Cybersecurity Weekly: Model response to cyber attack, Ecuador data leak, whistleblower phishing site
1. Arizona schools provide model for managing ransomware
On Wednesday, September 4, 2019, ransomware was discovered at Flagstaff Unified School District in Arizona. Schools were closed on Thursday and Friday of that week, but reopened after the weekend. No ransom was paid, and only two school days were lost. This case is a great example of how to prepare for and mitigate the effects of ransomware.
Read more »
2. Your users aren’t the weakest link — they’re integral to your security program
As a security concept, zero trust is based on the principle that organizations should never automatically trust anything inside or outside their perimeters. Instead, they must verify everyone and everything trying to connect to their systems before granting access. This is a responsibility held by everyone, and it requires a unified effort to be successful.
Read more »
3. Marketing analytics company leaks deep profiles of entire Ecuador population
A marketing analytics company just leaked personal information from the entire population of Ecuador. The leaked database includes records gleaned from Ecuadorian government registries, an automotive association and the Ecuadorian national bank. These leaked records included full names, date of birth, address, email address, phone numbers and taxpayer IDs.
Read more »
4. Phishing attack targets The Guardian’s whistleblowing site
The Guardian’s SecureDrop whistleblower submission site was mimicked by a phishing page that attempted to harvest the unique code names of its sources. Once the attackers gain access to a source’s codename, they can login to The Guardian’s real SecureDrop site and steal information and communications.
Read more »
5. U.S. sues Edward Snowden over his memoir
The former IT contractor turned whistleblower failed to get government clearance for the book’s allegedly sensitive material and is now being sued for violation of non-disclosure agreements. the U.S. Attorney’s Office said it aims “to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review.”
Read more »
6. The defender’s dilemma
Officials at the Homeland Security Department think they can bring more of that limited cyber talent into government by flipping the hiring process on its head. The Cyber Talent Management System, set to debut in early 2020, will do away with entire General Schedule system and give Homeland Security officials more flexibility in the jobs, salaries and benefits.
Read more »
7. Researcher drops phpMyAdmin zero-day affecting all versions
The flaw was given a medium rating because of its limited scope that only allows an attacker to delete any server configured in the setup page of a phpMyAdmin panel on a victim’s server. However, the vulnerability is trivial to exploit because other than knowing the URL of a targeted server, an attacker doesn’t need any other information, like the name of the databases.
Read more »
8. Emotet returns from summer vacation, ramps up stolen email tactic
Less than a month after reactivating its command and control servers, the Emotet botnet has come to life by spewing spam messages to countries around the globe. To protect against this revival of Emotet, people should employ strong passwords, opt in to multi-factor authentication and keep an eye out for unexpected email messages.
Read more »
9. 125 new flaws found in routers and NAS devices from popular brands
According to security researchers, all of the widely-used devices they tested had at least one web application vulnerability that could allow an attacker to gain remote shell access or access to the administrative panel of the affected device. These vulnerabilities include cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection and several others.
Read more »
10. Gamification: A winning strategy for cybersecurity training
Studies show that 90% of data breaches are caused by human error — usually caused by a phishing campaign or similar attack. As a result, employee security awareness training has come under sharp focus as companies work to combat the ongoing epidemic of cybercrime. So how can these companies get their employees to care about the training? Enter, gamification.
Read more »
Comments
-
JDMurray Admin Posts: 13,099 AdminIs anybody besides me reading (listening to, actually) the Ed Snowden book? I haven't found "the good stuff" yet. The first five chapters are Snowden's childhood back-story filler that I'm not interested in. I need to skip ahead a bit.
-
Infosec_Sam Admin Posts: 527 AdminJDMurray said:Is anybody besides me reading (listening to, actually) the Ed Snowden book? I haven't found "the good stuff" yet. The first five chapters are Snowden's childhood back-story filler that I'm not interested in. I need to skip ahead a bit.