Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Second company claims it can unlock iPhone X

A tiny US company called Grayshift is reportedly quietly touting software it claims can unlock Apple’s flagship handsets, the iPhone X and 8.


How women are helping to fight cybercrime

We asked some female Sophos professionals about their roles in cybersecurity.


Microsoft patches RDP vulnerability. Update now!

Microsoft has released a preliminary fix for a vulnerability rated Important and which is present in all supported versions of Windows in circulation.


Amazon’s trying to get Alexa to stop laughing at us

News on the artificial intelligence frontier.  Amazon’s Alexa has been startling people by randomly laughing, and it is creeping people out.


Russia accused of burrowing into US energy networks

Russia has been accused of so many things recently, it’s easy to lose track. Now we can add cyber-intrusion and more to the list.


TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

03/15/2018 09:40 AM EDT

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).


880,000 payment cards affected in travel company data breach

Orbitz believes crooks may have gotten at customers’ names, addresses, dates of birth, and more.

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.