Stupid... or Just Irresponsible?

UPDATE to last week's Headlines:Kaseya's universal REvil decryption key leaked on a hacking forum by a poster, who is believed to be affiliated with the REvil ransomware gang, on a hacking forum, tests successfully.  On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "trusted third party" and began distributing it to affected customers. Before sharing the decryptor with customers, CNN reported that Kaseya required them to sign a non-disclosure agreement, which may explain why the decryption key hasn't shown up until now. On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability from Cogni and Magniber Ransomware groups, all in south Asia, protecting customers before any encryption takes place, They have seen almost 600 submissions in the last 30 days (July 12-Aug 12th).  Also, Vice Society ransomware, which targets small and midsize schools.This Week's Security Tip:It's scary what kids can see online. Here are some little-known ways to see if your kid is doing things and visiting sites you don't want them to: They've deleted their browsing history. What are they hiding? The ads showing up are questionable. Marketers use retargeting to get you to come back to their websites. So if you're seeing ads that make you go “hmmmm,” that's a sign they've been visiting those sites. They hide when using the device. A good rule of thumb is NO devices in bedrooms, or in any room that is not out in the open. Today's Headlines:On Tuesday, just over $600 million in cryptoassets were stolen from Poly Network, a system that allows users to transfer digital tokens from one blockchain to another.  The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.  He then sent multiple transactions to the same with text embedded in each transaction, he included a Q&A explaining his motives, including the line "why hack? For fun

This Week's Security Tip: Make sure EVERY employee knows what is acceptable and what is not, regarding company technology. With so many access points, from cell phones to laptop and home computers, how can anyone hope to keep their network safe from hackers, viruses and other unintentional security breaches? The answer is not “one thing” but a series of things you have to implement and constantly be vigilant about, such as installing and constantly updating your firewall, antivirus, spam-filtering software and backups. This is why clients hire us – it's a full-time job for someone with specific expertise (which we have!).Once that basic foundation is in place, the next most important thing you can do is create an Acceptable Use Policy (AUP) and TRAIN your employees on how to use company devices and other security protocols, such as never accessing company e-mail, data or applications with unprotected home PCs and devices (for example). Also, how to create good passwords, how to recognize a phishing e-mail, what websites to never access, etc. NEVER assume your employees know everything they need to know about IT security. Threats are ever-evolving and attacks are getting more sophisticated and clever by the minute.UPDATE to last week's Headlines: Kasaya VSA breach – has been on their CVE for 3 months, also upon a third party security incidence response evaluation, they found their billing and customer support site, portal.kasaya.net, was, and has been since July 2015, susceptible to CVE 2015-2862, a "directory transversal attack – basically, even without credentials you could access server files and locations, including the web.config file, which includes usernames, passwords, and locations to other sensitive information..  Kasaya had updated their customer portal in 2018, but left their legacy portal alive. Microsoft issues Emergency patch for PrintNightmare – We briefly mentioned this last episode, but the story goes:A security researcher publicly announced the initial vulnerability, allowing for the print spooler, which by default runs on all Windows versions by default with kernel level administrative rights, could be maliciously used to run remote executable code, potentially take over the entire domain.   In the next update, Microsoft issued a weak patch that only addressed the point of concept, but didn't really address the actual vulnerability.  Another research team then publicly reported a point of concept they too had reported to MS: a different CVE than the other, which in summary was an active exploit – so basically they published a how-to on a zero day.  SO then MS had to patch both the first CVE and second as fast as they could, and finally after a couple days did offer an out of band update which covers both WD – to recap, A flaw for all WD MyBook external drives of a zero-day exploit was reported in 2020 prior to Pwn2Own Tokyo, but WD replied that the bug had been resolved in their new OS5 software.  The research team then posted a video of the proof of concept.  Go figure, tons of them in the wild were then (and probably still are) being wiped by malicious hackers. WD's initial response in March was to advise eveyrone with a MyBook on v3 upgrade to a dvice that can use v5 (basically a new one), and that they would not update the old versions with security patches.  Facing a backlash of angry customers, Western Digital also pledged to provide data recovery services to affected customers starting this month. “MyBook Live customers will also be eligible for a trade-in program so they can upgrade to MyCloud devices,” Goodin wrote. “A spokeswoman said the data recovery service will be free of charge.” Next Week's Teaser:What the heck is an AUP…and why do you want it?Call to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery 

UPDATE to last week's Headlines:Microsoft officially releases Windows 11 announcement, preview.  Expected to arrive Oct 20This Week's Security Tip:10 easy tips for mobile phone security:1. Lock your device with a PIN or password, and never leave it unattended in public 2. Uninstall apps you don't use 3. ONLY download apps from trusted sources 4. Keep your phone's operating system updated 5. Install antivirus software 6. Use your phone's “find me” feature to prevent loss or theft 7. Cover the camera with a camera sticker when not in use 8. Back up your data 9. Encrypt the data if you have sensitive info stored on it 10. Don't click on links or attachments from unsolicited e-mails or textsToday's Headlines: Western Digital MyBook users urged to unplug devices from the network - malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. Quickbooks Online opts users in to share payroll info of 1.4 million small businesses with Equifax, who has been and will be hacked again. (To disable sing-in to QBO, go to Payroll settings, uncheck "Shared Data.") Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users. HSE, socialized public healthcare system of Ireland, breached in May and 700GB of patient and employee data, orders Virus total to reveal  Briefly mention PrintNightmare, security vulnerability that affect every version of Windows.  Much more in depth next week. Kasaya ransom: $70,000,000 for universal decryptor ($5mill per individual compromise)  fewer than 40 customers worldwide, though all MSPs with over 1000 clients Supply chain attack on on-prem servers – all from US based hosting servers.  CISA and Biden announce almost immediately they are investigating and blame Revil/Russia.  This all comes weeks after FBI/DOJ seized ReVIL/Darkside servers. Was allegedly a known exploit that Kasaya was in the process of patching, before the zero-day attack was carried out. Next Week's Teaser:What the heck is an AUP…and why do you want it?Call to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery 

UPDATE to last week's Headlines:US DOJ said it recovered $2.3Mil of Bitcoin sent to Darkside for the Colonial Piepeline attack "saying they were able to track the bitcoin to a wallet for which the FBI has the "private key." (appears to be the affiliate's take, the remainder of 15% going to developers.Darkside sends message that they are now closed, after servers seized and money transferred.This Week's Security Tip:Social engineering is big business. What is it? Figuring out who you are and then using that information to make money off of it.People list password challenge and identity verification publicly on their Instagram, Twitter and Facebook pages and feeds without giving it a second thought. Maiden name? Check. Favorite pet? Check. High school? Check. Town they grew up in? Check. Favorite or first car? Check. Throwback Thursday is a social engineer's dream! They love this stuff.Combat this by A) not posting that information online anywhere or B) always giving false password and identity challenge and verification information to the sites and services that require it. Keep the answer file offline. Remember, if it's a handwritten list, you can still take a photo of it.Today's Headlines:JBS & Pilgrims meat processing hacked – ransomware that the FBI attributes to REvil and SodinokibiThe company's swift response, robust IT systems and encrypted backup servers allowed for a rapid recovery," JBS USA said in a press release on 6/3."  Later on June 10th, confirmed they paid $11mill of demanded $22.5mill to prevent stolen data from being leaked.Amazon sidewalk goes live – Amazon Sidewalk creates a low-bandwidth network with the help of Sidewalk Bridge devices including select Echo and Ring devices. These Bridge devices share a small portion of your internet bandwidth which is pooled together to provide these services to you and your neighbors. Mass media plays this up as terrible, specifically because Amazon has set this feature by default to "enabled". Reality is, Amazon actually did their homework.  A roaming wireless device that reaches out and connects to SideWalk has ZERO access to the hosting network it's connecting though, just as the hosting network has ZERO access to the roaming WiFi device's data, data is fully encrypted, and not even Amazon has access to that data. 6 years ago, Microsoft promised Windows 10 would be the last OS, being "refreshed" twice a year forever.  A couple days ago, Windows 11 has been leaked. Some features – taskbar is centralized, similar to Mac vs. Curtrent left-side, no more tiles in start menu – instead , windows will be rounded, like MacOS, overall, a very MacOS vibe.Next Week's Teaser:These easy tips will keep your phone safeCall to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery 

UPDATE to last week's Headlines:Darkside Ransomware breach on Colonial Pipeline – discuss what happened and the repercussions after our tech tipThis Week's Security Tip:While most businesses understand the importance of backing up their server and files, many forget to back up their website!Most sites are hosted on a third-party platform like HostGator or WordPress. However, these hosts have limits on what they back up, and the Terms and Conditions you agreed to most likely waive their responsibility to preserve and back up your files and data.Therefore, if you're posting a lot of new content, you should be backing up your site weekly if not daily. Hackers can (and do!) corrupt websites all the time. If you don't want to have the cost of a down website and the cost of rebuilding it, back up your website!Today's Headlines:Darkside Ransomware breach on Colonial Pipeline The first DarkSide ransomware attacks were all owner-operated, but after a few successful months, the owners began to expand their operations. On November 10, DarkSide operators announced on Russian-language forums XSS and Exploit the formation of their new DarkSide affiliate program providing partners with a modified form of their DarkSide ransomware to make use in their own operations. It's worth noting that DarkSide actors have pledged in the past to not attack organizations in the medical, education, nonprofit, or government sectors. At one point, they also advertised that they donate a portion of their profit to charities. However, neither claim has been verified and should be met with a heightened degree of scrutiny; these DarkSide operators would be far from the first cybercriminals to make such claims and not follow through.  DarkSide Operators Likely Former “REvil” AffiliatesFlashpoint assesses with moderate confidence that the threat actors behind DarkSide ransomware are of Russian origin and are likely former affiliates of the “REvil” RaaS group. Several facts support this attribution: Spelling mistakes in the ransom note and grammatical constructs of the sentences suggest that the writers are not native English speakers. The malware checks the default language of the system to avoid infecting systems based in the countries of the former Soviet Union. The design of the ransom note, wallpaper, file encryption extension and details, and inner workings bear similarities to “REvil” ransomware, which is of Russian origin and has an extensive affiliate program. This shows the evolution path of this ransomware and ties it to other Russian-origin ransomware families. The affiliate program is offered on Russian-language forums XSS and Exploit. Timeline: Thursday, May 6, 2021 – Hackers Launch Colonial Pipeline Cyberattack: stealing 100 gigabytes of data before locking computers with ransomware and demanding payment (undisclosed original amount, estimated ~$100mill).  Breached through phishing attack.  Encrypted Sales and billing network.  They then hired FireEye. Friday, May 7, 2021: Colonial Pipeline paid $4.4mil to Eastern European hackers on May 7, 2021, contradicting reports that the company had no intention of paying an extortion fee to help restore the country's largest fuel pipeline  Saturday, May 8, 2021: U.S. Government Assists Attack Response: Colonial Pipeline, unnamed U.S. companies and several U.S. government organizations (including the White House, the FBI, CISA and NSA) shut off key servers operated by the hackers. The steps stopped the flow of stolen Colonial Pipeline data from the United States to alleged hacker locations in Russia.  Tuesday, May 11, 2021: CISA-FBI Advisory: The CSIA and FBI issued a cybersecurity advisory that described DarkSide ransomware and associated risk mitigation strategies. Colonial Pipeline's Website Offline: The company's site was offline for a portion of the day. Colonial Pipeline Statement 5: The company described alternative fuel shipping strategies that are now in place amid the effort to safely restore the pipeline.  Monday, May 10, 2021: Alleged Russia Connection: President Biden directly blames Russia in the Colonial Pipeline attack as a "State-hack", then in a later statement took it back and suggested that Russia may deserve some blame for the attack since the hackers and/or their software are allegedly located within Russia's borders. FBI Statement: The FBI confirmed that DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks. Sec of Energy issues emergency waiver, allowing non-EPA emissions standards gasoline to be stored, moved, and sold. 3 million barrels (125mil gallons) came in not meeting regulations requiring EPA guidelines on emissions on May 11th.  Did not report how much has been obtained during the EPA emissions waiver timeline, to May 18th.  Wednesday, May 12, 2021: Colonial Pipeline Restarts Pipeline Operations: The restart began at about 5:00 p.m. ET, though it will take several days for the delivery supply chain to return to normal, the company indicated. The update did not mention the cyber incident investigation.   Thursday, May 13: Full system restartBiden signs Executive order that: removes contractual terms that may limit "information sharing" with CISA, NSA, FBI, require service providers (including cloud service providers) to preserve data it will name later, provide said information, and share all related information, including proprietary network and security information, with federal government| also to begin discussing zero-trust framework for federal government, as practical.  They are also creating a Cyber Safety Review Board, to convene after "major" incidences, made of FBI, DOJ, DOD, NSA, FBI, and select Private sector.  They will also appoint a National Cyber Director. They will also require FCEB networks to employ  tools for host-level visibility, attribution, and response, without authorization.  May 15th: Biden spoke with Putin, blamed him for SolarWinds hack, 2020 election interference, and imposed sanctions and expulsion of diplomats  Next Week's Teaser: Lie, lie, lie!Call to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery 

UPDATE to last week's Headlines:US Gov formally accuses Russia for SolarWinds/Orion attack.  Biden issues state of Emergency, giving him the power to issue executive order: emphasizing an exploitation on US and Russian elections, kicks-out Russian diplomats in DC, prohibits US financial entities from trading in Rubles, issues sanctions against Russian networking infrastructure.This Week's Security Tip:There are two mistakes we see with usernames and passwords, even if they are GOOD strong ones. The first is using the SAME password across multiple sites. The second is using the same e-mail usernames and prefixes across multiple free e-mail services. For example: jimmy67chevy@aol.com jimmy67chevy@gmail.com jimmy67chevy@yahoo.com jimmy67chevy@icloud.com  When you use the same password and the same username across multiple sites, you make it easy for a cybercriminal to compromise multiple accounts of yours. With the first part easy to figure out, they can get access to other online services and data or even spoof your e-mail addresses to others. Variety is the spice of life, so make sure you're using UNIQUE, strong passwords along with unique usernames on free e-mail accounts. Today's Headlines: 2 Google Chrome zero-day exploit dropped on twitter last week, both remote code executables, affects Chrome, Edge, and other Chromium-based borwsers Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts (FLoC), Vivaldi, Brave, DuckDuckGo, and now WordPress reject it.  - Thousands of browsers with identical browsing history (belonging to the same "cohort") stored locally will have a shared "cohort" identifier assigned, which will be shared with a site when requested.  - "At Vivaldi, we stand up for the privacy rights of our users. We do not approve tracking and profiling, in any disguise. We certainly would not allow our products to build up local tracking profiles," says Jon von Tetzchner, Vivaldi CEO and co-founder.  Signal CEO and founder Moxie Marlinspike slams Cellebrite (company that police and gvmt uses to unlock Android and iOS phones ) after they say they can now access Signal data. Next Week's Teaser:Here is what you should do with your data on your laptop..Call to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery 

UPDATE to last week's Headlines:Signal at it again, started Facebook campaign with ads showing the targeting being used to end users (You're seeing this ad.  Facebook then disabled their ad account.This Week's Security Tip: Keep sensitive and important data off DEVICES and in the cloudIf a laptop is stolen or lost, and the data is not backed up, you just lost it all. Worst of all, even if you had it locked with a strong password, it's very likely to get cracked. Once the thief succeeds, any private data that is unencrypted is free for the taking.One solution: keep sensitive and important data, files, pictures, contracts, etc., on a secure private cloud service, so it's never on your employee's hard drive in the first place. By storing this information in the cloud, you can immediately revoke access when a device goes missing.Side Tip: If you have important family photos, store it in Shutterfly or some other photo-storing cloud application so those are backed up as well.Today's Headlines:U.S. Agency for Global Media (USAGM) breached by Phishing attack, exposed information includes full names and Social Security numbers of employees and possibly their beneficiaries and dependents.  Account compromised 4 months prior to Phishing campaign.USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.Vulnerable Dell driver puts hundreds of millions of systems at riskA collection of five flaws, collectively tracked as CVE-2021-21551, have been discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot.  Pushed updates are blue-screening computers across the country/locking TPM chips.Next Week's Teaser:Are you sure that it's handled? You may think it is, but it's not…Call to Action. We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL! www.mastercomputing.com/discovery  

It's not just about downloading unauthorized software, but also about where your data lives. Everything is riding on the line!

You probably won’t guess what it is, but…

Do these 3 things to make sure you’re not screwing up

Don’t think it won’t happen to you, because stats say it will...

Use this simple checklist to make sure you’re compliant

Immediately do this, please!

It will take 2 seconds but save you.

Virtually every electronic device comes with "free" pre-installed software. Ask yourself one question: Why is anything free?

IT Security Tip: Bookmark the LEGITIMATE websites you frequently visit

IT Security Tip: What is the “Dark Web” anyway?

IT Security Tip: How to spot a phishing e-mail

Stupid: trying to be your own cybersecurity expert. Irresponsible: trusting your IT person without a 3rd party audit. We'll give you the top 9 things to look for to know if you are properly protected!

If large companies with seemingly unlimited resources still get hacked, what hope do the rest of us have? We'll tell you exactly what hope we have!

100% of law firms were targeted by cyber-criminals in the first quarter of 2020. We never speak in absolutes. But this is an absolute.

In a mad dash to work from home, security was largely overlooked. It's understandable when the world is falling apart, but it's time to step back and take a closer look at how you have exposed your organization to data breaches, hacking, and ransomware. Some have already learned the hard way. Don't let it happen to you!

Is bank fraud on your radar? It should be. We break down a $400,000 heist that could happen to any of us. It's not about the dollar amount, but how it happened. It can happen to any of us. And most likely will. Here's how to prevent it!

Using out of date software is irresponsible. But Windows 95?!? Come on, people! That's just stupid!

Stepping over dollars to pick up pennies is stupid. Here's just one example.

I used the same password for 15 years! Pretty stupid...