BTH News 20March2020
This Week In Cybersecurity
It is week 2 of the U.S. being seriously impacted by COVID-19 and while this is a cybersecurity blog, I would be remiss if I didn’t address the topic, even for a moment.
<incredibly important but off-topic, topic> In the past 100ish years, we have seen many amazing and terrible things. World wars, regional wars, the Cold War, The War on Terror, 9-11, stock market crashes, and trade wars. Did you know that, just 101 years before COVID-19 made it’s debut, the world was taken over by the Influenza Pandemic of 1918? The 1918 influenza pandemic killed an estimated 50 million worldwide, including 675,000 in the U.S., according to the CDC. The pandemic occurred in three waves: the spring of 1918, fall of 1918, and winter and spring of 1919. In the midst of World War I, the U.S. federal government had limited resources to fight it. So almost exactly a century ago, we were in a VERY similar situation, globally.
There is a lot to discuss here and I certainly have my opinions but this is a cybersecurity blog so I will just state that all over the world, we are people. Something like this doesn’t discriminate against race, sex, politics, geography or political affiliation. This is a time when we all, globally, need to work together.
I implore you to learn everything you can and use that knowledge to help yourself, your family, your neighbor and everyone in your life and around the world. Oh, and if you tend to eat out regularly and are saving money by eating at home, maybe order takeout out one night and tip generously. The staff at your favorite restaurant is likely making a lot less in tips and could use the money. Follow these tips to be safe when ordering food to be delivered.</incredibly important but off-topic, topic>
And now back to our regularly schedule program…
This week we saw more COVID-19 malware and phishing attacks, a cyberattack against the U.S. Health and Human Services Department, a new and growing botnet that recruits IoT devices, credit card skimming on websites and a security firm re-breaches over 5 billion records.
Malware: A malicious app that supposedly tracks Coronavirus victims, is actually demanding ransom payment from Android users. via @gcluley
Cyberattack: Cyberattack Hits U.S. Health Agency Amid COVID-19 Outbreak “We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement.
More Patches: Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion - This week, Adobe released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. This is in addition to the 170+ patches released by Microsoft last week. Patch, people!! via The Hacker News
Botnet: Zxyel Flaw Powers New Mirai IoT Botnet Strain - In February 2020, Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products. This week, security researchers said they spotted that vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in botnet attacks.
”Like other Mirai variants, Mukashi constantly scans the Internet for vulnerable IoT devices like security cameras and digital video recorders (DVRs), looking for a range of machines protected only by factory-default credentials or commonly-picked passwords.”
Zyxel’s February patch did not fix the problem on many older Zyxel devices which are no longer being supported by the company. For those devices, Zyxel’s advice was not to leave them connected to the Internet. via Krebs On SecurityCredit Card Skimming: NutriBullet and others caught in online credit card skimming attack!
Data [Re]Breach: A security firm leaves a massive database, containing more than five billion data breach records, without any password protection on the internet. The records were taken from past security breaches between 2012 and 2019, reports Graham Cluley.
Tip of the Week
Password Managers: Trust me, you need one, now!
The password is something we all love to hate. Many of us have to create hundreds of passwords and we are told by the paranoid cybersecurity experts to make them long and use all of the character sets on your keyboard so that your password is not easy to guess. This also makes passwords difficult to remember, so what do most people do? They re-use passwords—which is also a big no-no.
While we all know these general rules, most people don’t know why they exist and subsequently, do not follow the advice of the crazy cybersecurity wonks.
So how you can achieve this and actually make your digital life more secure and much easier? Enter… the Password Manager!
A Password Manager is a software tool that is used to store all of your passwords in an encrypted file(s) so that you have very easy access to them, but nobody else can get to them. Most modern password managers have additional features such as cloud storage, auto-filling fields and password generators that make very good passwords.
The password manager is installed on your computer and/or mobile device and it allows you to have huge passwords (most of mine are over 60 characters in length) and you never need to know, or see, or type any of them. Brilliant! To learn more, read this article.
Since I have tried only a few password managers and not tested them all equally, I’ll leave the evaluations to others. I will say that I have been a happy LastPass user for many years but please decide on your own, which works best for you. Here are a few articles that compare and contrast the leading password managers.
https://www.consumersadvocate.org/password-manager
https://www.pcmag.com/article2/0,2817,2407168,00.asp
https://www.wired.com/story/password-manager-autofill-ad-tech-privacy/
https://lifehacker.com/5529133/five-best-password-managers