A Surge in Malicious Email – Like we had nothing else planned in the 4th Quarter…

Though the general report content of this article is not surprising, the stats provided are very helpful in terms of planning and training for end users dealing with an influx of SPAM and malicious emails. The analysis performed by the team at Tessian is quite thorough and provides some great insight around targeted industries and email delivery timing. Enjoy the read…

https://www.infosecurity-magazine.com/news/malicious-email-surge-q4/

Patch Tuesday – September 2021 Edition

Several important patches and updates have been released by Microsoft and other vendors this week that deserve our immediate attention. Both Apple and Microsoft have addressed zero day vulnerabilities and Microsoft has even released yet another attempted fix for the PrintNightmare vulnerability.

Enjoy these two articles for additional details:

https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/

https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/

Apple’s Urgent Updates – Interesting How’s and Why’s

By now, I imagine most of you are aware of the updates released by Apple to address to zero day vulnerabilities in Apple iOS, Apple WatchOS and Big Sur 11.6. Apple announced that these exploits are in the wild and actively in use. Needless to say, updates your devices as soon as possible to defend against these threats. The larger story behind the “why” of these zero day exploits caught my attention and deserves a little more attention.

Knowledge of these vulnerabilities came as the result of the work at the University of Toronto’s Citizens Lab and the Lab’s research on the exploit “FORCEDENTRY”. Ultimately, it was determined aspects of this exploit were weaponized by Israeli surveillance vendor NSO Group and sold to multiple world government agencies including the government of Bahrain for use in spying against opposition leaders and dissidents. As the Hacker News reported, NSO Group engineers are facilitating ‘despotism-as-a-service’ to the highest bidder.

It would be completely naive to think that this type of offense exploit development is not taking place at every level of government around the world including within the walls of several US government agencies. I am particularly disturbed in this situation by the lack of discretion in client choice by the NSO Group and the open monetization of this tool to oppressive governments. I expect more of our democratic allies. That said, I believe my expectations are misplaced.

The world is changing and we need to be prepared to defend ourselves against the output of these vendors – the exploits and root kits and tools – as they get leaked to cybercriminals everywhere via the DarkWeb. Stay patched. Faithfully use MFA. Build layered defenses. Be diligent and stay prepared.

https://www.infosecurity-magazine.com/news/apple-patch-pegasus-spyware/

https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html

Great Government Resource – StopRansomware.gov

Rarely do I get terribly excited about a new .Gov website, but I think this new initiative from the team at CISA is worth talking about. CISA (Cybersecurity and Infrastructure Security Agency) has established StopRansomware.gov as a resource to businesses, agencies and K-12 administrations to help fight the battle against this plague we call ransomware. This new site pools resources and information along with training material and a reporting mechanism into a one-stop portal. Fight the good fight against ransomware and take a look at StopRansomware.gov.

https://www.stopransomware.gov

Think before you….scan?

Think before you click has been a mantra for IT security awareness trainers for many years. Now, thanks to the ever present QR code and the creative minds of cybercriminals everywhere, society needs to pause and think before you scan. Cyber bad guys are replacing QR codes or embedding malicious codes all over the place, redirecting unsuspecting scanners to malicious sites or trolling them for personal information.

Stay ever vigilant and be careful before you follow those links.

Enjoy this article from ThreatPost:

https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/

The Reoccurring PrintNightmare

Microsoft has issued a warning and confirmed yet another print spooler related zero day vulnerability. This issue continues to be a thorn in the side of Microsoft and its customers and feels very much like a moving target for everyone attempting to protect organizations from this threat.

If unneeded, please make sure to stop print spooler services wherever possible.

Enjoy this coverage article from the team at ThreatPost:

https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/

Accenture Under Attack – Lockbit 2.0

Another day, another ransomware attack – but this particular attack has a few new wrinkles and plenty of reasons to be concerned. Accenture, as large global IT consultancy, has had a target on its back for some time and this attack continues the trend of cyber bad guys looking for new entry points via service providers and consulting groups. This attack comes not only with the threat of lost data but also with the threat of data exposure if the ransom is not paid. Extortion is a new and frightening trend in the criminal ransomware industry that truly ramps up the need for additional layers of protection against a ransomware infection. The best backups in the world cannot prevent data exposure in these new extortion situations.

Additionally, the feature set in the Lockbit 2.0 package has expanded to include new recruitment ad functions, threat wallpapers, and the ability to encrypt entire domains via group policy hijacks.

Enjoy this read from the good people at InfoSecurity:

https://www.infosecurity-magazine.com/news/accenture-tied-up-in-50m-ransom/

ThreatPost – Phishing Campaign Dangles SharePoint File-Shares

I have been adding SharePoint scenarios to my phishing awareness training sessions throughout the year for this very reason. The file share component that has become so familiar and convenient to so many of us over the last 18 months is a perfect target for exploitation. During the “work from home” days of COVID-19, SharePoint and its cousins Microsoft Teams and OneDrive, have become day-in / day-out tools for many of us, so those alert messages from Microsoft letting us know content has been shared with us have become so common and expected that we barely pay them any notice. This is a serious threat.

We need to pay attention and we need to realize that our new, convenient habits quickly evolve into targets of opportunity for cybercriminals the world over. Pay heed to this article from the great team at ThreatPost.

Link to Article

SANS Ouch! Newsletter – Securely Using the Cloud

The SANS Ouch! newsletter has always been one of my favorite sources of security awareness content. Whether you simply need a reminder of good sound security practices or you are brand new to a topic, the guest writers always seem to do a great job of presenting timely content in an approachable format.

This month is no different. Understanding the Cloud and how to best approach selection and use of a service is both topical and important. I would certainly echo the advice presented in this article. I would particularly dwell on the recommendation to utilize some form of two-step or multi-factor authentication for any service chosen if available. I would take the added step of recommending you not choose a service if MFA was not an option.

Enjoy the read!

https://www.sans.org/newsletters/ouch/securely-using-the-cloud/