This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month.
Launched initially as a joint effort between government and industry, this once-a-year awareness campaign is meant to give the American public simple tips to stay cybersecure, almost like a modern version of telling folks to replace the batteries in their smoke alarms.
Over time, participation in Cybersecurity Awareness Month has grown. Every October, employers now roll out renewed cybersecurity trainings for employees. Maybe, this month, your employer has deployed a phishing email test. Maybe they’ve developed a training session on two factor authentication. Or maybe you’ve gone through exercises about creating strong passwords.
But what about all the consumers out there who don't work for an employer that takes Cybersecurity Awareness Month seriously? Where is the value in this month for them?
Tune in to hear about the consumer value of Cybersecurity Awareness Month, including who is going to bat for the consumer, what kind of information gets released every year, and what consumers should know about, specifically, smart cars on the latest episode of Lock and Code, with host David Ruiz.
You can also find us on the Apple iTunes store, Google Play Music, and Spotify, plus whatever preferred podcast platform you use.
We cover our own research on:
- Brute force attacks, the many ways of doing it, and how users can protect themselves from it.
- Tech support scammers (TSS) were found exploiting cross-site scripting (XSS) vulnerabilities to make their targets believe they’re legitimate until a browser locker is triggered.
- MSPs and the importance of cybersecurity integration.
Other cybersecurity news:
- US intelligence officials have pinned Iran as the culprit behind threatening emails sent to voters. (Source: AP News)
- Pharmaceutical giant Pfizer has suffered a huge data breach after exposing client data in unprotected Google Cloud bucket. (Source: Threatpost)
- CrowdStrike claims that China is behind attacks against COVID-19 vaccine laboratories in Japan. (Source: Emergency Live)
- Security researchers from Sensity found a "deepfake ecosystem" within the Telegram messaging app network where bots generate fake nudes upon request. (Source: The Verge)
- The NSA has publicized a list of 25 vulnerabilities that hackers in China are looking to exploit. (Source: ZDNet)
Stay safe, everyone!