Amazon shoppers and users beware! There is a new Locky ransomware campaign targeting you. Please take the time to closely inspect your email messages and take caution when receiving unexpected attachments. It is highly unlikely that Amazon would ever send you a Word document, so don’t click. Simply delete!
Month: May 2016
Microsoft Warns of ZCryptor Ransomware with Self-Propagation Features
Please take a moment to review this information concerning ZCryptor. This type of ransomware is particularly disturbing due to its worm-like characteristics.
Microsoft May Ban Your Favorite Password
I fully realize this decision by Microsoft is going to annoy a variety of people, but frankly this type of obvious, heads up change should be made by vendors across the industry. Weak passwords are stupid. It is as simple as that. People need to comply and move forward.
http://www.securityweek.com/microsoft-may-ban-your-favorite-password
PCI Standard’s Multi-factor Authentication Mandate Delayed ‘Til 2018
To all of my friends out there working in a PCI-applicable environment, this is good and very relevant news. You have been granted a reprieve. A couple of the more difficult compliance requirements in DSS 3.2 (SSL/TLS & multi-factor authentication) have been deferred until 2018. Please take this time to plan and implement accordingly.
http://www.infosecurity-magazine.com/news/pci-standards-multifactor/
Windows 10 – Microsoft U-turn on ‘nasty trick’ pop-up
In all honesty, this never should have happened in the first place. What Microsoft did was truly sneaky and nasty, so this reverse in course was very much warranted.
Securing Business-to-Business Environments
Marketing value aside, this is good, sound advice from the team at Fortinet. Please take a moment to review the recommendations in this article and consider the value of segmentation and monitoring for your B2B connections.
http://blog.fortinet.com/2016/05/25/securing-business-to-business-environments
Bad guys jump ship to CryptXXX after TeslaCrypt authors release decryption key
Cut the head off one Ransomware version and at least one more pops up and takes its place. It looks like the shift from Teslacrypt has already begun. Please beware of this new shift in attack vectors.
Cisco Talos – The Good Fight
Yes, I freely admit that the following link is marketing material from Cisco. Yes, I work for an organization that partners with Cisco on many fronts. That said, this is still an interesting read delving into some the work taking place at Talos. I must admit, as I have had the opportunity to spend a little time with the security team at Cisco, I am impressed with the resources they are bringing to bear on IT security issues and opportunities. This fact has only been strengthened with the acquisition and integration of the phenomenal resources of Sourcefire over the last couple of years. Take a moment and enjoy the read.
http://www.cisco.com/c/m/en_us/products/security/the-good-fight/index.html
America is using a staggering amount of mobile data now
Staggering is a good word to describe the stats in this article. This is truly a massive amount of data. And it brings to mind a very important question – how secure are all those mobile devices? Please take the time to consider the security of your mobile devices. We are no longer tethered to a CAT5 cable and the bad guys know that. Are critical data is traveling with us and it needs to be safe and secure.
http://www.ctia.org/your-wireless-life/how-wireless-works/annual-wireless-industry-survey
Critical infrastructure: It’s time to make security a priority
This is a well written article and a very serious topic. I agree completely that conversation needs to be moved forward. Critical infrastructure is a target by both rogue entities and nation states and we need sound defenses.
http://www.welivesecurity.com/2016/05/24/critical-infrastructure-time-make-security-priority/