info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

Nortron 1.txt Scam Alert:

A Laramie resident was sent a widespread mass email (at least 100 addresses were in the to field) with a likely malicious .txt file titled "Nortron 1.txt." The absence of a subject line, coupled with the Gmail origin, raises suspicions about the email's authenticity. The recipient expressed concern over the potentially harmful content of the attachment and refrained from opening it, even in Gmail's preview mode. CyberWyoming Note: Exercise vigilance when encountering unfamiliar file attachments, especially in emails from untrusted sources, to mitigate potential cyber threats or phishing attempts.

Doubtful Domain Deals:

A Laramie resident received a potentially legitimate email address offering the purchase of the domain name AffordableITsecurity dot com. The sender promotes the domain for $450, claiming it presents an opportunity for businesses to establish a new website or enhance an existing one. CyberWyoming Note: Despite the potential legitimacy of the email, recipients should exercise caution as these types of sales calls could be scams.

Getting ready for tax season?

Now’s a great time to start some early spring cyber cleaning and prepare for your personal or your company’s tax preparation. The NCSS prepared these tax tips to help you get ready.

  • Beware of phishing scams: Be cautious of suspicious emails and research tax preparation companies before engaging online. Your local chamber is a great place to start for referrals!
  • Encrypt sensitive documents: Protect data by encrypting it before sending, and only use secure websites for transmission. If an accountant asks you to send your W2s via unsecured email, question them!
  • Conduct data backups: Regularly back up critical tax data with an encrypted service provider.
  • Learn identity theft signs: Recognize signs of identity theft and promptly report any suspicions to local law enforcement and, for additional resources, check out identitytheft.gov.
  • Shred confidential data: Securely dispose of sensitive information to prevent unauthorized access.
  • Assess risks: Identify and mitigate risks to tax information, including personal, physical, and employee-related vulnerabilities.

– Brought to you by The National Cybersecurity Society (NCSS) nationalcybersecuritysociety.org/wp-content/uploads/2018/01/Tax-Tips.pdf

Hacking Hydro: Iranian-backed Cyber Invaders Make a Splash in U.S. Water Utilities:

Several U.S. water utilities, including the Aliquippa water authority in western Pennsylvania, fell victim to an international cyberattack carried out by Iranian-backed hackers. The attackers targeted specific equipment, notably from an Israeli company, prompting concerns about the vulnerability of water utilities to cyber threats. U.S. security officials warn of the potential dangers, including hackers gaining control of automated equipment to disrupt water supply or contaminate it. Many smaller water utilities lack the necessary funds and expertise for effective cybersecurity measures, leading to calls for a cybersecurity overhaul in the sector. Efforts to address the issue at the state and federal levels face challenges, with concerns over funding, privatization, and competing priorities. The need for improved cybersecurity measures in water utilities is underscored by recent attacks and the potential risks associated with compromised infrastructure. – Brought to you by Associated Press CyberWyoming Note to Small Business Leaders: Unless you do business overseas, make sure your company website blocks countries that are known for having state sponsored hackers like Iran, China, Russia, and North Korea.

Bitwarden’s Biometric Bandits:

Bitwarden fixed a security issue related to its Windows Hello implementation that allowed remote stealing of credentials without knowing the password or requiring biometric authentication. During a penetration test, researchers gained administrative access to a Windows environment and found Bitwarden storing passwords. Attempting to retrieve vault contents without disrupting the client's business, they discovered the Biometric Unlock feature. Bitwarden stored the derived key using Windows Credentials API, and with compromised Active Directory, researchers exploited DPAPI Backup keys to decrypt the key remotely. They accessed Bitwarden's vault without needing the main password, biometrics, or invasive techniques, highlighting the unintended consequences of security design decisions. The issue was fixed in Bitwarden v2023.4.0, and the default setting was changed to require entering the main password at least once when using Windows Hello. – Brought to you by RedTeam Pentesting

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for FortiOS, Microsoft products, and Adobe products. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Washington National Insurance, Bankers Life, WinStar, Facebook Marketplace, Microsoft Azure, Bank of America, PlayDapp, and Atlassian. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

  • Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
  • Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register

Other Blogs