Cybercriminals Double-Down on What Works, Nearly Doubling the Number of Phishing Attacks in 2018

Have you noticed a significant increase in phishing messages over the past year?  Have you noticed that these messages seem to be better crafted, harder to identify, and generally very sneaky?  The stats from the team at KnowBe4 bear out the truth that most of us have been living over the last couple of years.

This significant increase in well crafted phishing messages should be a strong motivator to increase awareness training for our end users.

https://blog.knowbe4.com/cybercriminals-double-down-on-what-works-nearly-doubling-the-number-of-phishing-attacks-in-2018

“FINAL WARNING” email – have they really hacked your webcam?

I continue to see more and more of these scare tactic emails arriving in the mailboxes of friends, customers, and colleagues.  These are, admittedly often well crafted messages designed to play on the darkest fears of humanity and they utilize some very basic techniques to build a sense of legitimacy.

This article provides a good overview of the attack/phish and hopefully will ease some concerns.

https://nakedsecurity.sophos.com/2019/03/13/final-warning-email-have-they-really-hacked-your-webcam/

The Highs and Lows of Patch Tuesday

We face quite a bit of patching work this week.  Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP.  Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management.  Adobe has also released multiple patches across their application suites including some patches specific to Photoshop.  To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.

All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.

Please review your environments, including your third party applications and web server platforms, and patch accordingly.

https://www.securityweek.com/adobe-patches-flaws-sandbox-photoshop-digital-editions

https://nakedsecurity.sophos.com/2019/03/14/update-now-microsofts-march-2019-patch-tuesday-is-here/

https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability

https://threatpost.com/cisco-patches-critical-default-password-bug/142814/

Cisco Patches Two Dozen Serious Flaws in Nexus Switches

We all tend to get caught up in patching and updating our Windows environments and, when time permits, tackling the 3rd party patch needs that come with Adobe, Java and other add-on applications.  Don’t lose sight of your network infrastructure and the firmware that powers your network backplanes and critical edge devices.  Please review your environments and update your Cisco devices accordingly.

https://www.securityweek.com/cisco-patches-two-dozen-serious-flaws-nexus-switches

Latest Chrome update plugs a zero-day hole

I particularly like the title from the linked article from “The Register” – “Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)” .  It is imperative that we all patch these types of zero day vulnerabilities, especially once they are active in the wild.  Review and patch accordingly!

https://www.theregister.co.uk/2019/03/07/google_chrome_zero_day/

https://www.welivesecurity.com/2019/03/07/latest-chrome-update-plugs-zero-day-hole/