It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Torkild Retvedt (CC BY-SA 2.0)

In the news

Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support. These emails may include file attachments or website links claiming to fix affected computers. Victims would believe that they are downloading an official patch. Instead, the attacks could completely erase computer data or steal login credentials. In its security blog, CrowdStrike Intelligence reports that these threat actors utilize typosquatting — intentionally misspelled or similar website domains — to impersonate the company’s website. CrowdStrike Intelligence has created a list of potential typosquatting domains registered after the outage. Read more here.

What you can do

We regularly advise our readers about targeted phishing attempts. If your newsroom was impacted by this outage, CrowdStrike has already released a self-mediation guide for your IT administrator to follow. But much of the advice on spotting phishing attempts applies to everyone in the newsroom, not just the IT team. You should also consider these actions to avoid future phishing attempts:

  • If you receive emails claiming to be from customer support, navigate directly to the website yourself, rather than using the link from someone claiming to be from customer support. Read more about phishing here.
  • Be wary of downloading or opening unexpected file attachments in emails. Some file types, like those ending in .exe and .pdf, are especially common for delivering malware. If you receive a suspicious PDF, you could use Dangerzone to convert it into a safe file.
  • Finally, look for signs of typosquatting websites. They might be misspelled, or have additional words and letters before the domain name. For example, “fakewebsites[.]com” and “fakewebsitepatch[.]com” are typosquatting on “fakewebsite[.]com.”

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Kevin

Kevin Pham

Digital Security Training Intern

Freedom of the Press Foundation