AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/16/2021

CISA warns critical infrastructure to stay vigilant for ongoing threats

The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. The federal agency also issued guidance to help executives and senior leaders proactively reinforce their orgs’ resilience against threats arising from malicious activity coordinated by nation-state-sponsored threat actors and their proxies. “In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks,” the cybersecurity agency said.


Firefox users can’t reach Microsoft.com — here’s what to do

Those using the Mozilla Firefox web browser are left unable to access microsoft.com and its subdomains this week. Tests by BleepingComputer confirm the issue relates to SSL certificate validation errors. Below we explain what can you do to remedy the issue. When using Firefox, accessing microsoft.com is not working quite as expected for many around the world. To confirm, BleepingComputer conducted tests on both Firefox 93.0 and the latest version 95.0 (64-bit) on a macOS BigSur 11.6 device. Surely enough, on both versions of Firefox, navigating to https://www.microsoft.com/ throws a ‘Secure Connection Failed’ error.


Microsoft rolls out end-to-end encryption for Teams calls

Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls. The company started the roll-out of E2EE support for Teams calls in public preview two months ago, on October 21. The new feature is now rolling out to enterprise customers’ tenants, and IT admins will be able to toggle it on for their organization once the update has been received. “As a reminder, by default end-to-end encryption will not be available to all users within the tenant,” said John Gruszczyk, a Technical Product Manager at Microsoft.”Once IT has configured the policy and enabled it for selected users, those selected users will still need to turn on end-to-end encryption in their Teams settings. IT retains the ability to disable E2EE for one-to-one Teams calls as necessary.”


5 warning signs your identity has been stolen

We’re all spending more of our time online. Last year, US adults spent one hour more per day on digital activities across all of their devices than they did in 2019. By the end of 2022, we may be spending more than eight hours in the digital world each day. An unfortunate consequence of this behavioral change is that we’re sharing more of our personal data and login credentials with the companies we do business with than ever before. And cybercriminals, in turn, are stealing that data from these organizations, as well as directly from us. In the US this year, by the third quarter there had already been nearly 1,300 publicly reported breaches of this kind in 2021, more than for the whole of 2020. Hundreds of millions of victims were put at risk of identity theft as a result. So how do you know if you’ve been affected by one of these incidents? By spotting the early warning signs, there are ways to minimize the impact on you and your family.


The Naughty List: BBB’s 12 Scams of Christmas

While 2021 is quickly winding down, scams targeting the public continue to cause trouble. Consumers should watch out for any fraudulent schemes aimed at swiping their cash and stealing personal information. Better Business Bureau (BBB) has a Naughty List with the top 12 scams of Christmas that are most likely to catch consumers and donors off guard during this season. Many of the scams on this list are facilitated through emails and social media platforms, however the latter is where most people are vulnerable. Exercise caution when coming across social media ads about discounted items, event promotions, job opportunities and donation requests, as well as direct messages from strangers. If you are asked to make a payment or donation by wire or e-transfer, through third parties, by prepaid debit or gift cards, treat this as a red flag.

Related Posts