WebCE's Weekly Wrap-Up: October 19-25

Staying ahead of cybercriminals means knowing what to defend against. The top stories for the last full week of Cybersecurity Awareness Month highlight the newest strategies bad actors are using to infiltrate systems and steal data.  

Cybercriminals have begun adopting a mobile-first approach to target devices that are often filled with valuable personal information. In fact, this week the National Security Agency (NSA) released their mobile device best practices everyone should use to defend against this rising threat.  

The mobile security best practice getting the most press? The NSA’s recommendation to turn every mobile device off at least once a week.  

Other best practices covered this week include minimizing data needed to protect—after all, if you don’t have certain information, it can’t be targeted. There’s also a surprising connection between fact-checking and cybersecurity threats like social engineering and phishing.  

The IRS also announced tax inflation adjustments for tax year 2024 this week, including new tax brackets. 

Have a story you’d like us to feature? Let us know! 

Top Stories of the Week

1. IRS Provides Tax Inflation Adjustments for Tax Year 2024 (IRS) 

   
   

   The Internal Revenue Service today announced the annual inflation adjustments for more than 60 tax provisions for tax year 2024, including the tax rate schedules and new tax brackets. 

   
   

2. Threat Actors Increasingly Using Malicious Virtual Hard Drives in Phishing Attacks (CSO Online) 

   
   

   Threat actors are increasingly creating malicious virtual hard drives to distribute malware, in the hopes of getting around email gateways that have become good at detecting infected documents, spreadsheets, and PDFs, says a new study. 

   
   

3. Lazarus Group Exploits Google Chrome Flaw in New Campaign (Infosecurity Magazine) 

   
   

   The group used a zero-day exploit to take complete control of infected systems, marking the latest in a long series of sophisticated campaigns from the North Korean-backed threat actor.

   
   

4. Cyber Attackers are Adopting a “Mobile First” Attack Strategy (KnowBe4) 

   
   

   The data points to two things: first, mobile presents a real risk to organizations, and second, cyber attacks are shifting toward mobile. 

   
   

5. National Security Agency’s Mobile Device Best Practices (NSA) 

   
   

   Powering your device off at least once a week is among the top security measures the NSA recommends to better protect personal devices and information. 

   
   

6. Cybersecurity, AI, Fiduciary Duty Top SEC’s 2025 Examination Agenda (The Cyber Express) 

   
   

   A significant focus of the SEC 2025 priorities is cybersecurity, reflecting the growing threat of cyberattacks on the financial sector. The division will closely examine how registered entities, including investment advisers, broker-dealers, and clearing agencies, manage cybersecurity risks, particularly those that could compromise critical services, investor data, or financial stability. 

   
   

7. Fact-Checking: An Essential but Untapped Security Tool (CPO Magazine) 

   
   

   Fact-checking is a crucial line of defense against the ever-growing deluge of online disinformation and social engineering risks. 

   
   

8. WebCE’s Approach to Keeping Customer Data Secure (WebCE Blog) 

   
   

   Throughout time and technology there’s only been one method proven effective against every form of cyber intrusion, hacking, data breaches, or social engineering: not having the data to begin with. 

   
   

9. Microsoft: Healthcare Sees 300% Surge in Ransomware Attacks (Dark Reading) 

   
   

   Ransomware has become such a pronounced issue for the healthcare sector because of its track record of complying with the bad actors and making ransom payments. But since these organizations are dealing with literal life and death issues, they are usually willing to pay millions of dollars to avoid any disruption of care and the data that support it. 

   
   

10. UnitedHealth Says Data of 100 Million Stolen in Change Healthcare Breach (Bleeping Computer) 

    
    

    Today, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal updated the total number of impacted people to 100 million, making it the first time UnitedHealth, the parent company of Change Healthcare, put an official number to the breach. 

Top Podcast of the Week

Defending Against What Cybercriminals Know About You (Defense in Depth from CISO Series) 

What more do we need to know about identities before they enter our environment?