WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Serious D-Link router security flaws may never be patched

Six routers with serious security flaws are considered end of life (EOL) and may never be updated.  The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014.

NCSC Releases 2018 Annual Review

10/19/2018 08:13 PM EDT  Original release date: October 19, 2018

The United Kingdom’s (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats.

NCCIC encourages users and administrators to review NCSC’s 2018 Annual Review for more information.

Using Secure Shell – maybe not secure? libssh Releases Security Updates

10/19/2018 05:43 PM EDT Original release date: October 19, 2018

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.

Russian trolls messing with elections again

A few weeks ahead of mid-term elections in the US, as social media platforms try to plug leaks that let in waves of meddling and propaganda that soaked the country in 2016, Twitter on Wednesday released all the tweets, images and videos it believes have been planted by “state-backed information operations.”

35 million US voter records up for sale on the dark web

He or she is selling off the databases by state. Kansas’s voter database has already been sold and published, and Oregon is next up for sale.

FBI Releases Article on Defending Against Payroll Phishing Scams

10/16/2018 07:14 PM EDT  Original release date: October 16, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

National Cybersecurity Awareness Month: Critical Infrastructure Cybersecurity

10/23/2018 06:38 AM EDT  Original release date: October 23, 2018

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

NCCIC encourages users and administrators to review the following:

• Your Part in Protecting Critical Infrastructure,
• Critical Infrastructure Cyber Community Voluntary Program webpage, and
• Critical Infrastructure Sectors.