Patch Tuesday – September 2021 Edition

Several important patches and updates have been released by Microsoft and other vendors this week that deserve our immediate attention. Both Apple and Microsoft have addressed zero day vulnerabilities and Microsoft has even released yet another attempted fix for the PrintNightmare vulnerability.

Enjoy these two articles for additional details:

https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/

https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/

Apple’s Urgent Updates – Interesting How’s and Why’s

By now, I imagine most of you are aware of the updates released by Apple to address to zero day vulnerabilities in Apple iOS, Apple WatchOS and Big Sur 11.6. Apple announced that these exploits are in the wild and actively in use. Needless to say, updates your devices as soon as possible to defend against these threats. The larger story behind the “why” of these zero day exploits caught my attention and deserves a little more attention.

Knowledge of these vulnerabilities came as the result of the work at the University of Toronto’s Citizens Lab and the Lab’s research on the exploit “FORCEDENTRY”. Ultimately, it was determined aspects of this exploit were weaponized by Israeli surveillance vendor NSO Group and sold to multiple world government agencies including the government of Bahrain for use in spying against opposition leaders and dissidents. As the Hacker News reported, NSO Group engineers are facilitating ‘despotism-as-a-service’ to the highest bidder.

It would be completely naive to think that this type of offense exploit development is not taking place at every level of government around the world including within the walls of several US government agencies. I am particularly disturbed in this situation by the lack of discretion in client choice by the NSO Group and the open monetization of this tool to oppressive governments. I expect more of our democratic allies. That said, I believe my expectations are misplaced.

The world is changing and we need to be prepared to defend ourselves against the output of these vendors – the exploits and root kits and tools – as they get leaked to cybercriminals everywhere via the DarkWeb. Stay patched. Faithfully use MFA. Build layered defenses. Be diligent and stay prepared.

https://www.infosecurity-magazine.com/news/apple-patch-pegasus-spyware/

https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html

Great Government Resource – StopRansomware.gov

Rarely do I get terribly excited about a new .Gov website, but I think this new initiative from the team at CISA is worth talking about. CISA (Cybersecurity and Infrastructure Security Agency) has established StopRansomware.gov as a resource to businesses, agencies and K-12 administrations to help fight the battle against this plague we call ransomware. This new site pools resources and information along with training material and a reporting mechanism into a one-stop portal. Fight the good fight against ransomware and take a look at StopRansomware.gov.

https://www.stopransomware.gov

Think before you….scan?

Think before you click has been a mantra for IT security awareness trainers for many years. Now, thanks to the ever present QR code and the creative minds of cybercriminals everywhere, society needs to pause and think before you scan. Cyber bad guys are replacing QR codes or embedding malicious codes all over the place, redirecting unsuspecting scanners to malicious sites or trolling them for personal information.

Stay ever vigilant and be careful before you follow those links.

Enjoy this article from ThreatPost:

https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/

The Reoccurring PrintNightmare

Microsoft has issued a warning and confirmed yet another print spooler related zero day vulnerability. This issue continues to be a thorn in the side of Microsoft and its customers and feels very much like a moving target for everyone attempting to protect organizations from this threat.

If unneeded, please make sure to stop print spooler services wherever possible.

Enjoy this coverage article from the team at ThreatPost:

https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/

Accenture Under Attack – Lockbit 2.0

Another day, another ransomware attack – but this particular attack has a few new wrinkles and plenty of reasons to be concerned. Accenture, as large global IT consultancy, has had a target on its back for some time and this attack continues the trend of cyber bad guys looking for new entry points via service providers and consulting groups. This attack comes not only with the threat of lost data but also with the threat of data exposure if the ransom is not paid. Extortion is a new and frightening trend in the criminal ransomware industry that truly ramps up the need for additional layers of protection against a ransomware infection. The best backups in the world cannot prevent data exposure in these new extortion situations.

Additionally, the feature set in the Lockbit 2.0 package has expanded to include new recruitment ad functions, threat wallpapers, and the ability to encrypt entire domains via group policy hijacks.

Enjoy this read from the good people at InfoSecurity:

https://www.infosecurity-magazine.com/news/accenture-tied-up-in-50m-ransom/

ThreatPost – Phishing Campaign Dangles SharePoint File-Shares

I have been adding SharePoint scenarios to my phishing awareness training sessions throughout the year for this very reason. The file share component that has become so familiar and convenient to so many of us over the last 18 months is a perfect target for exploitation. During the “work from home” days of COVID-19, SharePoint and its cousins Microsoft Teams and OneDrive, have become day-in / day-out tools for many of us, so those alert messages from Microsoft letting us know content has been shared with us have become so common and expected that we barely pay them any notice. This is a serious threat.

We need to pay attention and we need to realize that our new, convenient habits quickly evolve into targets of opportunity for cybercriminals the world over. Pay heed to this article from the great team at ThreatPost.

Link to Article

SANS Ouch! Newsletter – Securely Using the Cloud

The SANS Ouch! newsletter has always been one of my favorite sources of security awareness content. Whether you simply need a reminder of good sound security practices or you are brand new to a topic, the guest writers always seem to do a great job of presenting timely content in an approachable format.

This month is no different. Understanding the Cloud and how to best approach selection and use of a service is both topical and important. I would certainly echo the advice presented in this article. I would particularly dwell on the recommendation to utilize some form of two-step or multi-factor authentication for any service chosen if available. I would take the added step of recommending you not choose a service if MFA was not an option.

Enjoy the read!

https://www.sans.org/newsletters/ouch/securely-using-the-cloud/

Its been a very busy year…

So I find myself writing my first blog post in a very long while sitting in a very strange location. It’s filled with nice office furniture, a comfortable chair, multiple monitors and computers, and a standing desk. I have a distant memory, even a vague notion I have been here before. And then it hits me – I remember! This is my office…at work…and not my basement.

Like so many Americans and so many people around the world, I went hope last March amid the chaos that was the start of the COVID-19 pandemic. I am entirely grateful to work for an employer who saw the value of protecting and isolating its employees and to work in an industry that was already quite flexible and mobile. We never really lost a step in terms of customer support or project work, but as a team of engineers working together and supporting one another, everything changed.

Microsoft Teams and Cisco WebEx and webcams and headsets became our new best friends. Meetings became video calls. Basements became offices. Lunch table conversations became chat sessions fueled by home kitchen refrigerator raids. Breaks became….well they kind of just faded away. Work and home sort of blended together, but we survived and we worked hard and customers kept running and projects got done.

In the middle of all that, my blog did not get pushed to the back burner. It got propped up on the back ledge of the stove and at some point fell off behind the appliance to become covered in dust and grease and largely forgotten – at least until now. I am back in the office. I am spring cleaning and prepping and getting back into the groove of things. I talk to humans in person again which is a little awkward when you have to fight the urge to press a mute button or turn off your camera only to discover you cannot control the realities of human interaction. And with this newly discovered energy and encouragement, I am going to rededicate myself to sharing my thoughts on security and security news.

Its great to be alive and healthy and able to work. Thank you for your patience! More to come soon!