by Scott Muniz | Oct 8, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Have you seen ads on social media that offer to “help” you sign up for a government program that will give you a “free” device and internet service in exchange for money or personal information? While there is a real government program to help people connect during the pandemic, there’s no payment required to enroll. That’s just a scam.
The real government program is called the Emergency Broadband Benefit Program. Aimed at helping households connect during the COVID-19 pandemic, it gives people a one-time discount to help them buy a laptop, desktop computer, or tablet. The program also gives people monthly discounts for internet service. But it’s free to sign up for this program.
Government impersonators can look and sound like the real deal — using things like government names (in this case, the FCC) and government seals to get you to open your pockets or share your personal information. Here are some ways to thwart scammers’ attempts to impersonate the FCC’s Emergency Broadband Benefit Program:
- Only apply through the FCC and its listed providers. The only real way to sign up for the Emergency Broadband Benefits Program is at GetEmergencyBroadband.org. If another company says it can sign you up for this program, check first to see if they’re an approved provider.
- Don’t pay up front to get “free” connected devices or services. The Emergency Broadband Benefit program is free to sign up for those who qualify. Never pay to sign up to get benefits.
- Don’t give your financial or other personal information to someone who calls, texts, or emails and says they’re with the FCC. If you think a call or message could be real, stop. Call the Emergency Broadband Support Center at 1-833-511-0311 to check.
Did you pay a scammer? Act quickly to try to get your money back. If you think someone has gotten into your accounts or has your personal information, visit IdentityTheft.gov. There, you’ll get the steps to find out if your identity has been misused, and how to report and recover from identity theft.
Spotted this scam? Report it to the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Oct 8, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.
CISA encourages administrators and users to review NSA’s CSI sheet on Avoiding Dangers of Wildcard TLS Certificates and the ALPACA Technique for more information.
by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.
CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.
by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
In coordination with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote User Use Case provides federal agencies with guidance on applying network and multi-boundary security for agencies that permit remote users on their networks. In accordance with OMB Memorandum M-19-26, this use case builds off TIC 3.0 Interim Telework Guidance originally released in Spring 2020.
The TIC 3.0 Remote User Use Case considers additional security patterns agencies may face with remote users and includes four new security capabilities:
- User Awareness and Training,
- Domain Name Monitoring,
- Application Container, and
- Remote Desktop Access.
In conjunction with the Remote User Use Case, CISA has also released Response to Comments on TIC 3.0 Remote User Use Case and the Pilot Process Handbook. These additional documents provide feedback on the Remote User Use Case and describes the process by which agencies should conduct TIC 3.0 pilots.
CISA encourages all federal government agencies and organizations to review the TIC 3.0 Remote User Use Case and visit the CISA TIC page for updates and additional information on the TIC program.
Recent Comments