Great Government Resource – StopRansomware.gov

Rarely do I get terribly excited about a new .Gov website, but I think this new initiative from the team at CISA is worth talking about. CISA (Cybersecurity and Infrastructure Security Agency) has established StopRansomware.gov as a resource to businesses, agencies and K-12 administrations to help fight the battle against this plague we call ransomware. This new site pools resources and information along with training material and a reporting mechanism into a one-stop portal. Fight the good fight against ransomware and take a look at StopRansomware.gov.

https://www.stopransomware.gov

Think before you….scan?

Think before you click has been a mantra for IT security awareness trainers for many years. Now, thanks to the ever present QR code and the creative minds of cybercriminals everywhere, society needs to pause and think before you scan. Cyber bad guys are replacing QR codes or embedding malicious codes all over the place, redirecting unsuspecting scanners to malicious sites or trolling them for personal information.

Stay ever vigilant and be careful before you follow those links.

Enjoy this article from ThreatPost:

https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/

The Reoccurring PrintNightmare

Microsoft has issued a warning and confirmed yet another print spooler related zero day vulnerability. This issue continues to be a thorn in the side of Microsoft and its customers and feels very much like a moving target for everyone attempting to protect organizations from this threat.

If unneeded, please make sure to stop print spooler services wherever possible.

Enjoy this coverage article from the team at ThreatPost:

https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/

Accenture Under Attack – Lockbit 2.0

Another day, another ransomware attack – but this particular attack has a few new wrinkles and plenty of reasons to be concerned. Accenture, as large global IT consultancy, has had a target on its back for some time and this attack continues the trend of cyber bad guys looking for new entry points via service providers and consulting groups. This attack comes not only with the threat of lost data but also with the threat of data exposure if the ransom is not paid. Extortion is a new and frightening trend in the criminal ransomware industry that truly ramps up the need for additional layers of protection against a ransomware infection. The best backups in the world cannot prevent data exposure in these new extortion situations.

Additionally, the feature set in the Lockbit 2.0 package has expanded to include new recruitment ad functions, threat wallpapers, and the ability to encrypt entire domains via group policy hijacks.

Enjoy this read from the good people at InfoSecurity:

https://www.infosecurity-magazine.com/news/accenture-tied-up-in-50m-ransom/

ThreatPost – Phishing Campaign Dangles SharePoint File-Shares

I have been adding SharePoint scenarios to my phishing awareness training sessions throughout the year for this very reason. The file share component that has become so familiar and convenient to so many of us over the last 18 months is a perfect target for exploitation. During the “work from home” days of COVID-19, SharePoint and its cousins Microsoft Teams and OneDrive, have become day-in / day-out tools for many of us, so those alert messages from Microsoft letting us know content has been shared with us have become so common and expected that we barely pay them any notice. This is a serious threat.

We need to pay attention and we need to realize that our new, convenient habits quickly evolve into targets of opportunity for cybercriminals the world over. Pay heed to this article from the great team at ThreatPost.

Link to Article

SANS Ouch! Newsletter – Securely Using the Cloud

The SANS Ouch! newsletter has always been one of my favorite sources of security awareness content. Whether you simply need a reminder of good sound security practices or you are brand new to a topic, the guest writers always seem to do a great job of presenting timely content in an approachable format.

This month is no different. Understanding the Cloud and how to best approach selection and use of a service is both topical and important. I would certainly echo the advice presented in this article. I would particularly dwell on the recommendation to utilize some form of two-step or multi-factor authentication for any service chosen if available. I would take the added step of recommending you not choose a service if MFA was not an option.

Enjoy the read!

https://www.sans.org/newsletters/ouch/securely-using-the-cloud/