Cyber Security News Update 7/31/2017

Have you taken the Cyber Security quiz from Pewinternet? If you haven’t (and even if you have) check out our article on it here! New government legislation may cause trouble, “smishing” is on the rise and Google is in hot water over their data collection.

Federal agencies have been given a new cyber security framework to conform to as the executive order issued by President Trump in Spring takes effect. The Executive Order has several important points for all federal agencies to conform too such as: Using the new framework published by the National Institute of Standards and Technology. Cloud storage and computing is to be “shown preference” as long as it complies with federal standards and laws. All agencies are expected to provide a report on their progress by the end of August, as well as how they will implement the required changes. The Executive Order also requires that federal agencies work together to share their security strategies and information, such as potential threats and known cyber security actors.
Source: New Cybersecurity Policy Will Impact Federal IT Market

Google has run into trouble lately with its information collection scandal. Android devices as well as Google services such as Gmail have been surreptitiously collecting user data without their consent our knowledge. We previously wrote a pair of articles on how Google be spying on your right now, and how to make sure it isn’t. This scandal involves a company that makes headsets for Google devices, Shanghai Adups Technology Company, which has left the spyware program Adups in their handheld devices. The low cost phone company Blu has also been found to use this software, and the information it collects, stores and sends is extremely invasive. Any device with Adups is having its text messages, call history (with full numbers), MAC address, Serial Number and Unique Identifier Number. Everything you do on your phone was collected and distributed by this program, which still hasn’t been removed as of the posting of this article. When this program was originally found on devices it was also collecting the users GPS data, SIM number and your mobile browsing history.
Source: Android Spyware Still Collects PII Despite Outcry

What is smishing? Smishing is a modified fishing attack, using SMS as the attack vector. SMS or SM is the technical term for text messages, and they stand for “Short Message System.” The reason that the text message limit is 140 characters is because the SMS uses an already included channel on your phone, normally reserved for maintenance and status updates, to send your text messages. Smishing attacks are very similar to the phishing attacks that they borrow from. They include some sort of inflammatory text message from a seemingly legitimate source. An example would be a text message saying that your bank account is being fined or investigated for suspicious withdrawals, and this message supposedly originates from your bank. They then ask you to call a number or follow a link. Doing so allows the attacker to collect data from your phone, just as if you had opened a suspicious email. The same rules for avoiding phishing attacks apply to smishing attacks, don’t follow links from sources you don’t know and don’t trust. If you haven’t set up text alerts from your bank, then don’t respond to any texts from your “bank.” If you receive a suspicious text, look up the number for your financial institution and call that number instead. Remember to report the suspicious text message after you verify that nothing has happened to you, this way the attackers can be shut down.
Source: How Cyber Criminals Are Targeting You Through Text Messages