Be Warned: Customer Service Agents Can See What You’re Typing in Real Time

I must admit that this seems creepy at first, but honestly after pondering it for a little while, I find myself resigned to the thought that I should expect such things.  Our web sessions are becoming more and more fully interactive and many entities are striving to leverage any opportunity or advantage that presents itself.  Be aware of what may be happening as you seek guidance and support online.

https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119

Microsoft patches Patch Tuesday’s Outlook 2010 problem patch

Please take a moment to consider and remember what you have patched and what you have placed on hold, and then adjust accordingly, given that Microsoft has now purportedly righted the patching ship.

https://nakedsecurity.sophos.com/2018/11/27/microsoft-patches-patch-tuesdays-outlook-2010-problem-patch/

Krebs – Half of all Phishing Sites Now Have the Padlock

This is an important topic presented by Mr. Krebs.  We have conditioned ourselves and our end users to see the little lock next to an address as an “all clear” sign.  That is no longer the case.  SSL is becoming truly ubiquitous.  We have to look beyond the lock and we have to educate about what certificates are and how they work and what to verify and consider.

https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/

2FA Login Failure in Office 365 and Azure

This is a very difficult situation from an IT security perspective.  Multi-factor authentication is a necessary step for the security of many systems and applications, especially those that are cloud hosted.  These types of outages can and will shake the confidence of users and make the move to multi-factor authentication that much more difficult to pursue and expand for IT security professionals in organizations.

https://www.infosecurity-magazine.com/news/2fa-login-failure-in-office-365/

ETSU investigating ‘phishing’ attack, providing $22,000 in credit monitoring for victims

I was honored to have the opportunity to make a small contribution to this news report.  Thank you to John Engel and News 5 WCYB for their diligence.

Spear phishing is a serious threat to many organizations and can result in the loss of highly sensitive information.  ETSU has taken respectable steps after the fact to mitigate the impact of this incident, but we can all learn from this situation and strengthen the postures of our own organizations to prevent these types of attacks in the future.
https://wcyb.com/embed/news/local/etsu-investigating-phishing-attack-providing-22000-in-credit-monitoring-for-victims?external-id=7c47489a43384577afc08fffe657c4ff