January 17, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Windows Server 2012 Extended Support will End in October
If you still have any Windows 2012 servers, now is the time to plan on replacing them, before extended support ends in October.
The Number One Way to Protect Your Devices Online
CISA announced recently that a US satellite network was hacked by a Russian group known as Fancy Bear:
It appears that Fancy Bear exploited a 2018 vulnerability found in an unpatched virtual private network, giving its hackers the ability to scrape all the credentials with active sessions.
(slapping forehead) An unpatched vulnerability from 2018?!?!? Remember, Patch early, patch often! A patched vulnerability is no longer a vulnerability. It's that simple. This is literally the single most important (and easy! and free!) thing you can do to protect your devices online. Have automatic updates turned on everywhere, and periodically do a manual check to be sure you have the latest patches installed for everything.
How Bad Was That LastPass Breach?
It turns out that the hackers stole customers' passwords stored in the LastPass vault. Fortunately the passwords are protected by strong encryption, so assuming LastPass properly implemented this encryption, the only way attackers can read those passwords is with the master password that provides the encryption key. This is why it's so important to use a really good, long, strong, unique password as a master password -- minimum 12 characters, preferably 20 or more. If you use LastPass and you didn't have a really good master password in place prior to this breach, you should probably change all your passwords now. For further reading, this blog post has a lot of good info on passwords and password managers.
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺