Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Agencies Propose Requirement For Computer Security Incident Notification
The proposed rule is intended to provide the agencies with an early warning of significant computer security incidents and would require notification as soon as possible and no later than 36 hours after a banking organization determines that an incident has occurred.
From “Federal Deposit Insurance Corporation” (12/18/2020)
The U.S. Department of Justice, the FBI, the U.S. Postal Inspection Service, and six other federal law enforcement agencies announced the completion of the third annual Money Mule Initiative, a coordinated operation to disrupt the networks through which transnational fraudsters move the proceeds of their crimes. Money mules are individuals who assist fraudsters by receiving money from victims of fraud and forwarding it to the fraud organizers, many of whom are located abroad. Some money mules know they are assisting fraudsters, but others are unaware that their actions enable fraudsters’ efforts to swindle money from consumers, businesses, and government unemployment funds.
From “Federal Deposit Insurance Corporation” (12/02/2020)
FBI Warns Of BEC Scammers Using Email Forwarding
The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification alert, noting that cybercriminals are increasingly implementing auto-forwarding rules on victims' web-based email clients to conceal their activities. According to the FBI, cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
From “Security Magazine” Maria Henriquez (12/02/2020)
How To Protect Your Personal Data From Being Sold On The Dark Web
Cybercriminals who capture your personal information often do one of two things with it. They'll either use it themselves to directly hack your accounts, or they'll sell it on the Dark Web. And once your personal data is up for sale, buyers can use it for financial gain or for doxing, a practice where malicious actors publicly reveal private information about you for all to see.
From “Tech Republic” Lance Whitney (12/01/2020)
Customer Guidance On Recent Nation-State Cyber Attacks
This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor.
From “Microsoft Security Response Center” (12/13/2020)
Third-Party Liability For Ransomware Attacks: Are You Covered?
Unfortunately, when faced with a possible ransomware attack, organizations need to consider the unintended victims and the potential for liability to reliant third parties if their computer systems remain inoperable or their data is lost.
From “Credit Union Times” Oliver Sepulveda (12/03/2020)
To Do In 2021: Get Up To Speed With Quantum Computing 101
For business leaders who are new to quantum computing, the overarching question is whether to invest the time and effort required to develop a quantum strategy, Savoie wrote in a recent column for Forbes. The business advantages could be significant, but developing this expertise is expensive and the ROI is still long term. Understanding early use cases for the technology can inform this decision.
From “Tech Republic” Veronica Combs (11/23/2020)
Mobile Fraud Campaign Nabs Millions From US And EU Banks
Gritzman said to defend against future attacks on mobile devices, users should avoid jailbreaking or rooting any devices, ensure all system updates and app updates take place on time, and obtain apps directly from official app stores.
From “IT Pro” Rene Millman (12/17/2020)
Cyber Actors Target K-12 Distance Learning Education To Cause Disruptions And Steal Data
The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.
From “Cybersecurity and Infrastructure Security Agency” (12/10/2020)
COVID-19 Vaccines Are In The Pipeline. Scammers Won’t Be Far Behind.
If you get a call, text, email — or even someone knocking on your door — claiming they can get you early access to the vaccine, STOP. That’s a scam. Don’t pay for a promise of vaccine access or share personal information.
From “Federal Trade Commission” Colleen Tressler (12/08/2020)
Ransomware Gang Devises Innovative Extortion Tactic
The gang behind the Ragnar Locker ransomware posted an ad on Facebook in an attempt to publicly shame a victim so it would pay a ransom. Security experts say the innovative tactic is indicative of things to come.
From “Bank Info Security” Doug Olenick (11/13/2020)
Data Privacy Day Is Less Than A Month Away
Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.
From “National Cybersecurity Alliance” (1/05/2020)
Fake Calls From Apple And Amazon Support: What You Need To Know
Scammers are calling people and using the names of two companies everyone knows, Apple and Amazon, to rip people off. Here’s what you need to know about these calls.
From “Federal Trade Commission” Alvaro Puig (12/03/2020)
Zoom Impersonation Attacks Aim To Steal Credentials
A new Zoom-themed phishing attack is circulating through email, text and social media messages, aiming to steal credentials for the videoconferencing service. The Better Business Bureau (BBB) warned last week that the attack uses Zoom’s logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule.
From “Threat Post” Lindsey O’Donnell (12/01/2020)
Why Companies And Consumers Must Collaborate To Stop The Plundering Of IoT Systems
This shift is just getting started. IoT-enabled scams and hacks quickly ramped up to a high level – and can be expected to accelerate through 2021 and beyond. This surge can, and must, be blunted. The good news is that we already possess the technology, as well as the best practices frameworks, to mitigate fast-rising IoT exposures.
From “Security Boulevard” Byron Acohido (11/09/2020)
OUCH! Newsletter: Securing The Generation Gap
Trying to securely make the most of today’s technology can be overwhelming for almost all of us, but it can be especially challenging for family members not as used to or as familiar with technology. Therefore, we wanted to share some key steps to help secure family members who may be struggling with technology and might misunderstand the risks that come with using it.
From “SANS” Chris Dale (12/02/2020)