Using social media as a tool to share knowledge on day-to-day Cybersecurity risks

Read Time:4 Minute, 48 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking private information. It’s for good reason that this is top-of-mind. The Identity Theft Resource Center’s 2022 Consumer Impact Report revealed that social media account takeovers have grown by 1,000% in one year. 

Putting yourself out there on social media platforms opens up your personal information to cyber threats. However, social media can be used for good, rather than evil, when it comes to cybersecurity. Learn how to educate your social media following on everyday cybersecurity risks.

Create Cybersecurity content relevant to your audience

Not every company or content creator posting on social media is in the cybersecurity niche, not to mention any offshoots or umbrella niches like technology. Of course, if you do fall into a tech niche and have an audience that’s interested specifically in cybersecurity, you can certainly post on social media about the topic.

However, virtually any industry could benefit from creating cybersecurity content. When planning quality content for your social pages, identify your content niche and determine what aspects of cybersecurity would be most beneficial and interesting to your audience. You can also capitalize on current trends on social media or in the news when designing an informational content campaign around cybersecurity.

Let’s look at how cybersecurity topics can be approached from a variety of industry angles.

B2B

If you are a shared workspace company, for example, your followers are likely interested in ways to establish network security in a hybrid workplace. Followers of a hiring software company likely want to see how to hire more securely online. If your business caters to other businesses, you can create educational cybersecurity content to help them stay safe while using your services or otherwise doing things related to your product or services.

Healthcare

While creating content aimed at public services is different than B2B audiences, cybersecurity information is especially relevant. In a time when interest in virtual healthcare services is booming, patients and providers alike need to be aware of HIPAA laws. For instance, a social media post about the security risks and ethical concerns of doctors emailing and texting patients is an important and highly relevant topic.

Education

Like many healthcare practices have incorporated virtual visits, many schools have started providing virtual classes. If your business is in the education sphere at all, your followers would likely benefit from engaging content about keeping student information private in online classrooms.

Lifestyle

If your brand is in a lifestyle category, you may not think this has much to do with cybersecurity. However, think about the ways in which your followers engage with your brand. If you sell products on a website, make a social post about how to create a secure login for your site when purchasing to reduce the risk of data theft. Further, you can inform your consumers how you’re taking steps to securely process payments and handle customer information. This will instill trust in your brand.

If you don’t sell tangible products or services in this way, you can still find something to do with cybersecurity that will benefit your audience. People use online services all the time, and not everyone is up to date with the latest ways to catch phishing scams or create safe passwords. If your followers are interested in a certain fashion brand and you are aware of an email scam under that brand’s name, you can post about it on social media to help spread awareness.

Pick the right platform and format

Regardless of your industry, it’s clear that all audiences can benefit from some level of cybersecurity education. Similar to how your content will differ, each creator will also benefit from posting on varying social platforms. Some of the most popular social media sites for sharing informative posts include:

Twitter: platform for text posts, accompanying images, and links;
Reddit: site for more nuanced, forum-style discussions;
Quora: site with question-and-answer-style discussions;
Instagram: app with primarily image-based with short-form video and live streaming options;
Facebook: platform affiliated with and similar to Instagram but with longer text posts and groups;
LinkedIn: professional networking platform with longer text posts and videos;
YouTube: leader in the long-form video space with the option for Shorts and live streaming;
Twitch: live streaming platform primarily for gamers;
Pinterest: image-based sharing platform;
TikTok: short-form video content platform with live streaming options.

TikTok, in particular, is interested in promoting cybersecurity education, so you may have enhanced luck on the platform. Short-form TikTok videos are brief enough to keep viewers’ attention, but you also have enough options to successfully pack in cybersecurity knowledge. For example, you could make a video using a trending sound about how to spot insider threats, pointing to each tip. The platform shows users the content they will be most interested in, so you are more likely to reach the right audience and spread cybersecurity awareness.

If you already have a social media presence, you likely know which platforms garner you the most engagement currently. Start by testing the performance of cybersecurity education posts on your chosen platforms. Then, analyze the data and adjust accordingly.

Using social media for Cybersecurity awareness

Whatever industry you’re in, your social media following will be able to benefit from cybersecurity education. Data privacy is top-of-mind for most social media users, so cater to their unique needs with your content.

Read More

Google Cloud launches Cryptomining Protection Program

Read Time:33 Second

Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and multi-year fixed-price subscriptions. 

According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time.

To read this article in full, please click here

Read More

USN-6149-1: Linux kernel vulnerabilities

Read Time:1 Minute, 24 Second

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type confusion vulnerability in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1073)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)

Read More

USN-6147-1: SpiderMonkey vulnerability

Read Time:14 Second

Several security issues were discovered in the SpiderMonkey JavaScript
library. If a user were tricked into opening malicious JavaScript
applications or processing malformed data, a remote attacker could exploit
a variety of issues related to JavaScript security, including denial of
service attacks, and arbitrary code execution.

Read More

BastionZero releases SplitCert for password-free authentication and access

Read Time:27 Second

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor. Other new BastionZero platform features include passwordless access support for GCP cloud SQL and AWS RDS via a new desktop app, along with password-free support for Microsoft Windows servers with Remote Desktop Protocol (RDP), BastionZero said.

To read this article in full, please click here

Read More

Guardz releases AI-powered phishing protection solution for SMEs, MSPs

Read Time:55 Second

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, perimeter posture, and awareness into one native solution, according to the firm.

The release comes in the wake of the Verizon 2023 Data Breach Investigations Report, which cited phishing as the second most common way threat actors infiltrate organizations, behind stolen credentials. It also found that three-quarters of all data breaches observed in the past year involved some form of human element, with the number of recorded business email compromise (BEC) attacks doubling. Meanwhile, the emergence of sophisticated generative AI chat technology built on large language models (LMMs) has changed the phishing game significantly, with researchers already demonstrating how OpenAI’s ChatGPT can enhance phishing attacks by making them harder to detect and easier to pull off.

To read this article in full, please click here

Read More

Kyndryl unveils incident response and forensics service, AWS threat intelligence collaboration

Read Time:48 Second

IT infrastructure services provider Kyndryl has announced a new cybersecurity incident response and forensics (CSIRF) service as well as a new threat intelligence collaboration with AWS. The CSIRF will help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s security experts, the firm said. Its partnership with AWS will combine operational IT data across cybersecurity, compliance, and resilience to provide actionable insights and security intelligence driven by industry standards and best practice methods, it added.

CSIRF service offers incident response, threat intelligence, compliance monitoring

Kyndryl’s new CSIRF service helps customers investigate and respond to detected security incidents by leveraging capabilities such as incident triage, incident response, threat intelligence, and compliance monitoring and management, the firm said in a press release. Customers also have the option to select proactive services that may reduce the time to respond to an incident, it added.

To read this article in full, please click here

Read More

Barracuda urges customers to replace vulnerable appliances immediately

Read Time:19 Second

Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately.

A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring.

To read this article in full, please click here

Read More

Paragon Solutions Spyware: Graphite

Read Time:51 Second

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval:

American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite. People with knowledge of the matter suggested 35 countries are on that list, though the exact nations involved could not be determined. Most were in the EU and some in Asia, the people said.

Remember when NSO Group was banned in the US a year and a half ago? The Drug Enforcement Agency uses Graphite.

We’re never going to reduce the power of these cyberweapons arms merchants by going after them one by one. We need to deal with the whole industry. And we’re not going to do it as long as the democracies of the world use their products as well.

Read More