I had to share this article by Mr. Krebs for a variety of reasons, not the least of which is I have seen ATM’s like this in the wild. It happens far too often and admins and users alike ignore the pitfalls for the sake of convenience. Beware!
Month: July 2016
LastPass Patches Ormandy Remote Compromise Flaw
A patch for the most recent vulnerability in LastPass has been released. Please review your browser extensions and patch accordingly.
https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/
Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America
This is a valuable cautionary tale and it happens more often than any of us want to admit. Insider threats are very real and should be considered as a valid risk in every level of IT Security planning.
Why does Kevin Mitnick recommend 20-character passwords?
This is an interesting read on password/passphrase length by the team at KnowBe4.
https://blog.knowbe4.com/why-does-kevin-mitnick-recommend-20-character-passwords
NIST Recommends SMS Two-Factor Authentication Deprecation
This is an intriguing draft document by NIST concerning SMS and two-factor authentication. This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time. This is certainly not a finalized recommendation and adoption will take time if it moves forward.
https://threatpost.com/nist-recommends-sms-two-factor-authentication-deprecation/119507/
LastPass password manager “zero-day” bug hits the news
This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass. I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general. Watch for the patch and apply as soon as possible.
https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report
Cisco has released their Mid-Year Cybersecurity report. Enjoy!
http://blogs.cisco.com/security/announcing-the-cisco-2016-midyear-cybersecurity-report
Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update
Please review all of your platforms and patch accordingly.
Sophos Weekly Recap
New Decryption Tools Aid Ransomware Fight
It is always good to see a new tool for the ransomware-fighting toolbox.
http://www.infosecurity-magazine.com/news/new-decryption-tools-aid/