Jayson Massey @jaysonmassey@qoto.org

"the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S. But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn’t working."

#phising #cybersecurity #vetting

https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/

"According to HubSpot, WordPress accounts for 43.2% of all websites on the internet. This marks an increase from the over 455 million websites reportedly using WordPress in 2021 at 39.5%. In 2021, Wordfence blocked billions of password attacks and reported hundreds of weaknesses. These attacks and weaknesses don't mean WordPress is becoming less secure; it simply gave an insight into how some users are negligent and not security conscious in their usage."

#wordpress #websites #cybersecurity #password #vulnerabilities

https://hackernoon.com/tips-for-safeguarding-your-wordpress-website#vulnerabilities

"there are two reasons that together help to explain the upward trend in crypto-ransomware:

(1) Targeting of large, deep-pocketed organizations by ransomware attackers and (2) the number of successful small attacks. Both of these trends are evident, which shows how the distribution of ransomware payment sizes has changed since the year 2020."

#ransomware #cybersecurity #cryptocurrency #scam

https://hackernoon.com/cryptocurrency-scams-are-down-but-crypto-ransomware-is-on-the-rise

https://www.sans.org/blog/top-5-steps-to-immerse-yourself-into-the-cybersecurity-field/

#careers #cybersecurity

"System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed."

#cybersecurity #hackers #vulnerabilities

https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/

ATTN: @brittlestar

""Intelligence reporting has indicated that Russian cyber threat actors are exploring options for potential counter attacks against Canada, the United States and other NATO and Five Eyes allies, including against critical infrastructure targets," he said."

#canada #cybersecurity

https://www.cbc.ca/news/politics/cse-critical-infrastructure-1.6809645

"The said former worker, the perpetrator in this case, used to access computers for plant monitoring purposes. At the time of his departure, his access credentials were not revoked. This is where the plant authorities committed a blunder."

#cybersecurity #infrastructure

https://kratikal.com/blog/cyber-attack-haunts-a-public-water-supply-system-again/

"“The thing that strikes me is that security should be baked into everything we do, not a paid-for service,""

#security #cybersecurity #socialmedia #twitter #meta

https://www.washingtonpost.com/politics/2023/02/21/paid-security-features-twitter-meta-spark-cybersecurity-concerns/

Cybersecurity tip: Use long passwords and a password manager.

"Modern attacker tools can crack eight-character passwords quickly. Length is a more impactful and important factor in password strength than complexity or frequent password rotations. Long passwords are also easier for users to create and remember"

#cybersecurity #complexity #passwords

https://www.cisa.gov/sites/default/files/2023-03/cisa_cpg_checklist_v1.0.1_final.pdf

"There are just too many notifications and detections to sort through, and many companies are dealing with limited resources. We’ve proved that, with something like GPT-3, we can simplify certain labor-intensive proxies and give back valuable time to defenders.”"

#chapgpt #cybersecurity #ai

"Cybercriminals have doubled down and exploited the economic downturn, growing hybrid workforce, ghost accounts from terminated employees, and increased outsourcing, which elevates third-party exposure."

#cybersecurity #cybercrime #wfh

https://www.helpnetsecurity.com/2023/03/15/malware-exfiltrate-data/

"the document proposes that new laws shift liability to software makers that fail to take reasonable precautions to secure their products and services. The bills would be drafted in coordination between Congress and the private sector and include “an adaptable safe harbor framework” to protect companies that “securely develop and maintain their software products and services.”"

#cybersecurity #government #techsector #softwaredevelopment

https://thenewstack.io/national-cybersecurity-strategy-shifts-burden-to-tech-sector/

Again, don't use Chinese hardware for sensitive projects like monitoring your home. The cost savings is not worth this!

"A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries."

#cybersecurity #smarthome #spyware

https://www.darkreading.com/cloud/unpatched-zero-day-bugs-smart-intercom-remote-eavesdropping

"Vishing attacks have been on the rise as a result, with 69% of companies experiencing them in 2021, up from 54% in 2020. These attacks often take the form of job or tech support scams and can be incredibly convincing. In August 2020, the FBI along with the CISA issued a warning regarding remote users being targeted by attackers spoofing organizations' business numbers and impersonating the IT service desk."

#vishing #cybersecurity #scams

https://thehackernews.com/2023/03/does-your-help-desk-know-whos-calling.html

"76% of vulnerabilities exploited by ransomware are old – really old. Many of them were discovered between 2010 and 2019!"

#ransonware #vulnerabilities #cybersecurity

https://blog.knowbe4.com/most-ransomware-vulnerabilities-discovered-before-2020

This is very sad. What do you do to prevent this?

This article is behind Washington Post's paywall.

#ai #scams #cybersecurity #elderly

https://www.washingtonpost.com/technology/2023/03/05/ai-voice-scam/

Great, now we have hate hacking via Zoom.

"KC historian’s presentation on Negro Leagues disrupted by hackers with racist messages"

"Dixon has traveled around the country for nearly 40 years sharing presentations on the history of the Negro Baseball Leagues, tailoring each event to the town he visits. But on Feb. 21, his event was hacked by racist imagery, disturbing him and audience members."

#hacking #zoom #cybersecurity

https://www.kansascity.com/news/localarticle258968843.html

"bad actors are now seeking out more nascent spaces to execute low-tech, high-impact attacks within education, gaming, aviation and automotive. In fact, we’ve already seen several high profile DDoS attacks in the latter two categories in the last months. Expect that to continue."

#cybersecurity #risks #mitigation

https://venturebeat.com/security/nca-executive-director-shares-top-cyber-risks-in-2023/

"Personal information obtained by the threat actor included employee names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information."

#cybersecurity #hackers #cyberespionage

https://arstechnica.com/information-technology/2023/02/conservative-news-corp-empire-says-hackers-were-inside-its-network-for-2-years/

"The malware would redirect the visitors to a different website, where ads hosted on the Google Ads platform would load, bringing in profits for the website’s owners."\

#cybersecurity #malware #wordpress

https://www.techradar.com/news/thousands-of-wordpress-sites-have-been-infected-by-a-mystery-malware