It thrills me to be able to post an article with this title. I honestly do not believe there is anything more important and more impactful to the overall security of any organization than effective user awareness training. An increase in effective training is an increase in overall security.
I have been a student of and an advocate for the SANS Institute for many years. Lance Spitzner and his team do a marvelous job spreading the word of awareness and safety online. This report is a good resource and a worthwhile read. Enjoy!
Just when you thought it was safe to go back into the water….or at least to sail upon it. In all seriousness, these types of warnings and attacks are indicative of the lengths to which cybercriminals will go to steal, pillage and attack. Be cautious and take the time to evaluate cybersecurity controls at every level of your organization.
This situation is a great example of the importance of patch and firmware management. Just because a system is hosted in the cloud, it does not mean that you are not responsible for parts if not all of the patch and firmware oversight. Pay close attention to your service level agreements and other cloud services documentation.
If you are using these particular Azure services from Microsoft, please review this content and patch accordingly.
It’s that time again when we all get to evaluate our PC and server environments and kick off our monthly patching processes. Please take a look at the changes this month and patch accordingly. And please don’t forget your at-home devices. Patching is not just a business process. All computers and workstations and laptops need to be patched and updated on a regular basis.
This is an interesting admission by the team at Google. Though they have not confirmed the number of affected enterprise customers, I know it least one local organization that was contacted by Google concerning this unintentional data leak. Fortunately, that organization had ceased using the service some time ago.
It does appear that Google has remediated the problem. That said, any potentially affected organization should address password reuse and other related opportunities to mitigate the risk.