Cybersecurity News of the Week, May 14, 2023 

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Our top stories again feature AI this week. The Scientific American article is fascinating for what it shows about how AI models self-organize. The second story is a warning from CISA Director, Jen Easterly. 

New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. We feature info on how to freeze your credit and what ‘marriage scams’ are in Edition 1. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

Cyber Humor 

Cybersecurity Nonprofit of the Week … The Institute for Security and Technology.

Kudos this week  to The Institute for Security and Technology and their Ransomware Task Force (RTF). The Task Force aims to equip businesses, organizations, and governments of all sizes to prepare for ransomware attacks, effectively respond, and quickly recover. The Task Force has published the Cyber Incident Reporting Framework and the Blueprint for Ransomware Defenserepresenting a set of foundational and actionable safeguards derived from the Center for Internet Security’s Critical Security Controls. Like SecureTheVillage, the Institute is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

SecureTheVillage to Launch Cybersecurity Pilot Program: (Video) (Podcast):

This week  Stan and Julie announce some exciting news. SecureTheVillage is a recipient of an inaugural grant of the Center for Internet Security’s Alan Paller Laureate Program. The grant will be used to launch a Cybersecurity Pilot Program to measurably improve the cybersecurity practices of small to mid-sized organizations in the greater Los Angeles area. … Join Stan and Julie as they look back on Alan Paller’s vital role in information security and how proud they are of the opportunity SecureTheVillage has to build on his legacy. … Stan and Julie comment on the program’s  importance, illustrating it with all too sad stories of how devastating cybercrime can be for smaller organizations and the impact it has on families.  … They outline SecureTheVillage’s innovative village-based approach towards meeting the special challenges of smaller organizations and how it builds on the ground breaking work of others. … As always, Stan and Julie provide actionable tips and thoughtful wisdom in an engaging conversation on the complexities of cybersecurity and privacy. 

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Microsoft Patch Tuesday, May 2023 Edition: Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.  From <https://krebsonsecurity.com/2023/05/microsoft-patch-tuesday-may-2023-edition/>

New versions of utility scams popping up and consumers need to be prepared: Utility scams have returned to the scene. ConsumerAffairs has noticed recent spikes in Florida, Arkansas, New Jersey, California, and Arizona. In California alone, based on data collected so far this year, scammers are on their way to doing 57,000 scam attempts in 2023 and snagging $1.26 million from PG&E customers. But this time, it’s not the same old utility yadda yadda. This time, scammers are using QR codes and text messages in addition to phone calls to pull off their con job. From <https://www.consumeraffairs.com/amp/news/new-versions-of-utility-scams-popping-up-and-consumers-need-to-be-prepared-051223.html>

Google promised to delete sensitive data. It logged my abortion clinic visit.: Our investigation finds Google still retains location data about users who visit clinics, hospitals and other ‘particularly personal’ locations, despite Google’s commitment to delete it. WaPo Free Linkhttps://wapo.st/3pBA0R4

Section 3 – Cybersecurity News for the Cyber-Concerned.

Government cybercrime fighters have been active this week. 

Several cybercrime stories made the news this week, including continuing cybercrime messes in Dallas and Curry County, Oregon. 

While this next story goes down a rabbit hole, it also points to a major unpatchable system vulnerability in computers using MSI technology. 

  • Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack: With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle. A ransomware intrusion on hardware manufacturer Micro-Star International, better known as MSI, is stoking concerns of devastating supply chain attacks that could inject malicious updates that have been signed with company signing keys that are trusted by a huge base of end-user devices, a researcher said. … “​​It’s kind of like a doomsday scenario where it’s very hard to update the devices simultaneously, and they stay for a while not up to date and will use the old key for authentication,” Alex Matrosov, CEO, head of research, and founder of security firm Binarly, said in an interview. “It’s very hard to solve, and I don’t think MSI has any backup solution to actually block the leaked keys.” From <https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/

Section 4 – Managing  Information Security and Privacy in Your Organization.

If you have remote workers, share this with them.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge