November 2021 Newsletter

President’s Corner

Fellow Members of ISSA-COS,
Welcome to November! The month where the temperatures begin to get cooler, and the thoughts of family and friends become warmer. As we draw closer to the end of the year, we begin to take inventory of all our accomplishments this year. Indeed, it was a fruitful year!


ISSA-COS Virtual Meetings – In October, we enjoyed some excellent guest speakers. During our monthly chapter meeting, Mr. Erik Henrikson provided an engaging presentation entitled “DNS Data Exfiltration/Infiltration – Beyond “A” Records”. Participants enjoyed learning about DNS functional design and how data flows from one location to another. For our Saturday mini seminar, we piloted a new format which stretches the normally scheduled technical, hands-on presentation across two months vice, just one. This should allow participant to experience more content, more teaching, and more exposure to the concepts being taught. Our presenter for this pilot was Mr. Al Green. Mr. Green’s lesson is entitled “Configuring Red Hat Enterprise Linux (RHEL) 8.4 Server for Ansible Control Node Role.” Click here to continue…

FBI Denver Warns Consumers to Be Vigilant

Tips on Avoiding Holiday Cyber Scams

(DENVER, CO) With the holidays quickly approaching and Cyber Monday just around the corner, the FBI Denver Division reminds Colorado and Wyoming residents to be cautious when purchasing items online. Thousands of Americans fall victim to cyber scams every year. With the busy holiday season upon us, attackers will take advantage of the opportunity to take your money. Click here to go directly to the post:

Thank you for your sponsorship!

The ISSA-COS Bylaws – What is in there?

My Opinion: Our bylaws are well-written, and we can thank our long-standing leaders for developing them! However, at least every few years a chapter should review its bylaws to ensure its actions, current and envisioned, are bylaw-compliant. It should also check what ISSA International, and comparable chapters, have in their bylaws. There might be room for improvement in the chapter’s own bylaws. If nothing else, we can check for correct word choice. I found one trivial discrepancy, so contact me if you are curious!

Read on to discover more about the ISSA-COS Bylaws:

Membership Corner – November 2021

Are you up for renewal? Please check to see if your membership renewal is due by going to the ISSA Member Portal Renew Online – Information Systems Security Association (issa.org).
We need all members to spread the word that we are looking for new members to join our great organization. Below are the top 10 reasons to join ISSA!!
Click here to see new October members and the top 10 reasons to join ISSA

Thank you for your sponsorship!

Book Review

Smith, Brad and Carol Ann Browne. Tools and Weapons: The Promise and the Peril of the Digital Age. New York: Penguin Random House, 2021 (updated from original 2019 version).

This book is a fun read and an important read! We regularly get technical speakers or cybersecurity management speakers at our symposia, chapter meetings, mini-seminars, or training events. Occasionally we will hear about the interface between human psychology and cybersecurity. BUT – Although the authors do not say so, when was the last time you took a breath and thought hard about the philosophy of technology, and how cybersecurity, privacy, and data protection relate to it? Not just what we do and how we do it, but why we do it!

The book reads like an adventure story. If the significant people, but otherwise non-cyber pros in your life wonder what you do, have them read this book! Click here for more!

Thank you for your sponsorship!

Industry Blog Post

KnowBe4 Security Awareness Training Blog:
Phishing Emails Use Small Font Size to Bypass Security Filters

Researchers at Avanan have spotted phishing emails that use a font size of one to fool email security scanners. The emails appear to be password expiration notifications from Microsoft 365. The attackers have inserted benign links that are invisible to the human eye, but trick security scanners into viewing the email as a legitimate marketing email.

“In this attack, hackers utilize a number of obfuscation techniques to get a credential harvesting page through to the inbox,” the researchers write. “First, all links are hidden within the CSS. This confuses natural language filters. Natural language filters see random text; human readers see what the attackers want them to see. In addition, hackers put links within the tag, and brought the font size down to one. This breaks semantic analysis, which leads many solutions to treat it as a marketing email, as opposed to phishing. Beyond that, there are invalid parameters, as the ‘Padding Left’ is set to ‘;’ further confusing scanners.” Read on: