Point(s) of Contact
Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com
Richard Carmichael / ITPSO
678.221.7834
rcarmichael@laochservices.com
DoD Hotline
dodig.mil/hotline / 800.424.9098
SOURCE: Fox News by Kurt Knutsson, CyberGuy – August 8, 2023
Imagine coming home to find unexpected packages on your doorstep. Boxes full of random merchandise from Amazon or other companies. Seems like a jackpot, doesn't it?
But as the Better Business Bureau (BBB) warns, this scam called "brushing" has a scary downside, and you are not the real winner here.
What is a 'brushing' scam?
Brushing scams have seen a sudden nationwide surge. You start receiving unordered boxes of miscellaneous items such as humidifiers, hand warmers, flashlights, Bluetooth speakers or computer vacuum cleaners.
The items are often lightweight and inexpensive to ship, like ping pong balls, face masks, or even seeds from China. It happens when a third-party seller gets hold of your name, shipping address and potentially even your account information. They then send you unsolicited items and write a positive review on your behalf.
This scam is a tactic to artificially inflate the seller's ratings and boost their online presence. While this might sound harmless or even beneficial to you, remember – there's no such thing as a free lunch.
With the COVID pandemic receding in most areas of the world, Americans are traveling again. U.S. citizens took more than 80 million international trips in 2022, an increase of almost 66% over 2021.
If you're planning a foreign vacation, here are some suggestions to help keep your trip on track.
Obtain required documents. A passport (or in some cases a passport card) is required to enter and return from all foreign countries, including Canada and Mexico. Your passport should have at least six months of validity beyond the dates of your trip. U.S. citizens can travel to many foreign countries without obtaining a visa in advance, but be sure to follow the rules for all countries on your itinerary. If you need a new or updated passport, check processing and mailing times before booking your trip.
SOURCE: govinfosecurity.com by Prajeet Nair – August 3, 2023
A Russian espionage group attacked multiple organizations to steal credentials using Microsoft Teams chats that appear to originate from technical support.
Microsoft on Wednesday attributed the activity to Midnight Blizzard, previously tracked by the computing giant as Nobelium and also known as Cozy Bear and APT29. The actor used previously compromised Microsoft 365 accounts owned by small businesses to create new domains that appear as technical support entities, Microsoft said. The campaign has affected fewer than 40 organizations since May.
Combining past and new attack techniques, the hacker set up domains and accounts to mimic a technical support presence and tried to get Teams users to approve multifactor authentication prompts.
SOURCE: Tech Radar by John Harden – August 7, 2023
The launch of the AI chatbot ChatGPT marked one of the most heavily utilized software application releases in history. Developer OpenAI said that ChatGPT acquired 1 million users within five days of its debut in November 2022. By comparison, Instagram took 2.5 months to reach 1 million registrations.
ChatGPT became an immediate sensation due to its remarkable ability for natural language processing that mimics human speech and writing. Very quickly, workers everywhere started downloading the app to help with professional tasks such as drafting marketing content and writing software code.
As a result, companies have witnessed a dramatic spike in the use of ChatGPT across customer environments since the tool was launched, with some reporting increases of 560%. In turn, this widespread wave of registrations has challenged IT teams to enforce policies for shadow IT, in which employees directly utilize software-as-a-service (SaaS) applications to do their jobs without approval from the IT department. Such unauthorized SaaS usage makes it hard for central IT to monitor all those shadow apps, prevent sensitive data from being leaked into those apps, and ensure compliance and security.
Security risk…
SOURCE: SITE by AUTHOR – Month Day, 2023
The installer for the latest Intel graphics card 101.4578 beta drivers adds a "Compute Improvement Program" (CIP) data-gathering component that's automatically selected during installation.
This CIP gathers data for Intel including "categories of websites visited by users (excluding specific URLs) and how they utilize their computers," according to a report from TechPowerUP (via VideoCardZ). Intel will also collect information on system hardware specs, regional information, and manufacturers of devices, including those which are close by such as Smart TVs."
The good news is that users can opt out of this data collection by deselecting it during the installation process. However, the process isn't too straightforward either unlike AMD, which explicitly asks the user whether they want to opt out of data collection. Nvidia, however, enables and installs its Telemetry components by default and users are unable to opt out of it.
SOURCE: Reuters by Raphael Satter and Kanishka Singh – August 4, 2023
WASHINGTON, Aug 3 (Reuters) - Two U.S. Navy sailors have been arrested on charges of handing over sensitive national security material to China, U.S. officials said Thursday.
Petty Officer Wenheng Zhao, 26, was charged with conspiracy and bribetaking in connection with taking nearly $15,000 in exchange for photographs and videos of sensitive U.S. military information, the officials said. U.S. Navy sailor, Jinchao Wei, whose age was not disclosed, was charged with conspiring to send national defense information to China in exchange for thousands of dollars.
Assistant Attorney General Matt Olsen told reporters in San Diego that, because of the men's actions, "sensitive military info ended up in the hands of the People's Republic of China."
Zhao is accused of sending his Chinese handler plans for U.S. military exercises in the Indo-Pacific region, electrical diagrams and blueprints for a radar system on a U.S. military base in Okinawa, Japan and security details for U.S. naval facilities in Ventura County and San Clemente Island outside Los Angeles, according to U.S. officials.
SOURCE: ClearanceJobs by Katie Keller – July 10, 2023
In the wake of Jack Teixeira's leak of classified documents on the war in Ukraine, many have criticized the security clearance process. While personnel vetting has gone through some major overhauls in the last couple of years to manage the cleared candidate pool and the backlog high of the late 2010s, the process is not perfect – nor probably will it ever be due to changing norms and advances in tech, along with our topic today – social media.
Companies have long been using social media as a part of the hiring process. Prospective candidates' digital personas are checked up on by hiring managers, and some applicant tracking systems automatically link social media presences with candidates. Recently, the UK requires all K-12 publicly funded teaching applicants to undergo a screening, along with California signing into law that all police officers are required to, as well.
SOURCE: ClearanceJobs by William Henderson – July 11, 2023
No, it's not a new hip hop song title.
Rap Back is short for "Record of Arrest and Prosecution Background." Some state-level criminal justice agencies have had Rap Back programs since 2007. The FBI introduced their Rap Back service as a part of their Next Generation Identification (NGI) system in 2014. Prior to the FBI deploying Rap Back, a national criminal history background check provided only a one-time snapshot of an individual's Criminal History Record Information (CHRI). The FBI's Rap Back enables authorized agencies to receive ongoing notifications of any CHRI reported to the FBI after an individual has been enrolled in the system.
In October 2018 the FBI's Rap Back service became available through the Office of Personnel Management's (OPM's) National Background Investigations Bureau (NBIB) to federal agencies for the Continuous Evaluation (CE) of personnel with security clearance. Over the next few years, the Department of Defense and other agencies that used OPM/NBIB and now use its successor agency, the Defense Counterintelligence and Security Agency (DCSA) as their Investigation Service Provider (ISP) for background investigations, gradually enrolled cleared personnel in CE and the FBI's Rap Back service.
Here's how it works…
SOURCE: FEDweek – August 1, 2023
A new bipartisan bill in the House would ease restrictions on marijuana use by federal employees, by stating that past or current use could no longer be grounds for finding an individual unsuitable for federal employment or for denying or revoking a security clearance.
"Every year, qualified and dedicated individuals seeking to serve our country are unable to secure federal jobs and security clearances because the federal government has not caught up with the widely established legal use of medical and recreational cannabis," said Rep. Jamie Raskin of Maryland, the ranking Democrat on the House Oversight and Accountability Committee. Also initially sponsoring the bill is Rep. Nancy Mace, R-S.C., chair of the subcommittee on cybersecurity and IT.
SOURCE: Security Boulevard by Orlee Berlove – August 3, 2023
In July 2023 the DoD hit a milestone with submission of a CMMC rulemaking package to the Office of Management and Budget for review. This move signals DoD's continued commitment to improving the cybersecurity of the Defense Industrial Base (DIB) and its desire to make CMMC the law of the land. Most expect that CMMC requirements will start to appear in DoD contracts in the next 12-18 months.
For any defense contractor handling CUI, the message is loud and clear: CMMC has made a leap toward becoming a reality, and the days of weak enforcement of DoD cybersecurity regulations are coming to an end. This means that now is the time to focus on compliance with NIST 800-171, as explained below.
While it might be tempting for some contractors to wait until CMMC becomes a Final Rule before starting their compliance journey, the fact is that if their contract contains a DFARS 7012 clause, they have already agreed to comply with the 110 NIST 800-171 controls. These are the same 110 controls that sit at the heart of CMMC Level 2, which any organization that handles CUI will need to achieve. DFARS 7012 has been in effect since 2017 and DoD has been making steady progress towards enforcing it: