SANS Security Awareness Report Highlights the Rising Era of Awareness Training

It thrills me to be able to post an article with this title.  I honestly do not believe there is anything more important and more impactful to the overall security of any organization than effective user awareness training.  An increase in effective training is an increase in overall security.

I have been a student of and an advocate for the SANS Institute for many years.  Lance Spitzner and his team do a marvelous job spreading the word of awareness and safety online.  This report is a good resource and a worthwhile read.  Enjoy!

https://blog.knowbe4.com/sans-security-awareness-report-highlights-the-rising-era-of-awareness-training

Advertisements

Malware on the High Seas: US Coast Guard Issues Alert

Just when you thought it was safe to go back into the water….or at least to sail upon it.  In all seriousness, these types of warnings and attacks are indicative of the lengths to which cybercriminals will go to steal, pillage and attack.  Be cautious and take the time to evaluate cybersecurity controls at every level of your organization.

https://www.bankinfosecurity.com/us-coast-guard-warns-maritime-malware-attacks-a-12759

Patch Tuesday – Zero Days and Plenty of Fixes

Please take a moment to review these reference articles, evaluate your environments and patch accordingly.  Be aware that several vulnerabilities addressed in this round of Patch Tuesday updates have potentially active exploits in the wild.

https://www.infosecurity-magazine.com/news/two-zerodays-fixed-in-this-months/

https://nakedsecurity.sophos.com/2019/07/10/two-zero-days-and-15-critical-flaws-fixed-in-julys-patch-tuesday/

https://krebsonsecurity.com/2019/07/patch-tuesday-lowdown-july-2019-edition/

Microsoft Urges Azure Customers to Patch Exim Worm

This situation is a great example of the importance of patch and firmware management.  Just because a system is hosted in the cloud, it does not mean that you are not responsible for parts if not all of the patch and firmware oversight.  Pay close attention to your service level agreements and other cloud services documentation.

If you are using these particular Azure services from Microsoft, please review this content and patch accordingly.

https://www.infosecurity-magazine.com/news/microsoft-urges-azure-customers-to-1/

https://threatpost.com/microsoft-pushes-azure-users-to-patch-linux-systems/145749/

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

It’s that time again when we all get to evaluate our PC and server environments and kick off our monthly patching processes.  Please take a look at the changes this month and patch accordingly.  And please don’t forget your at-home devices.  Patching is not just a business process.  All computers and workstations and laptops need to be patched and updated on a regular basis.

https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/

https://krebsonsecurity.com/2019/06/microsoft-patch-tuesday-june-2019-edition/

Google stored some passwords in plain text for 14 years

This is an interesting admission by the team at Google.  Though they have not confirmed the number of affected enterprise customers, I know it least one local organization that was contacted by Google concerning this unintentional data leak.  Fortunately, that organization had ceased using the service some time ago.

It does appear that Google has remediated the problem.  That said, any potentially affected organization should address password reuse and other related opportunities to mitigate the risk.

https://nakedsecurity.sophos.com/2019/05/23/google-stored-some-passwords-in-plain-text-for-14-years/