Have you noticed a significant increase in phishing messages over the past year? Have you noticed that these messages seem to be better crafted, harder to identify, and generally very sneaky? The stats from the team at KnowBe4 bear out the truth that most of us have been living over the last couple of years.
This significant increase in well crafted phishing messages should be a strong motivator to increase awareness training for our end users.
Kudos to Microsoft for fighting the good fight.
Please review your Cisco implementations and patch accordingly.
https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/
I continue to see more and more of these scare tactic emails arriving in the mailboxes of friends, customers, and colleagues. These are, admittedly often well crafted messages designed to play on the darkest fears of humanity and they utilize some very basic techniques to build a sense of legitimacy.
This article provides a good overview of the attack/phish and hopefully will ease some concerns.
https://nakedsecurity.sophos.com/2019/03/13/final-warning-email-have-they-really-hacked-your-webcam/
We face quite a bit of patching work this week. Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP. Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management. Adobe has also released multiple patches across their application suites including some patches specific to Photoshop. To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.
All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.
Please review your environments, including your third party applications and web server platforms, and patch accordingly.
https://www.securityweek.com/adobe-patches-flaws-sandbox-photoshop-digital-editions
https://nakedsecurity.sophos.com/2019/03/14/update-now-microsofts-march-2019-patch-tuesday-is-here/
https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability
https://threatpost.com/cisco-patches-critical-default-password-bug/142814/
We all tend to get caught up in patching and updating our Windows environments and, when time permits, tackling the 3rd party patch needs that come with Adobe, Java and other add-on applications. Don’t lose sight of your network infrastructure and the firmware that powers your network backplanes and critical edge devices. Please review your environments and update your Cisco devices accordingly.
https://www.securityweek.com/cisco-patches-two-dozen-serious-flaws-nexus-switches
I particularly like the title from the linked article from “The Register” – “Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)” . It is imperative that we all patch these types of zero day vulnerabilities, especially once they are active in the wild. Review and patch accordingly!
https://www.theregister.co.uk/2019/03/07/google_chrome_zero_day/
https://www.welivesecurity.com/2019/03/07/latest-chrome-update-plugs-zero-day-hole/
This is a noteworthy fine, both in terms of the overall enforcement of the COPPA Act and as a general wake up call for parents. Privacy and data loss concerns surrounding social media are very real and affect children and teens everyday. Better situational understanding is needed and precautions are warranted.
https://nakedsecurity.sophos.com/2019/03/04/tiktok-to-pay-record-fine-for-collecting-childrens-data/
Security awareness training is of the utmost importance, and this example of a malicious cable capable of keylogging and code injection is another prime justification for thorough end user education. Please be aware of these types of threats and share this information through real world examples with your end users.
https://blog.knowbe4.com/new-evil-usb-cable-shows-how-attacks-can-leverage-physical-hardware
Virtual Sweater Vest 