Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

They’re not super villains!

Some good points in this article. At the end of the day the fundamentals of cybersecurity outperform cyber criminals. It isn’t glamorous work but it is effective.

Instead of going deep into the weeds of who is behind cyberattacks, experts say organizations and defenders should prioritize the most practical ways to reduce risk, including vulnerability and patch management, network perimeter and endpoint security and multifactor authentication.

Small Towns still have big problems

In a town of less that 13,000 people a small hospital breach has affected ~62,000 people.

The hospital attributed the 10-month-long lag between discovery of the incident and notification to difficulties in identifying the individuals and the information affected in the hack.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

Tech Support Scams with a Twist

Malicious web search ads have drastically increased as the delivery mechanism for the top 10 malware over the last year.

…brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page

Most ransomware attacks happen at night

This isn’t surprising considering the normal workday across the globe and lack of an IT presence in the US. On call staff, automation, and SOC Services are important security components to keep organizations safe overnight.

The majority of ransomware attacks now occur between the hours of 1am and 5am in an attempt to catch cybersecurity teams off guard, according to a new report from Malwarebytes.

Why C-suite leaders are prime cyber targets

BEC (business email compromise) attacks are extremely effective. With ease of creating AI Deep Fakes to impersonate executives, out of band verification policies will need to commonplace in all organizations of any size.

The frequency of attacks is also escalating. 69% of US companies that have previously had attacks report an increase in attacks over the past three years–above the global average of 58%. This uptick coincides with the rise in complexity of attacks. Notably, incidents involving AI-assisted deepfakes and phishing schemes have surged, with senior executives as primary targets.

This article was last updated @ 3:00 PM 08/26/2024

Consumer data broker National Public Data has been breached and has exposed hundreds of millions of consumer records. These consumer records include information that is often used to verify consumer identity. The breached data also includes 272M social security numbers of living and deceased US citizens.

You can read more about the breach here:

https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data

and here:

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/#more-68428

You can check if your information was part of the breach here:

https://npd.pentester.com

or here:

https://www.npdbreach.com

Now that the data is in the wild, what can you do about it? Even if your info was not part of this breach the following steps are still important to keep your credit and identity safe.

1. Place a credit freeze with all three of credit bureaus. This will prevent new credit inquiries and new credit card and some loan accounts. This freeze will need to be lifted when establishing new accounts.

https://www.transunion.com/credit-freeze

https://www.experian.com/freeze/center.html

https://www.equifax.com/personal/credit-report-services

2. Place a security freeze with ChexSystems. This will prevent the approval of new banking accounts opened in your name. This will also need to be lifted when opening new accounts.

https://www.chexsystems.com/security-freeze/information#:~:text=All%20consumers%20who%20reside%20in,your%20name%20without%20your%20consent.

3. Get an Identity Protection Pin for your IRS account. This will prevent someone else from filing a tax return in your name. As enticing as someone filing your taxes for you might sound it can be used in the identity theft process.

https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin#:~:text=An%20Identity%20Protection%20PIN%20(IP%20PIN)%20is%20a%20six%2D,to%20you%20and%20the%20IRS.

4. Review your credit report from each of the credit reporting agencies annually. Due to these large scale data breaches it is important to keep an eye on your credit report. Under federal law you are entitled to a copy of your credit report annually from all three credit reporting agencies – Experian, Equifax, and TransUnion.

How to request your free credit report:

1. You may contact the Central Source by visiting www.AnnualCreditReport.com
   
2. You can request by phone and call 877-FACTACT

Quick and Easy Way – Enroll in an Identity Theft and Monitoring service. Instead of doing the first 4 steps yourself these services help automate the process plus a whole lot more. I would suggest this for a heavy credit user or someone with an extensive digital and financial footprint. These services are expensive but cover a wide array of credit, banking, and identity services that would be next to impossible to manually opt out of. The two front runners are:

Lifelock – https://lifelock.norton.com/

and

Aura – https://www.aura.com/

You can read more about them here:

https://www.cnet.com/personal-finance/identity-theft/best-identity-theft-protection/

and

https://www.tomsguide.com/us/best-identity-theft-protection,review-2083.html

Honorable Mention – There are some services that help to clean up your data from the 100’s or 1000’s of data brokers out there. This type of service is included in the previously mentioned Identity Theft and Monitoring services but you can sign up for this functionality without all of the bells and whistles. A few of the best are:

Delete Me – https://joindeleteme.com/

Incogni – https://incogni.com/

Optery – https://www.optery.com/

I’ll continue to monitor this situation and aggregate the best practices to help mitigate the risk associated with this breach.

---

Update 8/23/2024

Added best practice number 4.

Update 8/26/2024

Added https://www.npdbreach.com/ site by Atlas Privacy to article

Added Quick and Easy and Honorable Mention section

Formatting changes

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

August Patch Tuesday

The August patch Tuesday might be one for the record books. Exploited Zero Days, Remote Code Executions, and Privilege Escalations this month we have it all. As usual our current customers have begun getting critical updates. If your not a current Digital Data Communications managed service customer please manually run Windows updates (and Adobe too). Stay safe!

 ..security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day

Common Log File System

While it’s not a remote code execution (RCE) flaw or a privilege escalation flaw. It still can have a detrimental effect on your business day.

Narvaja said the vulnerability poses a significant risk as it can lead to system instability and denial of service (DoS) attacks. An attacker could exploit this flaw to repeatedly crash affected systems, potentially causing data loss and disruption to operations.

Brief from CISA and FBI on Blacksuit(Royal) Ransomware

This is a great threat briefing but pretty much the same old tricks. This is a very active campaign.

BlackSuit actors gain initial access to victim networks in several ways, including:

• Phishing. According to third-party reporting, BlackSuit actors most commonly gain initial access to victim networks via phishing emails [T1566]
• Remote Desktop Protocol (RDP). The second most common vector (around 13.3% of incidents) BlackSuit actors use for initial access is RDP compromise [T1021.001]
• Public-facing applications. FBI has observed BlackSuit actors gain initial access through exploiting vulnerable public-facing applications [T1190]
• Brokers. Reports from trusted third-party sources indicate that BlackSuit actors may leverage initial access brokers to gain initial access and source traffic by harvesting virtual private network (VPN) credentials from stealer logs [T1650]

Adobe Reader Security Bulletin

This type of vulnerability is a common target for phishing campaigns. If you are one of our managed service customers its likely this vulnerability has already been patched.

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

Windows Downgrade Attack

We spend a lot of time making sure Microsoft Windows machines are patched to protect from known vulnerabilities. With this attack malicious actors can roll back previously patched software to take advantage of vulnerabilities.

SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities.

No known exploits are currently in the wild but the security researcher was able to create a working proof of concept. Microsoft is working on a security patch to mitigate this attack.

Another Issue with NTLM

Microsoft’s NTLM has had a troubled past. Tons of exploitable flaws, unsalted hashes, and continued use after the clear successor has been anointed. Unfortunately we will be left dealing with these types of issues for the foreseeable future.

The good new here is that this vulnerability has a decent mitigation while we wait for Microsoft to issue a patch.

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability

This flaw isn’t currently being exploited but has been tagged as “highly probable” to be exploited.