SBS CyberSecurity - In The Wild 115


SBS Newsletter header
 

In The Wild - CyberSecurity Newsletter

Welcome to the 115th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
Image result for sbs cybersecurity twitter

Microsoft Office 365 Security Suggestions [PDF]

SBS Free Downloads

These suggestions are intended to provide ideas on improving the overall security of your instance of Microsoft Office 365. Some of these suggestions will also work on more traditional Microsoft Exchange Systems as well. The list is not intended to be comprehensive; there are other controls not included here. As an example, Microsoft has a tool that will evaluate your Office 365 risks and provide control suggestions. The Center for Internet Security (CIS) also provides system hardening guidelines and is a great resource in improving security.

This Server was Online for Under a Minute Before Hackers Were Trying to Crack It

ZDNet

It can only take seconds before cyber criminals start attempting to hack into newly connected cloud devices and services, as attackers relentlessly pursue new avenues to exploit for malicious purposes. Researchers at Sophos set up honeypots in ten of the most popular AWS data center locations around the world and connected them to the internet with common configuration errors, such as using default credentials or insecure passwords. It took under a minute for attackers to start to find the honeypots and begin using brute-force attacks in an effort to log in to the devices. The Sao Paulo site first came under attack, with the first login attempt registered after just 52 seconds.
cid:image013.jpg@01D4B68B.9C571890

Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident. Earlier this month, KrebsOnSecurity heard independently from two trusted sources that Wipro — India’s third-largest IT outsourcing company — was dealing with a multi-month intrusion from an assumed state-sponsored attacker.

Serious Flaws Leave WPA3 Vulnerable to Wi-Fi Password Cracking

ars technica

The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices.
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.

The New York Times

Mondelez, owner of dozens of well-known food brands like Cadbury chocolate and Philadelphia cream cheese, was one of the hundreds of companies struck by the NotPetya cyberstrike in 2017. Laptops froze suddenly as Mondelez employees worked at their desks. Even with teams working around the clock, it was weeks before Mondelez recovered. Once the lost orders were tallied and the computer equipment replaced, its financial hit was more than $100 million, according to court documents. After the ordeal, executives at the company took some solace in knowing that insurance would help cover the costs. Or so they thought.

Cyber Attack Forces The Weather Channel Off the Air

Bleeping Computer

The Weather Channel stopped its live broadcasting this morning due to a security incident that lasted for at least 90 minutes. Details are scant at the moment, and a tweet from the station does not lift the haze, informing only that it was the victim of "a malicious software attack on the network." In the official statement on Twitter, The Weather Channel says that federal law enforcement is on the case. However, nothing was said about the nature of the cyber attack or the malware used.
Image result for government technology twitter

North Dakota Adopts Statewide Cybersecurity Approach

Government Technology

The North Dakota legislation authorizing a new unified approach to cybersecurity was signed into law Thursday by Gov. Doug Burgum. The governor, a former Microsoft executive, said Senate Bill 2110 would go far toward protecting the state's digital infrastructure. On average, officials estimate the state sees roughly 5 million cyberattack attempts each month. The bill gives authority to the state’s Information Technology Department (ITD) to define cybersecurity for all of the state’s public entities — including cities and counties, state agencies, school districts and institutions for higher education.
Image result for gary vaynerchuk twitter

Why You Might Need to Fire Your Most Talented Employee

Gary Vaynerchuk

Most businesses really need to adjust their mindset when it comes to hiring and firing employees. So many are obsessed with short-term performance, “numbers” and quarterly targets. But to build a real long-term business, it takes much higher level thinking. It’s about focusing on overall culture and continuity over short-term financial performance. That’s why it doesn’t matter how “great” an employee’s numbers are if he or she makes all the other employees miserable. If they constantly spread negativity or drag other employees down, it doesn’t matter to me how good they are on paper.

Image result for sbs cybersecurity twitter

Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"