June 14, 2022
Good morning, everyone!
Microsoft zero-day being actively exploited
The so-called “Follina” zero-day vulnerability in Microsoft Office I discussed last week is being actively exploited. Please read that newsletter if you missed it, and consider disabling the MSDT URL Protocol if you haven't already.
Do it for yourself and also for others
A couple of weeks ago I talked about the importance of cyber security at home and at work, not just for your own protection, but to prevent the bad guys from using your devices to attack others.
Last week, CISA, NSA, and FBI issued a joint advisory: “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices detailing China’s current program of attacking big fish by using small fish:
PRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. Network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities.
That's a really convoluted way of saying that Chinese hackers are exploiting known flaws in common Internet devices and using them as waystations to attack their real targets. Don't let them use you like this! If you follow the link above and scroll all the way down to the "Mitigations" section, you will see some good security advice in general, with links to specific steps to take for specific circumstances.
Of course, I’ve written before about securing your devices so please take note of these basic configuration steps, and ...
Patch All the Things!
Be safe this week! (and always 😉)
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺
TNE. Cybersecurity. Possible.Speak with an Expert