Computer Safety & News

As thousands of COVID-19 themed websites have suddenly materialized — SANS ISC team is requesting test assistance to help identify fake or malicious sites as per following websites. Volunteers should be technically adept, versed in cyber-security concepts & use highly fortified security settings to avoid security/privacy issues.

https://isc.sans.edu/forums/diary/Covid19+Domain+Classifier/25958/

https://isc.sans.edu/covidclassifier.html

These last couple of weeks, criminals have been using COVID-19 for everything from selling fake cures to phishing. Every day, several thousand domains are registered for COVID-19 related keywords. We are trying to identify the worst, and classify the domains into different risk categories. If you have some time this weekend, please help us out by checking out some of these domains. To participate, see https://isc.sans.edu/covidclassifier.html The domain data is based on a feed provided by Domaintools and we will make the results of this effort public for download as soon as we have a “critical mass” of responses.

Practical and Tactical Techniques for Managing Remote Teams

Managing a remote team is new territory for many businesses. In order to help manage effective and productive virtual teams, implement these useful tips and suggestions:

Keep in mind that when one person is remote, everyone is remote to that person.
Get the business done quickly by keeping meetings as short in duration as possible.
Virtual team leaders should connect directly with each team member at least once a week.
Make sure you have an agenda for your virtual meetings along with a specific time frame.
Create a virtual culture of communication.
Share the responsibility for organizing and facilitating meetings
Clearly define the expectations for the virtual team regarding assignments
Require routine technology checks to ensure everyone remains connected.
Reinforce cyber security and protection of company’s intellectual property.
Keep in mind team members across multiple time zones when balancing meeting schedules.
Remain sensitive to cultural differences
Remote teams limit the “casual office talk” that many people enjoy
Test the technology before a virtual meeting begins & use one standard platform for everyone.

VPN security is a must for the new work-from-home paradigm & very sharp spike in usage have occurred during our more restricted business settings. 

https://www.pcmag.com/news/vpns-are-a-valuable-tool-in-covid-19-times

VPNs are a major piece of internet infrastructure holding together the work-from-home workforce right now. VPNs encrypt web traffic, keeping data safe and protecting privacy. You may have a corporate VPN that you connect to for work, or you can elect to use one for yourself. During the last two weeks of the COVID-19 crisis, VPN usage in the United States has gone up 124 percent. In that same period in Italy, it has gone up 160 percent, according to Atlas VPN. In these countries where social distancing is a necessity, VPN provides a way to make online behavior safer, while working remotely.

https://www.us-cert.gov/ncas/current-activity/2020/03/25/apple-releases-security-updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

• • iCloud for Windows 7.18
  • iCloud for Windows 10.9.3
  • iTunes 12.10.5 for Windows
  • iOS 13.4 and iPadOS 13.4
  • Safari 13.1
  • watchOS 6.2
  • tvOS 13.4
  • macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
  • Xcode 11.4

Spotlight on Virtual Teams – What makes them work?

A virtual team is defined as a group of individuals who work exclusively by using communication technologies to interact with one another while in different areas, and often, different time zones.

What are some of the benefits of virtual teams?

• • Ability to work asynchronously, from anywhere
  • The team can consist of the best of the best (best personnel resources by skill, not limited by location)
  • Reduced expenses and increased productivity

Key milestone reached for WIN10:

https://redmondmag.com/articles/2020/03/16/windows-10-reaches-1-billion.aspx

https://blogs.windows.com/windowsexperience/2020/03/16/windows-10-powering-the-world-with-1-billion-monthly-active-devices/

Microsoft announced on Monday that Windows 10 is now on more than 1 billion “monthly active devices.”  The 1 billion number is noteworthy for being a goal that Microsoft had set for itself back in 2015, when Terry Myerson, then-executive vice president for Windows, had predicted it

CISA & other security agencies are working to enhance cyber-security protection for Health &  Human Services during COVID-19 pandemic

https://www.cisa.gov/news/2020/03/16/cisa-statement-reported-hhs-cyber-activity

CISA will continue to support our partners at HHS as they protect their IT systems. CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.

Due to the O/S design, Windows 7 systems are most at risk for Adobe font zero day recently discovered & users must exercise caution with all links & email attachments. To a lesser extent, Windows 10 users are still at risk if good security is not in place.

https://redmondmag.com/articles/2020/03/23/critical-flaw-in-windows-preview-pane.aspx

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006

https://kb.cert.org/vuls/id/354840/

Microsoft on Monday issued Security Advisory ADV200006 for a “Critical”-rated remote code execution vulnerability in both supported and unsupported Windows systems. The vulnerability, associated with the Adobe Type Manager Library in Windows systems, has been exposed to “limited, targeted attacks,” per the advisory. The library “improperly handles a specially crafted multi-master font.” This flaw can be exploited by “convincing a user to open a specially crafted document or viewing it in the Windows [Explorer] Preview pane.”

– – – – – – – – – – – – – – – – – – – – –

There’s no patch currently available. Microsoft’s advisory offered three “workarounds” to implement, but they all have limitations. The advisory suggested that patches, when available, would arrive on a normal “update Tuesday” patch release date, which happens on the second Tuesday of each month. The next update Tuesday date will be April 14. Newer Windows systems, such as Windows 10, are better protected against an exploit attempt because AppContainer technology limits what an attack can do.

As needs have increased to check on family & friends — keeping calls to limited amount of time can help carriers during paradigm shift of working from home.   VOICE activity has increased so dramatically some areas have had outages & this is worthwhile to share for awareness:

https://www.pcmag.com/news/voice-calling-spikes-under-covid-19-lockdowns-but-home-internet-holds-up

Americans want to talk to each other. Initial stats from wireless providers are showing that coronavirus-related lockdowns are resulting in a huge spike in home voice calling and in Wi-Fi calling on cell phones, as Americans reach out to their friends and family. So far, though, unlike in the UK and Canada, we haven’t seen any major calling-related outages in the US.    The rise in home internet use and voice calling hasn’t come with a similar spike in LTE data traffic, though, as you’d expect. People just aren’t out and about.  Those systems can clog up even if the network as a whole is not overloaded.

John Maxwell shares an excellent outline of leadership techniques for new virtual teams who now must work from their homes until worst of outbreak has passed

A Message to Our Clients and Partners Regarding COVID-19

Like so many other businesses, we place the safety and health of people first. We have encouraged all our staff to immediately begin working from home and have instituted a daily check-in procedure to help mitigate the sudden shift in routine. We’ve chosen to use tools like Zoom, Slack, and good old email to facilitate our communication, and I want to share with you our strategy for making the virtual office a success for you to consider as well:

1. Daily provide a message of hope and leadership (5 Minutes)
2. Review the current initiatives in place for the next 7 days and determine where we need to pivot and what we need to keep.
3. Assess what can we do differently today to intelligently and tastefully add value to our community to encourage people to continue investing in their growth.
4. Provide clarity of responsibility and ownership on key Action Items.
5. Create space for teammates to ask any outstanding questions.