Trending Security Topics

Cybersecurity Awareness Basics

How to avoid identity theft, frauds, scams and more. Click below for more information.

Cybersecurity Basics


Ursnif Banking Trojan Variant Steals More Than Financial Data

In many cases, a phishing email is sent to a victim that contains a malicious attachment - typically an Excel spreadsheet. If the victim clicks on an "Enable Content" button, they will not see the spreadsheet; rather an embedded macro code, which contains PowerShell commands, is then downloaded. From “Bank Info Security” Scott Ferguson (3/13/2019)
 

Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online. From “Krebs On Security” Brian Krebs (3/19/2019)

MS-ISAC Releases Security Primer On TrickBot Malware

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation. From “US-CERT CISA” (3/14/2019)

 

Infographic: Don’t Let Cybercriminals Spoil Your Day

Cybersecurity is a topic that we all know we should look into one day. Well, today is that day. But, instead of making you trawl through an ocean of information on the subject, we’ve got a cool infographic from EveryCloud. From “Techaeris” (2/21/2019)

 

Fictitious Notification Regarding The Release Of Funds Supposedly Under The Control Of The Office Of The Comptroller Of The Currency

Any communication claiming that the OCC is involved in holding any funds for the benefit of any individual or entity is fraudulent. The OCC does not participate in the transfer of funds for, or on behalf of, individuals, business enterprises, or governmental entities. From “OCC Public Affairs” (3/15/2019)

 

Top 5 Data Recovery Tips

Hard drives die—it happens all the time—but what can you do? You can try to recover that data. Or better yet: Plan ahead so you don't have to fret. Start thinking about the inevitable now—don't wait for the bad stuff to happen. Here are five data recovery tips. From “Tech Republic” Tom Merritt (3/15/2019)

 

10 Data Security Mistakes Small And Midsized Businesses Must Avoid

Turn on the news and you’re sure to hear about some major data breach, and the victims in those cases always appear to be either big corporations or government institutions. Now, those companies take data security quite seriously and pour tons of resources to keep their defenses up-to-date. If they are at risk, imagine how easy it must be for hackers and other malicious entities to bypass the security protocols in place for small and medium-sized businesses. That’s why you need to investigate gaps in your company’s data security measures and prevent the following data security mistakes from happening. From “Tech Genix” Rahul Sharma (3/12/2019)

 

Microsoft Ending Support For Windows 7

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. From “US Department of Homeland Security CISA” (3/19/2019)

 

New Zealand-Related Scams And Malware Campaigns

In the wake of the recent New Zealand mosque shootings, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-todoor solicitations relating to the event. From “US Department of Homeland Security CISA” (3/18/2019)

 

IRS Launches ‘Dirty Dozen’ Campaign On Tax Scams

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information. From “US-CERT CISA” (3/04/2019)

 

Intel Releases Security Advisories On Multiple Products

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. From “US-CERT CISA” (3/15/2019)

 

Supply Chain Integrity Month

April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of a network environment. From “US-CERT CISA” (4/01/2019)