Windows Wormable

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately.

The SMARTEST phone is to not use one

Often we overlook that handy tool as the most insecure device we have. Cell phones have been a target for every hacker for a very long time. Best advice I can give is stop using it, but I know that isn’t going to happen.

Next best advice is carry a dumb phone and turn it off most of the time. Again, probably not going to happen.
This well done article tells all about the Wireless Service and what is happening on that front. Enjoy.

Critical ‘Update Now’ Warning Issued For VxWorks OS Inside 2 Billion IoT Devices


Needless to say you should be checking on this ASAP. You probably have some of this in your IoT area.

Another inside threat

AT&T employees took bribes to plant malware on the company’s network

If you don’t watch what they are doing, what are your employees doing? And if it is offshore or outsourced how can you know what the vendor is doing in a far away land?

PaloAlto – The choice for secure

I started hearing about PaloAlto devices replacing the CISCO firewalls last year. I’m hearing more and more about them in 2019. Apparently they are doing it right. Keep your eyes on these guys. I’m thinking they are going to be the ones to beat in Firewall protection.

Another day, and more info on Capital One Hack

AWS is getting a hard look by the FBI, and other companies are working on assessment. Remember the cloud is just somebody else’s computers. How well it is all secured is important.

Ask yourself is the price for that cloud service just too cheap? Often you get what you pay for as one comment says in the above article. You are getting cheap offshore H1B people who are making $20/hour. They may not take it as seriously as you think they should.
Constant reassessment of your security risk and updating security as things change is often your best defense. Apparently this is just the start, expect that we will keep seeing more come out, and other things get uncovered just because everyone is looking this direction. AWS will have people crawling all over it for a while, ask yourself if you should be looking at AZURE or Google as well, and the answer is obviously, YES.

More and different info at the link below.

More info on the Capital One Hack

A bit about the hacker herself, she wanted into these databases and knew a lot about how to get in.
Some of the issues, Mis-configured firewalls, intent to dump the data to the public, and Capital One isn’t alone in the problem of exposure.
Netflix, TD Bank, and Ford were only a few of the companies whose data was hacked. Now we do the painful wait as little drips of info start coming out and the full extent of the hack is exposed. (Truth is we may never get the full story.)

USA Today article with some of the surrounding public info here

Capital One does loser big

Crackdown on China

Looks like the current administration is taking a look at the problem.

I think it may be long overdue.

More Secure Ideas – Email and bounce back

Turn off email read receipts. Hackers will gather information from your systems and know if you read the emails. It would also alert them that the email address is valid and since you opened it, they know it is a functioning path to get to you with a click link Trojan or virus or spear fishing attack.
Turn off your email out of office notifications. Most people are connected 24/7 and can respond to urgent requests. Sending out an out of office email will give away other emails or names for the hacker to attempt to contact. This also allows the hacker to know you are not in and they can time an email attack to when you return and maybe busy so you make a mistake and click a link that you normally wouldn’t.
If any of your software bounces back a response from a device you want to disable those notifications for external senders. Often the bounce notice gives away the software or hardware that is sending the message. Microsoft Outlook or Barracuda firewalls may give out information to the hacker on their next attack.
Remember, what software the company runs, and who is in those roles in the company can be valuable information for the next round of cyber attacks. Stay alert!