While initially blocking Tor users from browsing, Facebook now allows Tor access to their website. While this is seen as progressive, Facebook risks possible security and privacy issues since Tor’s browser indicates to them that the same user can appear connecting from one country’s ISP to another’s. For the full story on this, click here:: Facebook Allows Tor Access to Site
[sc:mbta]
Cybersecurity Legislation Will Be Overlooked Until Its Too Late
Due to several factors, it doesn’t look likely that cybersecurity legislation will be a topic of conversation in Congress any time soon. The lack of analysis and opaque policy regarding sharing information between the public and private sector goes unaddressed. Sadly, it looks like it will take a disaster in order for attention to be paid.
So why is this pressing issue overlooked? First, is distraction. Ebola scares, the conflict with ISIS, nominating a new Attorney General, government funding, and other issues have taken more space in the press along with more space in the White House, Congress, and Senate. Next is the election season has most incumbents focused on their campaigns for re-election on the more exposed issues than cybersecurity. Thirdly, many of the backers and loudest voices for cybersecurity reform are retiring or leaving office.
Write to your congress representative or representative-elect and do your best to make this issue a higher priority. Speak loud and often about it. It is better to be a pest now rather than have the issue brought up due a crisis that could have been prevented.
For a full article about this concern, click here:: Cybersecurity Legislation Forecast is Grim
[sc:mbtc]
Hackers Use Ebola to Infect a Different Kind of Virus
Malware has been flagged by Trustwave that shows criminals sending out emails claiming to come from the World Health Organization. These emails request people to open an attached .RAR file that claims to have tips on how to protect themselves from Ebola. As you may have guessed, the .RAR file downloads malware onto the victim’s machine.
The full story on this can be found here:: Hackers use Ebola outbreak to trick users into downloading malware
[sc:mbta]
PowerPoint Latest Victim in Mircosoft Zero Day OLE Issue
If you receive a .ppt file and don’t know where they came from DO NOT OPEN. There is a vulnerability in Microsoft Office that is currently being exploited by malicious Powerpoint slide decks. While nothing has been officially announced, Microsoft is likely going to take action on this before the next scheduled patch on November 11th.
Read the full article here:: Microsoft Zero Day OLE Vuln Being Exploited in Powerpoint
A Major Flaw in UPnP Leaves Us All Vulnerable
Many of us use Universal Plug-N-Play (UPnP) devices in our home and office to do our work, shop, and other uses for the internet. However, be forewarned. Due to the Simple Service Discovery Protocol (SSDP), which is standard on UPnP devices, hackers can abuse and target you and your information. This comes off the heels of Distributed Denial-of-Service (DDoS) attacks from earlier this summer.
There has to be a way for manufacturers to properly protect our information. Because of this method, over 4.1 million devices are at risk of being attacked. Hopefully this latest flaw can be repaired and we can consistently stay one step ahead of hackers. For more information, read more here.