Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

WordPress turns 15 on Sunday May 27

WordPress will be 15 years old this May 27th, 2018!  On Sunday, May 27th, we’re planning a global event celebrating the WordPress 15th Anniversary with WordPress community groups around the world.

Alexa, Siri and Google can be tricked by commands you can’t hear

Researchers have shown how attackers could trick voice assistants.

 CIA’s “Vault 7” mega-leak was an inside job, claims FBI

The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.

Red Hat admins, patch now – don’t let your servers get pwned!

A command injection bug in Red Hat’s DHCP client could allow an attacker to run any command on your computer. As root.

FBI Releases Article on Digital Defense Against ID Theft

05/16/2018 03:10 AM EDT Original release date: May 16, 2018

FBI has released an article on building a digital defense against identify theft. FBI explains that the growing number of data breaches put more people at risk of becoming a victim of identity theft. However, implementing basic security practices can help users minimize their risk.

NCCIC encourages consumers to review the FBI Article and the following NCCIC Tips for more information:

Mozilla Releases Security Update for Thunderbird

05/18/2018 09:15 PM EDT  Original release date: May 18, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

IRS Warns Tax Professionals of Phishing Scam

05/24/2018 07:37 PM EDT  Original release date: May 24, 2018

The Internal Revenue Service (IRS) has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners should be wary of unsolicited emails and forward email phishing attempts related to this scam to phishing@irs.gov.

NCCIC encourages users and administrators to review the IRS news release and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks for more information.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.