05Aug 2020 by nathan

OpSec is hard. Lessons learned from the Twitter hack arrests.

Industry News, Tech news
As many of you may already know, social media platform Twitter was attacked on 15 July 2020 and 130 high-profile accounts were taken over and used in a scam to collect Bitcoin. During the attack, there was a lot of discussion and marvel at the scope and complexity of the attack and a $1 million bounty was offered to "those who successfully track down and provide evidence for bringing to justice the hackers / people" [behind the attack]. Coverage of the attack and 'buzz' on social media continued for a couple of days. Fast forward to this morning and one of the first things in my news feed was an article that the 17 year old alleged mastermind of the attack was arrested after authorities tracked him down using a…
Read More
22Jul 2020 by nathan
Adobe issues emergency update to multiple products

Adobe issues emergency update to multiple products

Industry News, Tech news
Adobe has released emergency updates to address critical vulnerabilities in multiple products including Photoshop, Bridge and Prelude. The vulnerabilities could be used by an attacker to gain access to unpatched systems. Additional Info https://threatpost.com/critical-adobe-photoshop-flaws-patched-in-emergency-update/157581/
Read More
14Jul 2020 by nathan

Excellent articles / video series from the FTC on protecting Small Business from Cyber Threats

CTC NEWS, Industry News, Tech news
The FTC has released an excellent (and short) video series highlighting some excellent information to help small businesses better understand cyber threats and steps they can take to protect themselves. The videos all relatively short (I believe the longest so far is around four minutes +/-) and the concepts are simple (but not easy). If you own, manage or work for a small business, this is an excellent resource and definitely one that I would recommend checking out. US CERT ArticleFTC ArticleFCC Video Series Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you're not taking full advantage of? Are you looking for…
Read More
02Jul 2020 by nathan

Microsoft issues emergency security update

CTC NEWS, Industry News, Tech news
A private security researcher discovered two bugs affecting Windows 10 and Windows Server 2019 that can allow a remote attacker to take remote control of a computer if a user opens a specially crafted image. The bug was reported to Microsoft and updates to fix the bugs were issued earlier today. Additiinal information is available here .
Read More
10Jun 2020 by nathan
June 2020 News & Updates

June 2020 News & Updates

Industry News, Monthly Newsletters, Tech news
Executive Summary Criminals continue to take advantage of remote workers connecting to work resources via home networks with (often) lax security controls. In many cases, these unprotected home networks that are connected via VPN connections back to the office are giving attackers an opportunity to completely bypass the corporate firewall.Based on number of bugs patched, June 2020 marks Microsoft's largest Patch Tuesday to date with 129 (or 130, depending on who you ask) bugs patched, with 115 in March 2020 and 113 in April 2020 pulling a close second and third.Adobe released significant security updates for Flash Player and Framemaker that could allow an attacker remote access to vulnerable systems.Windows 7 and Windows Server 2008 are now six months out of support from Microsoft, meaning they are no longer being…
Read More
08Jun 2020 by nathan

Another day, another phishing scam (or two)

CTC NEWS, Industry News, Tech news
As more and more people continue to work from home, we are seeing attackers leveraging social engineering tactics like phishing even more frequently, knowing that these teleworkers are typically not behind a corporate firewall that would likely block their malicious payloads. With that in mind, I received two emails today that highlight some of the ways that we can identify phishing and avoid becoming a statistic. Both emails appear to be from very different senders with very different approaches but, ultimately, with the same end game; get me to click on a malicious link. The sample below is a simple based email attempting to capitalize on the users fear that their email is about to go away and, if they don't act fast, they will lose data. Note that the…
Read More
05Jun 2020 by nathan

Serious flaw in Microsoft Windows – CISA recommends patch now

Industry News, Tech news
The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning that Proof of Concept (PoC) code has been published to exploit a vulnerability in Windows that can be executed remotely, is wormable and can give an unauthenticated attacker full SYSTEM level privileges on unpatched systems.  It is reasonable to assume the PoC code will be weaponozed very quickly if it has not been already. Microsoft released an update on March of 2020 to patch this vulnerability and organizations are encouraged to patch now if they have not already. This vulnerability also underscores the need for organizations to block and log inbound and outbound SMB traffic between their internal network(s) and the Internet. If you do not have a patch management system or would like information on how Cyber Tech…
Read More
27May 2020 by nathan
Phishing Emails. What to look for to protect yourself, your team and your organization.

Phishing Emails. What to look for to protect yourself, your team and your organization.

CTC NEWS, Industry News, Tech news
Phishing has long since been a go-to for the bad guys as an easy way to get malware on or access to victim computers. The trick for the bad guy / attacker is to make the email look like something legitimate and trigger some sort of fear response. The trick for the good guy / target is to be able to spot the scam, and that's the point of this quick post. The email below is one that I just received that's trying to get me to click on a link to confirm my email address. Let's take a look. In the email above, the goal of the attacker is to get the target to click the link to 'prove your email account ownership'. The email looks real enough. It…
Read More