Army Operations Security (OPSEC)

08/22/2021

Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

08/21/2021

Be OPSEC aware before you share

Operations Security, or OPSEC, is a proven risk-analysis process that helps protect critical information and determine the value of unclassified information, but awareness is key.

Using the OPSEC process, we can deny the adversary information they need to compromise our operations.

https://www.army.mil/article/249435/be_opsec_aware_before_you_share

FORT LEONARD WOOD, Mo. — Many people use social media, but not everyone understands the impact of what they are sharing and who can see their posts, pic...

08/16/2021

T-Mobile Customers beware.

T-Mobile confirms unauthorized access to some data occurred, says it has not determined whether "personal customer data involved": Tonya Riley, Reporter via Twitter.

T-Mobile Customers beware.

T-Mobile confirms unauthorized access to some data occurred, says it has not determined whether "personal customer data involved": Tonya Riley, Reporter via Twitter.

08/15/2021

Do you know your Commander's Critical Information List?
Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

Do you know your Commander's Critical Information List?
Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

08/14/2021

What is OPSEC? - Operations Security

WHAT IS OPSEC?
This brief video provides the fundamentals and examples of Operations Security that can be applied at work and home.
https://youtu.be/dbiEJp38EWY

Operations Security or OPSEC is the essential process of protecting your “critical information” from adversary observation, collection & exploitation.Let’s d...

08/13/2021

The #USArmy protects its people, facilities and information from acts of terrorism through constant vigilance and key leadership emphasis.

Attacks against our military and civilians dictate the need for heightened awareness and suspicious activity reporting.
https://www.army.mil/article/249320

08/11/2021

Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack

https://portswigger.net/daily-swig/bow-to-the-usbsamurai-malicious-usb-cable-leaves-air-gapped-networks-open-to-attack?&web_view=true

Quite a concern.

Open source hacking tool costs less than $15 to produce

08/10/2021

An oldie but goodie. No info lost in the cone of silence.

Should be a great debate, what are you drinking this evening?

08/08/2021

BSidesNoVA 2021 | Rich Wickersham | LinkedIn OPSEC, Targeting Analysis and Countermeasures

LinkedIn OPSEC, Targeting Analysis and Countermeasures
BSidesNoVA 2021 | Rich Wickersham

This 30-minute video will review the continuing need for employee and corporate Operations Security (OPSEC) in social media platforms with a focus on LinkedIn.

https://www.youtube.com/watch?v=0YYR4Uh8f_A&t=67s

Presented at BSidesNoVA 2021 on June 5th, 2021This talk will review the continuing need for employee and corporate Operations Security (OPSEC) in social medi...

08/07/2021

I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona | Proofpoint US

TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with malware (using macro-laden documents).

ttps://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media

Key Takeaways TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with malware. The malware, dubbed by Proofpoint as LEMPO, was designed to establish persistence, pe...

08/04/2021

Stop ignoring this iPhone warning | ZDNet

Don't Ignore Warnings!

https://www.zdnet.com/article/stop-ignoring-this-iphone-warning/

Apple makes it seem like all updates are the same. They are not.

08/02/2021

National Insider Threat Awareness Month Brief

A good video for briefings.

https://www.youtube.com/watch?v=9wxgCvSqM1M

On September 23rd 2019, Rebecca Morgan with the support of her team from CDSE's Insider Threat Division, co-hosted an inaugural National Insider Threat Aware...

08/01/2021

Be cautious of phone scammers pretending to be your utility company. They will attempt to put you in a sense of urgency, such as calling right before the weekend, and have you make the mistake of paying them.

In my situation, I told the scammer I would hang up, verify through my phone app and if needed, pay through the phone app. This is where he broke his composure and got angry.

Additionally, do not provide additional information about yourself as that may be used against you in future scams.

Be cautious of phone scammers pretending to be your utility company. They will attempt to put you in a sense of urgency, such as calling right before the weekend, and have you make the mistake of paying them.

In my situation, I told the scammer I would hang up, verify through my phone app and if needed, pay through the phone app. This is where he broke his composure and got angry.

Additionally, do not provide additional information about yourself as that may be used against you in future scams.

07/31/2021

Are you a Soldier or Army Civilian in charge of managing the organization’s or leader’s official social media presences, such as accounts on Facebook, YouTube, Twitter, and Instagram?

Ensure you are trained and meet regulatory guidance. The Social Media Managers site has step-by-step instructions to protect you and your command.

Link: https://www.army.mil/socialmedia/managers/

Are you a Soldier or Army Civilian in charge of managing the organization’s or leader’s official social media presences, such as accounts on Facebook, YouTube, Twitter, and Instagram?

Ensure you are trained and meet regulatory guidance. The Social Media Managers site has step-by-step instructions to protect you and your command.

Link: https://www.army.mil/socialmedia/managers/

07/30/2021

Apple ID and Privacy

https://support.apple.com/en-us/HT208650

07/29/2021

Urgent: Why you need to update all your iPhones, iPads, and Macs right now | ZDNet

Why you need to update all your iPhones, iPads, and Macs right now.

While this update contains bug fixes, the main part of this update is a security fix for a vulnerability that Apple says "may have been actively exploited."

In other words, the bad guys are already using it.

To update your iPhone and iPad, go to Settings > General > Software Update and download and install any available updates.

https://www.zdnet.com/article/why-you-need-to-urgently-update-all-your-iphones-ipads-and-macs-now/

This is a big one. You need to update them all, and update them all now.

07/26/2021

Do any of you Military, DACs or CTRs leave your SIPR Tokens at work? Give us one good reason why you would do that? We have the most important reason of all why you shouldn't.

Do any of you Military, DACs or CTRs leave your SIPR Tokens at work? Give us one good reason why you would do that? We have the most important reason of all why you shouldn't.

07/26/2021

Exercise caution prior to answering online questionnaires asking for seemingly harmless, but potentially, critical information about you and your family. Any information provided can be used to craft a social engineering attack. With enough information, an attacker is well-equipped to customize a message for you that looks legitimate.

Exercise caution prior to answering online questionnaires asking for seemingly harmless, but potentially, critical information about you and your family. Any information provided can be used to craft a social engineering attack. With enough information, an attacker is well-equipped to customize a message for you that looks legitimate.

07/24/2021

Recognizing one of our OPSEC warriors! For the second time in six years, Paul Quintel, the Aviation and Missile Command operations security program manager, has received the first place Army-wide OPSEC individual award.

“Just because we had a pandemic doesn’t mean we quit doing OPSEC,” he said. “We were coordinating training, conducting OPSEC reviews and collaborating on the destruction program – so I was staying busy in 2020. We had challenges, but we adjusted to them.”

-- Keep up the amazing work!

https://www.theredstonerocket.com/military_scene/article_f311bcec-d430-11eb-aa09-ffea245d73f5.html

Recognizing one of our OPSEC warriors! For the second time in six years, Paul Quintel, the Aviation and Missile Command operations security program manager, has received the first place Army-wide OPSEC individual award.

“Just because we had a pandemic doesn’t mean we quit doing OPSEC,” he said. “We were coordinating training, conducting OPSEC reviews and collaborating on the destruction program – so I was staying busy in 2020. We had challenges, but we adjusted to them.”

-- Keep up the amazing work!

https://www.theredstonerocket.com/military_scene/article_f311bcec-d430-11eb-aa09-ffea245d73f5.html

07/23/2021

Before rushing out that door to enjoy the weekend, ensure you retrieve your Common Access Card (CAC) when leaving the office. At these times, don't let it out of your line of sight. Always keep the card with you at all times.

Before rushing out that door to enjoy the weekend, ensure you retrieve your Common Access Card (CAC) when leaving the office. At these times, don't let it out of your line of sight. Always keep the card with you at all times.

07/22/2021

OPSEC/INFOSEC FAIL!
A British gamer (and Soldier) leaked classified tank specs online to win an argument over a military video game! 🤦‍♂️

Have you ever wanted to win an argument so bad you leaked classified info? This "War Thunder" gamer did.

The whole story > https://bit.ly/3BtrgxJ

07/19/2021

Impersonations of Military Members on Social Media On the Rise, New Report Says

"Be skeptical of that admiral who just asked you out on Twitter."

Like Whack-a-Mole, fake social media profiles pop up faster than we can knock them down. Exercise caution before sending money over the internet to any individual you do not know.

https://www.defenseone.com/technology/2021/07/impersonations-military-members-social-media-rise-new-report/183704/

Be skeptical of that admiral who just asked you out on Twitter.

07/18/2021

Take additional caution prior enabling programs to run on your computer. A Microsoft Excel file might seem harmless, but Macros are programs that can execute commands outside of Excel, or other Microsoft office programs.

Before enabling Macros, verify who created the file, what the file contains, and why Macros are necessary.

Take additional caution prior enabling programs to run on your computer. A Microsoft Excel file might seem harmless, but Macros are programs that can execute commands outside of Excel, or other Microsoft office programs.

Before enabling Macros, verify who created the file, what the file contains, and why Macros are necessary.

07/17/2021

OPSEC Tina Returns for COVID-19 Cyber Awareness

Even as we head back or already have transitioned back to the office environment, this fun JKO spoof video identifies some good points for the post COVID office environment.

https://www.military.com/video/opsec-tina-returns-covid-19-cyber-awareness

Tina from Joint Knowledge Online's DoD Cyber Awareness training challenges social media OPSEC during COVID-19. (Media Center - Japan video by by Petty Officer 2nd Class Jeanette Mullinax)

07/16/2021

Woohoo!

Companies including Facebook, Microsoft, Google, and Twitter took action against Iranian hacking group using platforms to distribute malware, conduct espionage, and target US military personnel: Blog via Dev Discourse.

07/14/2021

SCAM OF THE WEEK:

Kaseya Security Crisis Scams
Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.
Here are some tips to stay safe:
• Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
• Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
• Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.

SCAM OF THE WEEK:

Kaseya Security Crisis Scams
Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.
Here are some tips to stay safe:
• Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
• Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
• Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.

07/13/2021

Do you all know what CUI is? Why do you need to know?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended.Feb 23, 2021

Do you all know what CUI is? Why do you need to know?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended.Feb 23, 2021

07/10/2021

A good design for briefing OPSEC.

A good design for briefing OPSEC.

07/08/2021

Life and Money by Citi | Scams Are on the Rise in 2021, Here’s What to Watch Out For

Newer scams….

From romantic ploys to social engineering, learn about scams to watch for, and tips to protect yourself.

07/01/2021

Powerball Scams

Powerball Scams

https://www.powerball.net/scams#:~:text=How%20to%20Identify%20a%20Powerball%20Scam%201%20Fraudulent,attachment%20to%20an%20email.%20...%20More%20items...%20

Powerball scams are a form of advance-fee fraud. Find out more about Powerball scams here and what action to take if you think you're the victim of a scam.

06/30/2021

A great visual brought to us by our newest volunteer, a diligent PM.

Thank you to him.

A great visual brought to us by our newest volunteer, a diligent PM.

Thank you to him.

06/25/2021

There are big bucks just waiting for you to claim. Oh yes!

"US-Unclaimed-Assets"

Robert, Learn how to find your missing security deposits!

Landlords are sometimes unable able to return all or part of your security deposit after you have vacated an apartment. In these cases, the government may classify the leftover funds as unclaimed. Find out how to search for unclaimed security deposits and other ways to stay financially stable as a renter!

There are big bucks just waiting for you to claim. Oh yes!

"US-Unclaimed-Assets"

Robert, Learn how to find your missing security deposits!

Landlords are sometimes unable able to return all or part of your security deposit after you have vacated an apartment. In these cases, the government may classify the leftover funds as unclaimed. Find out how to search for unclaimed security deposits and other ways to stay financially stable as a renter!