Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Data Privacy Week: January 24 - 28
Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Week aims to inspire dialogue and empower individuals and companies to take action.
From “National Cybersecurity Alliance” (12/14/2021)
If you help a scammer move stolen money — even if you didn’t know it was stolen — you could get into legal trouble. You’ll be at financial risk, too. If you deposit a scammer’s check, it might clear at first. When it turns out to be a fake check, the bank will want you to repay the full amount. You may be charged fees, and your account may be overdrawn or closed. And using a scammer’s money to buy gift cards and turning over the PIN codes, or sending wire transfers is almost like sending cash. In both cases, the scammer gets the money quickly, and it’s almost impossible to recover.
From “Federal Trade Commission” Bridget Small (12/03/2021)
8 Advanced Threats Kaspersky Predicts For 2022
Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing Kaspersky to predict what threats might lead in the future.
From “Tech Republic” Cedric Pernet (11/19/2021)
Your Weak Passwords Can Be Cracked In Less Than A Second
Security experts keep telling people that they need to use strong and complex passwords to protect themselves and their online information. But despite the advice, too many users continue to rely on weak and simple passwords that require virtually no time to crack.
From “Tech Republic” Lance Whitney (11/17/2021)
Cyber Incident Reporting Mandate Excluded From Final NDAA
Congressional negotiators have scrapped a provision in the must-pass annual defense spending bill that would have required owners and operators of critical infrastructure to report cybersecurity incidents and ransom payments made to criminal gangs. The measure - which continues to carry bipartisan support - was removed from the package at the eleventh hour as lawmakers sought a compromise on requirements for private organizations.
From “Bank Info Security” Dan Gunderman (12/08/2021)
How To Spot, Stop, And Report Post-Disaster Scams
If you or someone you know has been affected by the devastating series of tornadoes that roared across Kentucky, Illinois, Tennessee, Arkansas, and Missouri, coping with the aftermath is never easy. But when scammers target people just trying to recover, it can be even worse. Here are ways to help you and your neighbors avoid common post-disaster scams.
From “Federal Trade Commission” Colleen Tressler (12/13/2021)
Android Malware Infected More Than 300,000 Devices With Banking Trojans
The cybercriminals developed a method for successfully infecting Android users with different banking trojans, which are designed to gain access to user account credentials. The first step was to submit apps to the Google Play Store that had almost no malicious footprint and that actually looked like functional, useful applications, such as QR Code scanners, PDF scanners, cryptocurrency-related apps or fitness-related apps.
From “Tech Republic” Cedric Pernet (12/08/2021)
Before You Join That Crowdfunding Campaign, Read This
If it takes a village to raise a child, crowdfunding may be what it takes to make that invention a reality. But scammers could be behind those crowdfunding efforts and take your money without delivering what they promise.
From “Federal Trade Commission” Emily Wu (11/18/2021)
8-Year-Old HP Printer Vulnerability Affects 150 Printer Models
The first one concerns two exposed physical ports that grant full access to the device. Exploiting it requires physical access and could lead to potential information disclosure. The second one is a buffer overflow vulnerability on the font parser, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.CVE-2021-39238 is also "wormable," meaning a threat actor could quickly spread from a single printer to an entire network. As such, organizations must upgrade their printer firmware as soon as possible to avoid large-scale infections that start from this often ignored point of entry.
From “Bleeping Computer” Bill Toulas (11/30/2021)
CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity. From “Cybersecurity & Infrastructure Security Agency” (11/24/2021)
SMS About Bank Fraud As A Pretext For Voice Phishing
Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.
From “Krebs on Security” Brian Krebs (11/10/2021)
CISA Cybersecurity Awareness Program
The CISA Cybersecurity Awareness Program is a national public awareness effort aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.
From “Cybersecurity & Infrastructure Security Agency” (12/01/2021)