Computer Safety & News

https://www.us-cert.gov/ncas/current-activity/2019/08/21/cisa-insights-ransomware-outbreak

The Cybersecurity and Infrastructure Security Agency (CISA) urges organizations to review CISA Insights – Ransomware Outbreak, implement the recommendations, and visit the CISA resource page on ransomware for more information.  It includes steps in the following key areas to help organizations protect themselves from ransomware attacks:

1. Actions for Today – Make Sure You’re Not Tomorrow’s Headline
2. Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse
3. Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark

In testing the preview version of Microsoft Edge Chrome browser for WIN7 & WIN10, it is much improved over original WIN10 version of Edge.  It has become my default browser (esp. for WIN10). 

Introducing Microsoft Edge Beta: Be one of the first to try it now

Today I’m thrilled to announce that a Beta release for the next version of Microsoft Edge is now available for all supported versions of Windows and macOS. Our goal with Microsoft Edge is to create better web compatibility with better performance for our customers while ensuring less fragmentation of the web for all web developers.

EDGE – chrome version DOWNLOAD site

https://www.microsoftedgeinsider.com/en-us/download/

Talos offers an excellent article on the state of  cybersecurity insurance for business risk mitigation & protection.  Still some sectors are slow to adopt insurance protection – even though policies & protection are improving to keep track on the changing computer landscape

https://blog.talosintelligence.com/2019/08/cyber-insurance-FAQs.html

Even back in 2016, Cisco Talos called the realm of cyber insurance “new and immature.”  But since then, the market has changed drastically, and these kinds of policies are becoming more popular. Still, some businesses have been slow to adopt these policies. According to a study by J.D. Power & Associates and the Insurance Information Institute released in October 2018, 59 percent of businesses still do not have any form of cyber insurance.

The CISA (US-CERT) offers EXCELLENT tips for students returning to school during Fall of 2019

https://www.us-cert.gov/ncas/current-activity/2019/08/20/cyber-safety-students

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices.  The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students

• Stop.Think.Connect. Toolkit
• Stay Safe Online
• Before You Connect a New Computer to the Internet
• Keeping Children Safe Online
• Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens
• Concerned Parent’s Internet Safety Toolbox

ISZ files are “zipped ISO images” that one might used to create a WIN10 install image on DVD.  The ISZ extension should be blocked for incoming email.  As highly specialized ISO imaging software is required to launch ISZ or DAA files — most users are safe.  However ADMINs & tech professionals with a lot of security privileges could mishandle accidentally & allow malicious attacks to occur on inside of networks — where there is softer security controls in place for the intranet for example.

https://isc.sans.edu/forums/diary/Compressed+ISO+Files+ISZ/25252/

While researching a user submitted Direct Access Archive file (DAA), I learned about another file format I too had never heard of before: compressed ISO files, or .isz files.  ISZ files are similar to DAA files: insofar they also contain an ISO file, split in chunks that are then compressed. Like DAA, it’s a proprietary format, however, the ISZ specification is available publicly.

John Maxwell provides excellent leadership training resources.   This article shares 3 tips for brand new managers to grow & be successful in their careers

Congratulations on Being Promoted! Are You a Leader Yet?

Here are three tips to start honing your leadership bona fides.

Tip 1: Know the Levels of Leadership — “Level 1” is based on authority of position. Later a leader may graduate to “Level 2” where team members what to follow based on great leadership. Leaders must earn respect of team
Tip 2: Don’t Settle for Just a Title — You should view a title not as an accomplishment, but as an opportunity to grow.
Tip 3: Earn the Next Level, While You Keep this One — improve & demonstrate great leadership daily. This improves the team & future career potential

This excellent article from eWeek offers best practices to consider before an enterprise begins a cloud migration project.  Key topics discussed include the following 6 areas:

https://www.eweek.com/database/best-practices-for-migrating-oracle-databases-to-the-cloud

1: Evaluate the Skills and Experience of Your Internal Team
2: Conduct an Assessment of Your Current Environment
3: Build a Strong Proof-of-Concept
4: Determine the Right Tools for the Job
5: Test, Test and Test Again
6: Develop a Well-Defined Cutover Plan

This is 5th in series for IRS tax preparation professionals & these guidelines apply broadly to any business & are excellent security awareness

https://www.us-cert.gov/ncas/current-activity/2019/08/14/irs-security-summit-series-tax-professionals-create-data-theft

The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the following Security Summit series topics for more information:

• • • Deploying “Security Six” basic safeguards
    • Creating a data security plan
    • Educating yourself on phishing scams
    • Recognizing the signs of client data theft

The FBI’s Regional Computer Forensics Laboratories (RCFL) provide key assistance in computer crime investigations

https://www.fbi.gov/news/stories/rcfls-follow-the-modern-evidence-trail-081219

Technology and connected devices touch nearly every facet of modern life, and they often hold key evidence in criminal investigations. “Every single case now involves some sort of digital evidence,” said FBI Supervisory Special Agent Steven Newman, director of the New Jersey Regional Computer Forensics Laboratory (NJRCFL). Digital evidence can be on any device and can follow subjects almost anywhere they traverse in the cyber world. As such, digital evidence is key in Internet-enabled crimes, but it is also critical in cases that range from terrorism to fraud.

Network & internet WORMS are among the most dangerous malware.  Only the true system patch, disabling services, or AV protection can prevent automatic infections.   Microsoft & other security firms are sharing the need to install AUG-2019 security patches on a priority basis.

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.  These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products. At this time, we have no evidence that these vulnerabilities were known to any third party.

https://blogs.msmvps.com/harrywaldron/2019/08/14/microsoft-security-updates-august-2019/