We’re proud to announce that Metropolitan Community College has been awarded designation as a National Security Administration Center of Academic Excellence in Cyber Defense (NSA CAE CD).
Program director Gary Sparks will be traveling to Alabama in June to accept our formally certificate of designation.
Welcome to CyberOmaha Weekly, a weekly roundup of security news collected from around the Internet. Please send news tips and suggestions to cybersecurityed@mccneb.edu
Hackers have found a way to amplify distributed denial-of-service attacks by an unprecedented 51,000 times their original strength in a development that whitehats say could lead to new record-setting assaults that take out websites and Internet infrastructure. More… (via ArsTechnica)
Software security shouldn’t be an afterthought. That’s why the secure software development life cycle deserves a fresh look. More… (via DarkReading)
EverythingApplePro demonstrates how sending a specific Telugu character to an iPhone, iPad, or Mac user can cause the receiving device to crash. Apple addressed the issue in updates (tvOS 11.2.6, watchOS 4.2.3, iOS 11.2.6, macOS High Sierra 10.13.3) on February 19, 2018 – Apple advises users to apply the update.
Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. More… (via The Register)
The cryptojacking attack appears to have persisted for weeks before being addressed, as it was configured to not max out CPU usage. Hackers injected it through an unsecured AWS S3 bucket. More… (via Tech Republic)
If you’re going to commit an illegal act, it’s best not to discuss it in e-mail. It’s also best to Google tech instructions rather than asking someone else to do it. More… (via Schneier on Security)
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211. More… (via DarkReading)
Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours. More… (The Register)
The latest iteration of Mirai is dubbed “OMG,” and turns infected IoT devices into proxy servers while also retaining the original malware’s DDoS attack capabilities. More … (via DarkReading)
Why security for the Internet of Things demands that businesses revamp their software development lifecycle. More… (via DarkReading)
An older article but given that it’s tax season, good tips for keeping your personal information safe. According to the article, “even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone.” More… (via KrebsOnSecurity)
When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it’s difficult not to inspect or even pull on these machines when you’re forced to use them personally — half expecting something will come detached. For those unfamiliar with the stealth of these skimming devices and the thieves who install them, read on. More… (via KrebsOnSecurity)
The Internal Revenue Service today warned taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts. The IRS also offered a step-by-step explanation for how to return the funds and avoid being scammed. More… (via IRS.gov)
Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer. More… (via IC3.gov)
Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch†Wednesday evening that did not involve any kind of hacking attempt or cyber attack. More… (via KrebsOnSecurity)
You probably know by now that using your mobile device on the public Wi-Fi network of your local coffee shop or airport poses some risk. Public networks are not very secure – or, well, private – which makes it easy for others to intercept your data. So, what can you do to keep your mobile data private and secure while out and about? Some consumers have started using Virtual Private Network (VPN) apps to shield the information on their mobile devices from prying eyes on public networks. Before you download a VPN app, you should know that there are benefits and risks. More… (via FTC.gov)
Online peer-to-peer, or P2P, payment systems let you send money to people quickly. I’ve used them to collect money from the parents on my daughter’s soccer team and to send money to my brothers when we’ve bought a gift for a friend. Personally, I almost always know where my phone is, but I can’t say the same for my checkbook. More… (via FTC.gov)
When you think of important employee wellness benefits, cyber security services should be top of mind, given the epidemic of data breaches in recent years. More… (via Employee Benefit Advisor)
Visa reports, “For merchants who have completed the [EMV] chip upgrade, counterfeit fraud dollars dropped 70% in September 2017 compared to December 2017.” More… (via Visa.com)
The numbers are in, the counts have been made, and today the FTC announced what we heard from you during 2017. Here are some highlights. More… (via FTC.gov)
The personal information of thousands of Marines, sailors and civilians, including bank account numbers, was compromised in a major data spillage emanating from U.S. Marine Corps Forces Reserve. More… (via Marine Corps Times)
###
Welcome to CyberOmaha Weekly, a weekly roundup of security news collected from around the Internet. Please send news tips and suggestions to cybersecurityed@mccneb.edu
Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts. More… (via BleepingComputer)
Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. More… (via ZDNet)
Apple has released software updates for all four of its consumer operating systems—iOS, watchOS, tvOS, and macOS—to tackle an issue that allowed usage of the Indian Telugu character to cause those devices to crash. More… (via ArsTechnica)
Customers running machines with newer Intel chips can expect to receive stable firmware updates for the Spectre CPU attack Variant 2 soon. More… (via ZDNet)
Researchers at Forcepoint have discovered new point-of-sale (POS) malware disguised as a LogMeIn service pack that is designed to steal data from the magnetic stripe on the back of payment cards. More… (via DarkReading)
Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish. More… (via KrebsOnSecurity)
Thousands of S3 buckets are incorrectly configured as being publicly writable, making them easy to exploit. More… (via TechRepublic)
Connected cars are going to monetize data, but most drivers don’t know that. More … (via ArsTechnica)
Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.†More… (via KrebsOnSecurity)
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult. More… (via DarkReading)
###
As of today, you can now follow us on Twitter as well!
We’re very excited to announce the launch of our new website.
