Sophos Weekly Recap

https://nakedsecurity.sophos.com/2018/12/17/monday-review-the-hot-19-stories-of-the-week-30/

Advertisements

Worst passwords list is out, but this time we’re not scolding users

What a wonderful thought and a great step in the right direction – Let’s deny the use of the 10,000 worst passwords.  I am being serious as is this article.  It is time to stop simply laughing at the poor decisions of our end users and begin to build controls and limitations on poor password decisions.  It is time to mandate better credentials – passphrases, multi-factor authentication requirements, and proper password management tools.  It is time for webmasters and sysadmins to pick up the torch of password security and quick bending to the whim of a lowest common denominator approach to end user management.

https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but-this-time-were-not-scolding-users/

Microsoft is embracing Chromium, bringing Edge to Windows 7, Windows 8, and macOS

This is an intriguing development, even for Microsoft.  The implications of porting Edge to non-Microsoft platforms have the potential to be far reaching for both developers and businesses tied to compatibility requirements surrounding the Microsoft browser platform.

https://venturebeat.com/2018/12/06/microsoft-is-embracing-chromium-bringing-edge-to-windows-7-windows-8-and-macos/

Adobe Flash Zero-Day Spreads via Office Docs

The ongoing battle against the exploitation of Adobe Flash continues.  This is but the latest in a long line of flaws and vulnerabilities to plague Flash and its brothers and sisters in the Adobe family of products.  Please review your environments and patch accordingly.  Also, take the time to educate your users to the nature of this particular exploit.

https://www.darkreading.com/threat-intelligence/adobe-flash-zero-day-spreads-via-office-docs/d/d-id/1333429