1:M Cyber Security News 10/16/20

Happy Friday guys,

First and foremost, please patch all of your Microsoft Windows systems ASAP (which I hope you have set to automatically update regularly anyway :)). There is a nasty Windows bug that has surfaced, and it has the potential to cause a lot of issues if not addressed.

https://nakedsecurity.sophos.com/2020/10/14/windows-ping-of-death-bug-revealed-patch-now/

OK, well as usual, its never a dull moment in the IT Security world. Below are some incredible articles I cherry-picked for your guys. Enjoy!

=================

A very insightful article detailing the extent to which the U.S. government is going to protect the security of the entire supply chain for the much researched and sought after Covid-19 vaccine. This has major geopolitical, economic and national security implications it is hijacked by Russia, Iran, China or any other country, so the U.S. government isn’t taking any chances at all

• https://www.cyberscoop.com/operation-warp-speed-coronavirus-vaccine-cybersecurity-dds-nsa-dhs-cisa-fbi-hhs/?

———–

We are starting to hear a lot more stories about how the U.S. Cyber Command is actively hacking enemy targets across the world now, or as they call it “persistent engagement” They are basically trying to keep their cyber enemies on their toes at all times, so they are spending time and resources defending themselves, rather than being able to attack US targets. In this particular story, U.S. Cyber Command (as well as Microsoft and other private tech companies it turned out) started to disrupt the huge TrickBot botnet of 2 million+ PCs a few weeks ago, ahead of the U.S. election. They did this by pushing a fake update designed to stop the malware from communicating with the bot operators, as well as taking control of their Command & Control server domains. I personally find these stories to be amazing!

• https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html

———–

This is how good the bad guys have become. It took this one particular cyber gang only 29 hours, from the initial phishing email, to having fully encrypted an entire company network, and then asking for a $6 million ransom to have their data decrypted and returned to them. WOW!

• https://www.securityweek.com/anatomy-ryuk-attack-29-hours-initial-email-full-compromise

———–

Extremely useful guides by CISA and MS-ISAC that help you both prepare for an unfortunate Ransomware attack, as well as what to actually do if you are ever hit by one.

• https://www.cisa.gov/publication/ransomware-guide

• https://www.tripwire.com/state-of-security/featured/what-first-when-your-company-suffers-ransomware-attack/

———–

Explosive bombshell by a former Facebook employee who was fired, after she kept trying to escalate what she saw as numerous foreign governments using Facebook to manipulating their own voters. These manipulations obviously had huge internal, as well as international ripple effects, if they are true. As usual, Facebook didn’t defend their position well at all.

• https://www.buzzfeednews.com/article/craigsilverman/facebook-ignore-political-manipulation-whistleblower-memo

———–

Now we are seeing how cyber attacks are having real world effects on human health, and even causing fatalities. A widespread ransomware attack on a hospital in Germany caused the death of one of their patients, after an ambulance was forced to take the patient to another facility an hour away for treatment. Unfortunately the patient died before she was able to be treated.

• https://www.theverge.com/2020/9/28/21482304/ransomware-outage-hospital-chain-cybersecurity

• https://www.securityweek.com/german-hospital-hacked-patient-taken-another-city-dies

———–

The new iOS 14 that came out recently has some very cool features, such as some major ad/tracker blocking features (that even Facebook is threatening to sue over now because they said it could impact 50% of their revenue!). Also, their newer Keychain version will not only tell you if any of your passwords are easily guessable, but also if they have been previously breached on the Internet

• https://www.bleepingcomputer.com/news/apple/hands-on-with-ios-14s-new-data-breach-notification-feature/

• https://www.wired.com/story/ios-14-privacy-security-features/

———–

Some more good information on how to lock down your home network, especially now that most of us are working from home a majority the time:

• https://nakedsecurity.sophos.com/2020/10/08/8-tips-to-tighten-up-your-work-from-home-network/

———–

Awesome news: Microsoft Edge & IE are ending support for Flash on New Year’s Eve. Next year, Adobe Flash Player will be disabled by default and versions of Flash older than the June 2020 release will be blocked. Adobe will stop updating and distributing Flash at the end of 2021 as well. We can’t wait for Flash to disappear altogether.

———–

Valuable resource to check on if you feel any of your identity has been stolen on the Internet:

• https://identitytheft.gov/Info-Lost-or-Stolen

———–

Type any website URL into this BlackLight tool, and it will tell you who all the trackers are that are running in the background, as well as what they are up to. Trust me, this tool will really make your blood boil!

• https://themarkup.org/blacklight

Passwordmanager.com recently published a comprehensive article on password managers to help consumers understand this essential first line of defense in protecting their personal data from cybercriminals. Their team of experts spent 1000’s of hours researching and analyzing all the password management tools currently available in order to create this helpful guide. Check it out:

———–

The newest YubiKey 5C NFC is out and it comes with USB-C and NFC, which basically means you can use it on computers as WELL as your smartphone. It costs $55.

• https://www.zdnet.com/article/the-usb-security-key-that-everyone-has-been-wanting/

———–

#ClickGameOver