell cameras do not deter package thieves.
  • More than one-third (36%) of respondents say advancements in AI technology will help prevent future package theft.

Click on the link to read the complete article

Incident Response Guide for the WWS Sector

01/18/2024 12:00 PM EST

Today, CISA, the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems (WWS) Sector. The guide includes contributions from over 25 WWS Sector organizations spanning private industry, nonprofit, and government entities. This coordination enabled CISA, FBI, and EPA to develop a guide with meaningful value to WWS Sector organizations.

Specifically, the guide provides information about the federal support available at each stage of the cyber incident response (IR) lifecycle and aims to enhance WWS Sector cybersecurity by:

  •     Establishing clear guidance for reporting cyber incidents;
  •     Connecting utilities with available cybersecurity resources, services, and no-cost trainings;
  •     Empowering utilities to build a strong cybersecurity baseline to improve cyber resilience and cyber hygiene; and
  •     Encouraging utilities to integrate into their local cyber communities.

CISA, FBI, and EPA urge all WWS Sector and critical infrastructure organizations to review this guidance and incorporate it into their organizational cyber incident response planning. Organizations can visit CISA.gov/water for additional sector tools, information, and resources.

“The mother of all breaches”: 26 billion records found online

Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches”.

However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources. Enriched data is a valuable asset for any organization because it becomes more useful and insightful.

The researchers stated:

“While the team identified over 26 billion records, duplicates are also highly likely. However, the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors.”

Trello Breach

In other news about leaked personal data, a cybercriminal going by the name of “emo” claims they have 15 million unique records of project management tool Trello accounts for sale.

UK agency: AI expected to increase cyberattack threats

AI will likely empower threat actors and “will almost certainly increase the volume and heighten the impact of cyberattacks,” according to a report from the UK’s National Cyber Security Centre. Hackers are already using AI and will be able to streamline attacks and create malware and phishing messages, the report says.

Full Story: PC Magazine (1/24)


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.