A quick Saturday digest of cybersecurity news articles from other sources.
Equifax Security Breach Is A Complete Disaster… And Will Almost Certainly Get Worse
‘Pulse wave’ DDoS – another way of blasting sites offline
If there’s one thing we’ve learned, it’s that any new way of DDoSing will reveal that there are a huge number of undefended devices online.
It’s baaaack: Locky ransomware is on the rise again
Locky had been quiet until new variants started appearing last week. Here’s what you need to know
Data security firm says major ransomware attack is underway
Data security firm Barracuda Networks is warning of an ongoing ransomware attack targeting industries including health care after it logged about 20 million attempts over 24 hours through an email attachment designed to look like a payment confirmation, says Eugene Weiss, Barracuda Content Intelligence Team leader. The sender’s address is spoofed to impersonate someone the recipient trusts, and data encryption may begin when the attached file is opened.
Who will own the data from your autonomous car?
If you’re hoping that Congress to lock in protection for your privacy, you should probably lower your expectations.
Hurricane-Related Scams
09/08/2017 01:56 PM EDT Original release date: September 08, 2017
As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.
To avoid becoming a victim of fraudulent activity, users and administrators should consider taking the following preventive measures:
- Review the information from the Federal Trade Commission (FTC) on Wise Giving in the Wake of Hurricane Harvey.
- Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Security Tip Using Caution with Email Attachments.
- Refer to US-CERT’s Security Tip on Avoiding Social Engineering and Phishing Attacks.
Trump’s cybersecurity advisers quit, warning of ‘insufficient attention’
Departing members leave Trump with a list of recommendations that look a lot like … a plan. They cited “insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend, including those impacting the systems supporting our democratic election process”. (more rational people abandon the burning clown car.)
Share
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com