This Week’s Cybersecurity News, 07/29/2022

Share on

This week has been fairly quiet with regards to new threats. I have heard about the usual threats of phishing, spear phishing, vishing, and smishing. I haven’t mentioned smishing attacks in a few weeks, but they do continue. While smishing is a lot like spear phishing and targets the individual instead of the Institute, I would not be doing my job as CISO or as a caring human being if I didn’t try to protect the Institute’s employees and warn you of all types of threats.

Current Threats

  • Smishing (SMS text message + phishing)
    • The sender almost always appears to be someone with whom you have done business or have heard of.
      • Amazon
      • Norton
      • Verizon
      • Wells Fargo
      • Many other well-known and trusted businesses
    • The sender tells you something to entice you (e.g., there is a problem, you have been selected to win, your bill is due or has been paid., etc.) and gives you a link.
    • As easy as it is to click the link, please do NOT click the link.
    • The link will take you to a fake site and will ask for some sort of personal information.
    • The request for information grows…you give one thing, then they ask for something else.
    • If you really believe the text message is real, please type the link address into your browser.
      • Clicking the link itself may activate malware or even worse.
    • And always remember that when you are contacted by a business and they ask you for your personal information, credit card number, etc., immediately discontinue any contact, then call that company using a known and verified phone number to ask about the call you received.

Software Updates

  • Apple
    • Apple has announced multiple known exploited vulnerabilities.
    • These vulnerabilities affect iOS, iPadOS, macOS, tvOS, and watchOS.
    • Please make sure you have applied all available updates for these platforms.
      • The latest version of iOS and iPadOS is 15.6.
      • The latest version of macOS is 12.5.
      • The latest version of tvOS is 15.6.
      • The latest version of watchOS is 8.7.

Global Cybersecurity

  • United States and Ukraine Expand Cooperation on Cybersecurity
    • The US Cybersecurity and Infrastructure Security Agency (CISA) announced this week that CISA and the Ukrainian State Service of Special Communications and Information Protection on Ukraine (SSSCIP) signed a Memorandum of Cooperation (MOC) to strengthen collaboration on shared cybersecurity priorities.
    • The MOC expands on CISA’s existing relationship with the Government of Ukraine in the areas of:
      • Information exchanges and sharing of best practices on cyber incidents;
      • Critical infrastructure security technical exchanges; and
      • Cybersecurity training and joint exercises.
    • This collaboration, in part, is to help build global resilience against cyber threats.

Thank you for all you do to protect the Institute and its data. I am always here to help you, so if you need me and I don’t get back with you quickly enough via email, or if it is an emergency, please call my cell number at any time.