Some of them are easy to see; others, not so much...details below.

Hi. I'm Jon Fedor and this is InCyber Regular, edition 23. If it's your first time here thanks for being here! We had a number of new folks join us over the past week - great to have you along.

InCyber exists to help people secure their digital gemstones and belongings. It's about cybersecurity for the rest of us.

We don't have any feats of strength or aluminum poles but we *do* have suggestions to make your digital presence more secure than it was yesterday.

How do we measure this?

Goal One: inspire at least two people to use a password manager before the end of 2021.

Status on Goal One:

We've got one out of two people tentatively on-deck for starting to use a password manager. Look. This is huge. InCyber's mission moves forward one person at a time. Exciting!

What else do we measure?

Nothing until Goal One is done.

Now on to the good stuff.

Today:

1. ScamSpotter
2. Unauthorized file read vulnerability
3. Switches for Christmas

ScamSpotter is a thing!

There are two things that help avoid catastrophe when facing a security situation:

1. Information / knowledge
2. Training

ScamSpotter is an excellent place to start when honing bothy your knowledge of scams, how they work, and also mentally rehearsing the scenarios so that you're ready if ever facing a scam.

ScamSpotter is a collaboration project between the CyberCrime Network and Google. Its mission is to stop scams before they go south.

Why?

Because scammers are slated to steal $3B in 2022 from people like you and me.

How do they help?

The three golden rules of course!

1. Slow it down - erase the false sense of urgency. Ask questions. Drive like you're passing a cop in a school district.
2. Spot check - if you get a call or communication, interrupt it (hang up), and get in touch with the institution directly, if possible. If someone claiming to be from your bank calls, hang up, and call the bank directly.
3. Stop! Don't send - don't send anything. Not money. Not gift cards. Not information. Trust your gut on this.

ScamSpotter's website is a great read - I highly recommend it not just for you but for the people you love in your life!

They also publish a run-down on the most common types of scams being run out there today; take a look!

Zero-days at it again with Windows

Looks like there's been a third zero-day vulnerability disclosed and unofficially patched post-patch Tuesday before Thanksgiving.

This vulnerability could allow information disclosure and local privilege escalation on affected systems.

The Hacker News put word out about this today; read more here.

Switches for Christmas

Presented without comment.

Thanks!

Hanging with you every week is the highlight of my week!

I'm more active than ever on Twitter and ramping back up on LinkedIn too. Would love to connect with you in those places.

If you ever have questions on personal digital security, cyber security news, a story you want to tell, or a favorite resource to share (etc) reply back and let me know!

Have a good'un, Good Lookin'.

~ Jon "Switches not switches" Fedor