Month: June 2017
Microsoft Issues ‘Important’ Security Fix for Azure AD Connect
This type of unpatched vulnerability could have serious implications for any organization running MS components in the Azure cloud. The compromise of a domain controller could lead to the complete infiltration of an environment, providing bad guys with the ability to touch and review hundreds of servers, create unknown numbers of hidden accounts with elevated privileges, and lay the groundwork for data ex-filtration and ransomware-style infections. Please review your environments and patch accordingly.
https://threatpost.com/microsoft-issues-important-security-fix-for-azure-ad-connect/126596/
ESET – How to make a strong password
This is a good, straight-forward video clip with sound advice on password and passphrase creation. Enjoy!
Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software
Here are two different articles with two very different conclusions as to the severity of the Petya / NotPetya outbreak that began yesterday. One common thread is that all sources agree on the root cause / distribution method. It is very scary to consider the implications of a compromised, yet trusted software vendor and the update processes that take place everyday from and with these vendors.
For this author’s perspective, I tend to see this outbreak as less devastating than WannaCry simply because of the lack of an active Internet worm component. It is certainly more harmful in any given LAN that it infects, but the number of potential LAN’s to be infected is limited.
https://threatpost.com/complex-petya-like-ransomware-outbreak-worse-than-wannacry/126561/
Breaking news: here’s what we know about what could be the latest ‘Petya’ ransomware outbreak
Here is some additional info concerning the latest global ransomware attack making the rounds through Europe and other parts of the world today. As always, please verify your backups and patch, patch, patch!!
Snapchat starts sharing your (and your kids’) location. Turn it off.
Please take the time to review these linked articles and protect yourself and your children from the exploitation of leaked location data and the evil that comes with that practice.
https://www.welivesecurity.com/2017/06/26/enable-ghost-mode-snapchat-now-want-keep-location-private/
Sophos Weekly Recap
Anthem agrees to pay record $115M to settle data breach suit
I think the most interesting piece on this article is not the amount of the settlement, but instead the fact that Anthem is admitting NO wrongdoing and No harm. Be disturbed. Be concerned. Do you believe Anthem has taken this breach seriously and made the changes necessary to protect patient data if they do not believe they were at fault?
https://www.cnet.com/news/anthem-would-pay-record-115m-to-settle-data-breach-suit/
How to Build a Secure WordPress Environment
I stumbled across this article earlier today and believe it provides a wonderful starting point for WordPress security. Take a look, bookmark it for future reference, and enjoy!
https://www.tripwire.com/state-of-security/featured/how-build-secure-wordpress-environment/
Newbie Retailer’s Guide to E-commerce Security
As a former Retail IT security officer, this article brought back some fond memories. It is also filled with some very sound advice. Enjoy!
Virtual Sweater Vest 