Cybersecurity Awareness Month – Don’t Tip Off the Phishing Test!

October is Cybersecurity Awareness Month and as such I am going to make an effort to post as many awareness and training tips and tricks as I can throughout the month. This great article from the team over at Tripwire provides some sound advice – let the phishing test run its course! Enjoy the read and share what you learn. We are all in this cybersecurity battle together!

https://www.tripwire.com/state-of-security/featured/dont-warn-your-co-workers-about-that-phishing-test/

No, It does not appear Facebook was hacked yesterday

Given the timing of the outage for many of Facebook’s platforms yesterday – in the middle of the media storm surrounding a whistleblower from within the company sharing details of the social media giant’s potentially selfish decision making processes – lot’s of people were questioning whether this was a malicious attack against the company’s infrastructure. Alas, it was not, at least according to the engineering team at Facebook.

According an Infrastructure VP at Facebook, this outage stemmed from human error associated with a misconfigured BGP routing update. To be honest, this makes more sense versus a successful targeted external attack. Now, if you really wanted to go full on conspiracy theory, one could question whether the human error was intentional or unintentional, aka a distraction from the press coverage of the whistleblower. But that is not within my prevue.

Enjoy this read on the outage –

https://www.infosecurity-magazine.com/news/facebook-blames-global-outage/

A Surge in Malicious Email – Like we had nothing else planned in the 4th Quarter…

Though the general report content of this article is not surprising, the stats provided are very helpful in terms of planning and training for end users dealing with an influx of SPAM and malicious emails. The analysis performed by the team at Tessian is quite thorough and provides some great insight around targeted industries and email delivery timing. Enjoy the read…

https://www.infosecurity-magazine.com/news/malicious-email-surge-q4/

Patch Tuesday – September 2021 Edition

Several important patches and updates have been released by Microsoft and other vendors this week that deserve our immediate attention. Both Apple and Microsoft have addressed zero day vulnerabilities and Microsoft has even released yet another attempted fix for the PrintNightmare vulnerability.

Enjoy these two articles for additional details:

https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/

https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/

Apple’s Urgent Updates – Interesting How’s and Why’s

By now, I imagine most of you are aware of the updates released by Apple to address to zero day vulnerabilities in Apple iOS, Apple WatchOS and Big Sur 11.6. Apple announced that these exploits are in the wild and actively in use. Needless to say, updates your devices as soon as possible to defend against these threats. The larger story behind the “why” of these zero day exploits caught my attention and deserves a little more attention.

Knowledge of these vulnerabilities came as the result of the work at the University of Toronto’s Citizens Lab and the Lab’s research on the exploit “FORCEDENTRY”. Ultimately, it was determined aspects of this exploit were weaponized by Israeli surveillance vendor NSO Group and sold to multiple world government agencies including the government of Bahrain for use in spying against opposition leaders and dissidents. As the Hacker News reported, NSO Group engineers are facilitating ‘despotism-as-a-service’ to the highest bidder.

It would be completely naive to think that this type of offense exploit development is not taking place at every level of government around the world including within the walls of several US government agencies. I am particularly disturbed in this situation by the lack of discretion in client choice by the NSO Group and the open monetization of this tool to oppressive governments. I expect more of our democratic allies. That said, I believe my expectations are misplaced.

The world is changing and we need to be prepared to defend ourselves against the output of these vendors – the exploits and root kits and tools – as they get leaked to cybercriminals everywhere via the DarkWeb. Stay patched. Faithfully use MFA. Build layered defenses. Be diligent and stay prepared.

https://www.infosecurity-magazine.com/news/apple-patch-pegasus-spyware/

https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html

Great Government Resource – StopRansomware.gov

Rarely do I get terribly excited about a new .Gov website, but I think this new initiative from the team at CISA is worth talking about. CISA (Cybersecurity and Infrastructure Security Agency) has established StopRansomware.gov as a resource to businesses, agencies and K-12 administrations to help fight the battle against this plague we call ransomware. This new site pools resources and information along with training material and a reporting mechanism into a one-stop portal. Fight the good fight against ransomware and take a look at StopRansomware.gov.

https://www.stopransomware.gov

Think before you….scan?

Think before you click has been a mantra for IT security awareness trainers for many years. Now, thanks to the ever present QR code and the creative minds of cybercriminals everywhere, society needs to pause and think before you scan. Cyber bad guys are replacing QR codes or embedding malicious codes all over the place, redirecting unsuspecting scanners to malicious sites or trolling them for personal information.

Stay ever vigilant and be careful before you follow those links.

Enjoy this article from ThreatPost:

https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/

The Reoccurring PrintNightmare

Microsoft has issued a warning and confirmed yet another print spooler related zero day vulnerability. This issue continues to be a thorn in the side of Microsoft and its customers and feels very much like a moving target for everyone attempting to protect organizations from this threat.

If unneeded, please make sure to stop print spooler services wherever possible.

Enjoy this coverage article from the team at ThreatPost:

https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/

Accenture Under Attack – Lockbit 2.0

Another day, another ransomware attack – but this particular attack has a few new wrinkles and plenty of reasons to be concerned. Accenture, as large global IT consultancy, has had a target on its back for some time and this attack continues the trend of cyber bad guys looking for new entry points via service providers and consulting groups. This attack comes not only with the threat of lost data but also with the threat of data exposure if the ransom is not paid. Extortion is a new and frightening trend in the criminal ransomware industry that truly ramps up the need for additional layers of protection against a ransomware infection. The best backups in the world cannot prevent data exposure in these new extortion situations.

Additionally, the feature set in the Lockbit 2.0 package has expanded to include new recruitment ad functions, threat wallpapers, and the ability to encrypt entire domains via group policy hijacks.

Enjoy this read from the good people at InfoSecurity:

https://www.infosecurity-magazine.com/news/accenture-tied-up-in-50m-ransom/