Submitted by Clark Barrett on February 3rd, 2022
Submitted by John Launchbury on February 3rd, 2022
President Biden signed the K12 Cybersecurity Act which should strengthen the cybersecurity of US K-12 schools. This includes assessing the cybersecurity risks effecting K-12 schools such as securing information systems and protecting student and employee data. Other goals include developing guidelines for this sector to minimize risks, publishing an online training toolkit, and posting the assessment findings and recommendations online. All this effort will be under the direction of the CISA director.
Submitted by Eileen Buckholtz on December 31st, 2021
Beware of Joker malware found in the Color Message app. The malware is part of a an app that promises better colors, emojis and screen overlays. What it really does is subscribe users to unwanted paid premium services controlled by the attackers in a fleeceware attack. Users should monitor bills closely to catch these add-on fees. While these apps are often found outside the Official Google Play store, sometimes they are able to outsmart Google Play's protections by using as little code as possible and hiding it while keeping a small footprint which is hard to detect.
Submitted by Eileen Buckholtz on December 17th, 2021
Meta, the new name for Facebook, has expanded it’s Facebook Protect security program to journalists, government officials, human rights defenders, and activist who are often targets online. The program offers enhances security like two factor authentication and alerts for potential hacking threats. Almost 1 million accounts have turned on this protection since it came online in September 2021. It also gives members tips for improving security. #ScienceofSecurity https://thehackernews.com/2021/12/meta-expands-facebook-protect-program.html
Submitted by Eileen Buckholtz on December 3rd, 2021
Over 1.2 million GoDaddy customers were impacted by a recent hack. GoDaddy is the world’s largest domain registrar and it’s managed WordPress hosting include a number of associated companies like 123Reg, Domain Factory, Host Europe, and others. An unauthorized third party using stolen credentials was able to get into the system back in September and lurked undetected until November 17th. Customers id’s and emails were stolen for 1.2 active and inactive Managed WordPress customers. SFTP and database usernames and passwords for active customers were also stolen—and have now been reset.
Submitted by Eileen Buckholtz on November 27th, 2021
The project called LotL, (Living off the Land), extracts features of specific commands and then classifies them as either good or bad commands and sets up a set of tags for follow-on detection by a decision tree. Lotl uses supervised learning and an open source dataset of real-world attacks to extract features of specific commands in a way inspired by the process that human experts and analyst might use.
Submitted by Eileen Buckholtz on November 13th, 2021
In an effort to put pressure on the DarkSide Ransomeware Group, the government announced on Thursday a $10 million reward for information about the key leadership individuals in the DarkSide ransomware group—or any of it’s rebranded groups. The State Department’s $5 million dollar bounties are for intel and information that could help authorities arrest and convict others conspiring with the transnational organized crime syndicate. These efforts are in response to the DarkSide’s attack on Colonial Pipeline that disrupted fuel distribution to the East Cost for a week.
Submitted by Eileen Buckholtz on November 6th, 2021
Microsoft is working with community colleges to provide free training and resources to help ease the cybersecurity professional shortage. This includes training for faculty at 150 community colleges and scholarships to 25,000 students. By targeting community colleges, Microsoft believes they will also be diversifying the industry which is currently overwhelmingly male and white. The students at community colleges are 57% women and 40% minorities.
Submitted by Eileen Buckholtz on October 29th, 2021
CISA, the US Cybersecurity and Infrastructure Security Agency has awarded NPower and CyberWarrior contracts worth $2m to bring cybersecurity training to underserved communities such as the unemployed and underemployed. One of the goals of these programs is to develop cybersecurity talent from non-traditional sources to address the shortage of workers in this area. They will be looking to increase underrepresented groups in the industry such as people of color, women, military spouses and veterans from both urban and rural communities.
Submitted by Eileen Buckholtz on October 22nd, 2021
Subscribe to 2021