Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 32.  It is Friday December 27, 2019. I am your host Scott Gombar and All is Still Quiet. 

 

This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com

A Twitter app flaw used to match 17 million phone numbers to user accounts

Ryuk Ransomware Stops Encrypting Linux Folders

New Magellan 2.0 SQLite Vulnerabilities Affect Many Programs

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 31.  It is Thursday December 26, 2019. I am your host Scott Gombar and Almost All is Quiet. 

 

This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com

Maze Ransomware Releases Files Stolen from City of Pensacola

Chinese hacker group caught bypassing 2FA

New Mexico Hospital Discovers Malware on Imaging Server

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 30.  It is Tuesday December 24, 2019. I am your host Scott Gombar. Merry Christmas All

 

This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com

If you haven’t updated Google Chrome to the latest version yet..do it.  

Citrix vulnerability jeopardizes over 80,000 companies globally

Twitter Fixes Bug that Enabled Takeover of Android App Accounts

A flaw in the Twitter for Android App has been patched.  The vulnerability allows would be attackers to take control of Twitter accounts and send tweets and dms.  If you use Twitter on Android please update immediately.

A note from the FBI re: LockerGoga and MegaCortex

"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga."

Have a BCDR plan.  Backup regularly. Test Backups and Keep a backup offline

Ensure all software and operating systems are up to date

Enable 2FA and have a strong password policy

Disable RDP wherever it is not needed.  Ensure RDP ports are blocked externally.  Use RDP over VPN. Use third party software to further secure RDP

Audit the creation of new accounts.

Run port scans to ensure unneeded ports are closed and nothing is listening that shouldn’t be listening..

Disable SMBv1 

Monitor AD for access levels, account changes and new accounts

Make sure you are using the most up-to-date PowerShell and uninstall any older versions.

"Enable PowerShell logging and monitor for unusual commands, especially execution of Base64 encoded PowerShell"

New Mozi P2P Botnet Takes Over Netgear, D-Link, Huawei Routers

Colorado Department of Human Services and Sinai Health System Alert Patients About HIPAA Breaches

Holiday Tip -  If you’re giving anyone a gaming console for holidays unpack it, set it up and install all the updates and then pack it up.  Update servers are hit pretty hard on Christmas day. Doing this allows the gift recipient to enjoy the gift rather than wait for updates.

Merry Christmas All.  We will talk again Thursday.  Stay Secure.

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 29.  It is Monday December 23, 2019. I am your host Scott Gombar and Say Hello Old Friend.

 

This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com

Apple’s Bug Bounty Opens for Business, $1M Payout Included.

Apple has officially opened its invite only private bug-bounty program to the public.  You can earn bounties of up to $1 million.

To earn the $1 million bounty you will need to provide a working zero-click exploit with full kernel execution and persistence on Apple’s latest devices.  Other requirements will also need to be met.  

There are other bounties between $25,000 and $500,000 vulnerabilities in Macs, iOS devices, and Apple TV ranging in compromises of lock screen bypass, icloud account access and other attacks.

One Day, Three Credit Card Data Breach Notifications.  You have probably heard about the Wawa Compromise.  If you haven’t here are the details.

Dropbox Zero-Day Vulnerability Gets Temporary Fix.  There is currently a zero-day vulnerability for Dropbox on Windows that allows attackers to gain permissions typically reserved for SYSTEM.  This is the most privileged account on Windows.  

Dropbox has not released a patch for this zero-day vulnerability but OPatch has released a temporary fix.  

Cisco Security Appliances Targeted for DoS Attacks via Old Bug.

PayPal Phishing Attack Promises to Secure Accounts, Steals Everything.

Windows Remote Desktop Services Used for Fileless Malware Attacks.

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 28.  It is Friday December 20, 2019. I am your host Scott Gombar and May the Force Be WIth You

This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com

Star Wars sites purporting to have pirated versions of the Rise of Skywalker are popping up.  The goal of these phishing sites is to install malware. Avoid these sites unless you want to risk a malicious attack.

Other Rise of Skywalker phishing sites are stealing credit/debit care info.

CISA has advised that there is a Drupal update available to address a critical flaw.  Update Drupal to 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers.

If you’re using 301 Redirects – Easy Redirect Manager you'll want to update it immediately to address a critical vulnerability.  The vulnerability allows any authenticated user including subscribers to modify, delete or create a redirect rule that could potentially take a site down.  The latest versions is 2.45.  

Google Offers Financial Support to Open Source Projects for Cybersecurity

K-12 Cybersecurity Act Introduced to Protect Schools from Ransomware

New Dudell Malware Hides Behind Microsoft Excel Documents

Emotet Malware Uses Greta Thunberg Demonstration Invites as Lure

CMS Blue Button 2.0 Coding Bug Exposed PHI of 10,000 Medicare Beneficiaries

https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users?fbclid=IwAR2HFBEjq98XyEGUTF99rLiKSVYJ4Makl1bcLDtdHEPiVJVaoc6cYo5zAqA

267 million - mostly American - Facebook users' IDs, names and phone numbers are exposed online and shared on the dark web

A database exposing the names, phone numbers and Facebook user IDs of millions of platform users was left unsecured on the web for nearly two weeks before it was removed.

Security researcher Bob Diachenko, who along with Comparitech discovered the unsecured Elasticsearch database, believe it belongs to a cybercriminal organization, as opposed to Facebook. Diachenko went to the internet service provider (ISP) managing the IP address of the server so that the access could be removed.

“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

https://www.theverge.com/2019/12/19/21030114/robocalls-bill-congress-president-trump-sign-law-illegal-fcc-ajit-pai

Google Releases Security Updates for Chrome for Windows, Mac, and Linux

Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

 

Microsoft Issues Out-of-Band Update for SharePoint Bug

The out-of-band patch addresses the important-severity vulnerability by changing how affected APIs process requests. Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2010 SP2 and 2013 SP1 and Microsoft SharePoint Server 2019 are impacted; 

LifeLabs Pays Hackers Who Accessed 15M Customers’ Lab Test Results

 

Google (GSuite) will soon block Less Secure Apps, switch to OAuth for authentication’

After 15 June 2020, users who try to connect the Google accounts to an LSA for the first time won’t be allowed to, but those who have already connected to LSAs before that date will still be permitted.

That grace period won’t last forever, though. After 15 February 2021, access to LSAs will cease for all G Suite accounts, even those that were already using them.

Honda Exposes 26,000 Records of North American Customers.

Microsoft Security Essentials To Get Updates After Windows 7 EoS.

Siemens Contractor Jailed for Sabotage With Logic Bombs.

Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft

Update on Hackensack Meridian Ransomware Attack - A ransom was paid to decrypt the files but no word on how much.

 

Alexa, Google Home Eavesdropping Hack Not Yet Fixed

Flaw in Slack Allows Workspace Members to Access Files in Private Channels

The 25  Most Common Passwords Found From Breaches in 2019

Intel Rapid Storage Technology vulnerability exists in older versions.  Update available

Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss

Lazarus Hackers Target Linux, Windows With New Dacls Malware

Ransomware Hit Over 1,000 U.S. Schools in 2019

Truman Medical Centers Notifies 114,466 Patients of Potential PHI Exposure

New Blog Post - Dental Practices & HIPAA, Is It Necessary?

Tech Tuesday Tip - with ease of use comes risk. New Crytojacking campaign avoids detection through process hollowing. TP-Link Archer router vulnerable to attack. 435,000 Security certs can be compromised with less than $3000. High School students find soy cams in their hotel rooms. Police get geofence info from Google for suspected arsonists. Hackensack Meridian Health in NJ recovering from Ransomware attack. New blog post on NwajTech.com "Ring Cameras Hacked but who is to blame"

WordPress Update available (5.3.1). Critical Remote Code Execution threaten power plants in the US, Germany and Russia. HIPAA breaches for Right of Access and Improper Disposal. Attackers did not hack Ring Cameras, stop using weak passwords and New Orleans declares state of emergency after Ransomware attack.

It's a Friday the 13th reference, get it? Holiday Cyber Attacks expected to increase by 20%. NGINX co-founders arrested. Microsoft warms of Gallium Threat on Telcos worldwide. Maze ransomware demands $6 million from Southwire and another Ransomware will now publish victims data if not paid.