Computer Safety & News

Cisco is actively patching products & corporate ADMINs should check for applicable fits where patching is needed

https://www.us-cert.gov/ncas/current-activity/2020/01/24/cisco-releases-security-updates
https://www.us-cert.gov/ncas/current-activity/2020/01/23/cisco-releases-security-updates
https://tools.cisco.com/security/center/publicationListing.x

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Microsoft Framework offers a robust & secure communications foundation for applications to communicate to data bases & the cloud.  Version 5 will move to a more open design as shared in article below

https://redmondmag.com/articles/2019/12/31/coming-in-2020-net-5.aspx

Due in November 2020, .NET 5 (no “Core” and no “Framework”) will mark the transition from the aging, proprietary, Windows-only .NET Framework to a modern, open source, cross-platform .NET.  Microsoft has said the first .NET 5 preview is expected in the first half of 2020 combining separate source code streams such as .NET Framework, the existing .NET Core and Xamarin/Mono, and including components such as ASP.NET Core and Entity Framework Core.

Shlayer is most prevalent Apple Mac attack in 2020 & can be avoided by simply avoiding fake Adobe Flash updates

https://lifehacker.com/how-to-avoid-the-most-popular-mac-malware-shlayer-1841207308

According to a recent Kaspersky investigation, the “Shlayer” malware—which deploys an “Any Search” bar on a victim’s computer through fake Adobe Flash updates, of all things—is the most popular Mac malware. Ars Technica has a detailed breakdown of the investigation that is worth a read.  Most malware and adware-deploying ads can be circumvented with an adblocking browser or content-blocking extension, and an anti-virus or anti-malware program will catch threats before they’re installed.  There’s no reason to install, update, or use Flash Player to access online content in 2020, save for very rare exceptions. If you need to download Flash, get it directly from Adobe. Nowhere else.

Active security monitoring of corporate networks is an essential task to ensure the utmost protections are in place.  This entails the following steps: (1) Knowing network in depth (2) examine & inspect key logs (3) evaluate for unusual spikes of activity (4) improve network controls & eliminate any threats discovered

https://isc.sans.edu/forums/diary/Is+Threat+Hunting+the+new+Fad/25746/

That is a tall order, where do we start? There first step is to know the network I’m defending. In order to do this well, it means to have a pretty good knowledge what the network looks like (i.e. network diagrams, traffic flows, client → server relationship, etc) and the type of activity considered normal. Anything deviating from that “normal” need to be investigated. The next step is to collect the logs that will help with the hunt; such as host and network logs to fuse traffic flow in a way that can help identify unusual pattern of activity.

Some of the logs that might be important to collect (not exhaustive) might be: proxy, web & application servers, DNS, host-based, antivirus, EndPoint Detection Response (EDR), firewall, etc. In the end, each organization is unique. Using the Mitre ATT&CK framework can help the hunt by identifying the tactics and techniques that will help capture the most promising logs to detect and identify unusual behavior happening in the network.

https://www.digitaltrends.com/computing/best-wireless-routers/

Your router is a silent, dedicated companion connecting all your devices to the internet. It’s an important — and necessary — part of your network. Luckily, we know the best wireless routers that get the job done, whether you’re a PC gamer looking for the ultimate connection or simply want easy, whole home or office coverage. After reviewing the top routers on the market, our current favorite is the Netgear R6700 Nighthawk   It’s simply a great fit for most consumers. We also list routers for specific use cases, like gaming, high performance, wallet-friendly, and more.

The best wireless routers at a glance

• • The best wireless router: Netgear R6700 Nighthawk AC1750
  • The best high-performance router: TP-Link Archer AX6000
  • The easiest wireless router to use: Google Nest WiFi
  • The best budget wireless router: TP-Link AC1200
  • The best home router kit: Eero Home Wi-Fi
  • The best gaming router: Asus ROG Rapture GT-AC5300

https://www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guidance-mitigating-cloud-vulnerabilities

https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF

The National Security Agency (NSA) has identified cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures.  CISA encourages administrators and users to review NSA’s guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Targeting IT Service Provider Customers and Analysis Report on Microsoft Office 365 and other Cloud Security Observations for information on implementing a defense-in-depth strategy to protect infrastructure assets.

Starting in 2020 Google Chromebooks will receive 8 years of support rather than the current 6 1/2 years

https://www.pcmag.com/news/google-promises-8-years-of-updates-for-new-chromebooks

Existing Chromebooks typically receive automatic software and security updates for 6.5 years after a model’s introduction. However, for 2020 and beyond all new Chromebooks are set to receive eight years of automatic updates. The two new Chromebooks Google uses as examples are the Lenovo 10e Chromebook Tablet and Acer Chromebook 712, both of which will receive updates until June 2028.

EMOTET is one of the most active threats in circulation & CISA shares awareness of increased activity in-the-wild

https://www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.

CISA recommends users and administrator adhere to the following best practices to defend against Emotet. See CISA’s Alert on Emotet Malware for detailed guidance.

• Block email attachments commonly associated with malware (e.g.,.dll and .exe).
• Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
• Implement Group Policy Object and firewall rules.
• Implement an antivirus program and a formalized patch management process.
• Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
• Adhere to the principle of least privilege.
• Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
• Segment and segregate networks and functions. 
• Limit unnecessary lateral communications.

CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

CISA Alert Emotet Malware

Australian Cyber Security Centre (ACSC) Advisory Emotet Malware Campaign

CISA Tip Protecting Against Malicious Code

A non-secure server was discovered by Microsoft containing customer data for over 250M users. While no payment or credit card numbers were present for customers, there were sensitive fields that could be used in future support fake scam calls, emails, or website. Microsoft quickly fixed all issues & shares as awareness to it’s customers

https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#2f4605b14d1b

Report: 250 million Microsoft customer service and support records exposed on the web

A new report reveals that 250 million Microsoft customer records, spanning 14 years, have been exposed online without password protection

Those records were customer service and support logs detailing conversations between Microsoft support agents and customers from across the world. Incredibly, the unsecured Elasticsearch servers contained records spanning a period from 2005 right through to December 2019. When I say unsecured, I mean that the data was accessible to anyone with a web browser who stumbled across the databases: no authentication at all was required to access them, according to the Comparitech report.

However, the researchers say that many contained plain text data including customer email addresses, IP addresses, geographical locations, descriptions of the customer service and support claims and cases, Microsoft support agent emails, case numbers and resolutions, and internal notes that had been marked as confidential. This may seem like no big deal in the overall scheme of things, but when you consider that Microsoft support scams are pretty rampant, it doesn’t take a genius to work out how valuable such information would be to the fraudsters carrying out such attacks.

The FBI, CISA & ISC share warnings regarding highly sophisticated fake employment scams that are designed to capture sensitive personal data such as social security numbers or bank account information

https://www.ic3.gov/media/2020/200121.aspx

https://www.us-cert.gov/ncas/current-activity/2020/01/22/ic3-issues-alert-employment-scams

The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber criminals will conduct fake interviews and even offer positions to victims before requesting PII such as Social Security numbers and bank account information.   CISA encourages users and administrators to review the IC3 Alert and CISA’s Tips on Avoiding Social Engineering and Phishing Attacks and Website Security for more information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.