I must admit that this seems creepy at first, but honestly after pondering it for a little while, I find myself resigned to the thought that I should expect such things. Our web sessions are becoming more and more fully interactive and many entities are striving to leverage any opportunity or advantage that presents itself. Be aware of what may be happening as you seek guidance and support online.
https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119
Please take a moment to consider and remember what you have patched and what you have placed on hold, and then adjust accordingly, given that Microsoft has now purportedly righted the patching ship.
This is an important topic presented by Mr. Krebs. We have conditioned ourselves and our end users to see the little lock next to an address as an “all clear” sign. That is no longer the case. SSL is becoming truly ubiquitous. We have to look beyond the lock and we have to educate about what certificates are and how they work and what to verify and consider.
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
This is a very difficult situation from an IT security perspective. Multi-factor authentication is a necessary step for the security of many systems and applications, especially those that are cloud hosted. These types of outages can and will shake the confidence of users and make the move to multi-factor authentication that much more difficult to pursue and expand for IT security professionals in organizations.
https://www.infosecurity-magazine.com/news/2fa-login-failure-in-office-365/
For the second month in a row, Microsoft has been forced to pull an update due to adverse affects on production environments. This is concerning. Please review your current patch status and pull/back out this patch series if necessary.
https://betanews.com/2018/11/20/microsoft-pulls-buggy-office-updates/
I was honored to have the opportunity to make a small contribution to this news report. Thank you to John Engel and News 5 WCYB for their diligence.
Spear phishing is a serious threat to many organizations and can result in the loss of highly sensitive information. ETSU has taken respectable steps after the fact to mitigate the impact of this incident, but we can all learn from this situation and strengthen the postures of our own organizations to prevent these types of attacks in the future.
https://wcyb.com/embed/news/local/etsu-investigating-phishing-attack-providing-22000-in-credit-monitoring-for-victims?external-id=7c47489a43384577afc08fffe657c4ff
Beware! As we quickly approach the end of the year and the start of tax season, more and more of these types of scams will find their way to our mailboxes.
https://blog.knowbe4.com/irs-issues-urgent-warning-on-tax-transcript-scam
Though at its face, this sounds like good news, a slight reduction in the number of reported and identified vulnerabilities does not really point to an improvement in the overall security of technology users. In all honesty, I believe cybercriminals are more effectively leveraging existing vulnerabilities and taking advantage of the human element (phishing, adware, social engineering) to gain the access they desire.
Virtual Sweater Vest 