<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Alerts Archives - Foster Institute</title>
	<atom:link href="https://fosterinstitute.com/category/alerts/feed/" rel="self" type="application/rss+xml" />
	<link>https://fosterinstitute.com/category/alerts/</link>
	<description>Cybersecurity Experts</description>
	<lastBuildDate>Thu, 05 Jun 2025 01:48:27 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://fosterinstitute.com/wp-content/uploads/2021/02/Favicon.png</url>
	<title>Alerts Archives - Foster Institute</title>
	<link>https://fosterinstitute.com/category/alerts/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</title>
		<link>https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Wed, 04 Jun 2025 21:08:04 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cloud Security]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[IT Pro Tips]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[IT Settings]]></category>
		<category><![CDATA[Microsoft Settings]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6097</guid>

					<description><![CDATA[<p>Your employees might be one click away from exposing all sensitive data. Here&#8217;s how to stop it. We&#8217;re receiving calls from our cybersecurity customers when the IT Team discovers that ordinary users have given third-party applications access to all their organization&#8217;s files, email messages, calendar events, Teams chats and channels, and other data. How can [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/">Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Your employees might be one click away from exposing all sensitive data. Here&#8217;s how to stop it.</p>
<p>We&#8217;re receiving calls from our cybersecurity customers when the IT Team discovers that ordinary users have given third-party applications access to all their organization&#8217;s files, email messages, calendar events, Teams chats and channels, and other data.</p>
<p>How can ordinary users have that much power?</p>
<p>By default.</p>
<p><strong>Situation:</strong> This configuration affects most companies. While the default settings for your Microsoft 365 system allow your users to approve third-party access, Microsoft recommends the following more restrictive settings to increase security.</p>
<p><strong>The Risk:</strong> Without this setting, workers may override protections without oversight and allow any application to access your company data, create and delete files in SharePoint and OneDrive, read and send email messages, edit calendar events, access and modify Teams chats and channels, update user profile information, and perform other tasks. While some applications might need this level of access, it must be granted only after the appropriate authorities, including your IT Team, thoroughly consider it.</p>
<p><strong>Reality Check:</strong> This setting catches many IT Teams by surprise. Microsoft is updating its security controls quickly, and it is nearly impossible for IT Teams to keep up with the changes. And when defaults promote ease-of-use over security, like this one, your systems can become at risk quickly without the team realizing it. Know that your IT Team&#8217;s level of expertise can be excellent, and situations like this sneak up on them anyway.</p>
<p><strong>Urgent Quick Verification:</strong> Your IT Team can quickly access the Microsoft Entra admin center &gt; Enterprise applications &gt; Consent and permissions &gt; User consent settings. There are three options:</p>
<ul>
<li>&#8220;Do not allow user consent.&#8221;</li>
<li>&#8220;Allow user consent for apps from verified publishers, for selected permissions.&#8221;</li>
<li>&#8220;Allow user consent for all apps&#8221; (the current risky default value)</li>
</ul>
<p><strong>Update If Necessary:</strong> Microsoft recommends you select “Allow user consent for apps from verified publishers, for selected permissions.” Different organizations have different data access needs. Your IT and compliance teams must determine the appropriate level for your situation. Smaller organizations might choose the first option if they don&#8217;t want users to expose data to third-party applications without checking with the IT team. Larger organizations with more complex needs often prefer the middle option with careful permission management to take some of the workload off busy IT professionals while providing protection.</p>
<p><strong>Next Step:</strong> Your Administrators will also need to specify which permissions are low-impact, as detailed in Microsoft&#8217;s article &#8220;Overview of user and admin consent.&#8221;</p>
<p><strong>Facilitate the Approval Process:</strong> Your team can optionally set up an admin consent workflow that users must follow when they want to provide permissions.</p>
<p>Forward this to your friends who are executives at other organizations so they can give their teams this heads-up, too.</p>
<p>The post <a href="https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/">Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Mac Users &#8211; Urgent Security Alert: Protecting Your Mac from Banshee Stealer Malware</title>
		<link>https://fosterinstitute.com/mac-users-urgent-security-alert-protecting-your-mac-from-banshee-stealer-malware/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sat, 11 Jan 2025 23:29:10 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Apple]]></category>
		<category><![CDATA[Apple Virus]]></category>
		<category><![CDATA[Mac Protection]]></category>
		<category><![CDATA[Mac Virus]]></category>
		<category><![CDATA[Malware]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5972</guid>

					<description><![CDATA[<p>Mac Users – Beware of Current Malware There is a virus for Mac named Banshee Stealer that is potentially affecting millions of Mac users. IMMEDIATE ACTIONS REQUIRED: &#8211; Never enter your Mac user or admin password unless you recognize the need to enter it because of an action you’re performing, such as powering on your [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/mac-users-urgent-security-alert-protecting-your-mac-from-banshee-stealer-malware/">Mac Users &#8211; Urgent Security Alert: Protecting Your Mac from Banshee Stealer Malware</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><strong>Mac Users – Beware of Current Malware</strong></p>
<p>There is a virus for Mac named Banshee Stealer that is potentially affecting millions of Mac users.</p>
<p><strong>IMMEDIATE ACTIONS REQUIRED:</strong></p>
<p><strong>&#8211; Never enter your Mac user or admin password unless you recognize the need to enter it because of an action you’re performing, such as powering on your Mac.</strong></p>
<p><strong>&#8211; Back up your critical data immediately in case you need to perform a clean MacOS install</strong></p>
<p><strong>&#8211; Because Banshee Stealer is unnoticeable, strongly consider running an anti-malware tool capable of detecting it.</strong></p>
<p><strong>What Anti-Malware Tools Work? </strong></p>
<p>Intego, Malwarebytes, and Combo Cleaner are the only Mac-based anti-malware tools that I can find today that advertise that they can identify and stop the newest version of Banshee Stealer. There might be others. Combo Cleaner is available in the Mac App Store. Downloading apps from the store reduces the likelihood of getting a fake infected version. We don’t endorse any of the tools mentioned, nor do we receive any compensation. There are many online reviews about those two products. Stay current with your Mac OS updates, and hopefully, Apple’s built-in tools will soon detect and conquer the newest version of Banshee Stealer.</p>
<p>I realize many Mac users do not want to install anti-malware. If that’s you, please carefully understand all the information in this article to reduce your exposure. The newest variant of Banshee Stealer cleverly evades Apple’s built-in anti-malware tool, XProtect.</p>
<p><strong>What is Banshee Stealer?</strong></p>
<p>The sophisticated Banshee Stealer malware compromises computers and laptops running MacOS, including Intel-based Macs and those with Apple Silicon chips. Attackers use it to breach privacy, inflict financial losses, and steal identities. So far, iPhones and iPads have not been affected by Banshee Stealer. In my presentations and speeches, participants often ask if Macs are susceptible to viruses and other malware; this is an example of when they are.</p>
<p>Banshee Stealer is a new variant; it started as Malware-as-a-Service (MaaS). Threat actors could purchase access for $3,000 per month to attack Mac users. The new variant resurfaced in September, using encryption from Apple&#8217;s XProtect anti-virus tool, evading antivirus detection for months.</p>
<p><strong>How Can Your Computer Become Infected with Banshee Stealer?</strong></p>
<ul>
<li>If you click on links in email messages that take you to a site that might appear normal but will infect your computer with Banshee Stealer</li>
<li>If you open attachments to email messages that contain the Banshee Stealer malware or take you to a site that downloads and installs Banshee Stealer</li>
<li>Scanning QR codes in email mail or other messages for the same reason</li>
<li>If you enter your username and password into what appears to be a legitimate Apple pop-up</li>
<li>Downloading programs and applications that have Banshee Stealer hidden inside</li>
<li>If you follow a fake prompt that tells you an update or program needs to be installed, a password needs to be reset, or some application asks to use your camera or microphone or have some other elevated privilege.</li>
</ul>
<p><strong>Symptoms:</strong></p>
<p>Banshee Stealer is designed to be undetectable. You might not find out your Mac was infected until your finances, identity, and privacy are in shambles. Possible symptoms include:</p>
<ul>
<li>Your Mac computer or laptop starts behaving differently than before.</li>
<li>You might receive unexpected prompts asking you to install software, reset your password, grant permission, etc.</li>
<li>If you notice that your bank or other online accounts have been compromised, an attacker may have used Banshee Stealer to steal your passwords.</li>
<li>If your Mac starts operating much slower than before, or if the battery life seems shorter, Banshee Stealer might upload data in the background or perform other activities on your computer.</li>
<li>If you notice unexpected file changes on your computer</li>
<li>If you have a Crypto Wallet that gets compromised.</li>
</ul>
<p><strong>What to Do to Help Prevent Infection:</strong></p>
<p>Strongly consider using anti-malware capable of detecting Banshee Stealer, as discussed above.</p>
<p>Beware of all prompts that pop up on your screen that look like they are Apple prompts asking for your password. Banshee Stealer is great at mimicking the Apple prompts, and if you enter your username and password, Banshee Stealer captures them. It is essential that you only enter your username and password when you are actively expecting to need to, such as:</p>
<ul>
<li>When you power on the computer or when you log in after the screen is locked</li>
<li>When you are installing new software right then</li>
<li>When you are logging into Keychain</li>
<li>When you told the Mac to install system updates</li>
<li>Administrative tasks like when you are intentionally accessing system files</li>
<li>And some of the changes to system preferences you’re making right then.</li>
</ul>
<p>Only install programs and applications from trusted companies. Remember that attackers can sometimes infect trusted companies and install malware without the software provider&#8217;s knowledge. This is called a supply chain attack, and it can be very successful if people trust the website or tool. Getting programs from the Mac App Store helps minimize the risk of downloading malware hidden inside an otherwise functional program.</p>
<p>Do not double-click on a link or button on a website. Legitimate website navigation involves single-clicks. Threat actors have determined that people will follow instructions to double-click or double-click if something does not seem work the first time. During a double-click process, attackers will quickly replace the original link with a malicious one right after the first click before the second. Users do not realize what they&#8217;ve done and might have executed a script or unknowingly performed another task the threat actor wanted.</p>
<p>Do not click on links in email messages or other messages, and do not scan a QR code—it functions as a link. Do not click on links on services such as YouTube; threat actors will put links into the descriptions and comments. View every link everywhere as suspicious and avoid clicking.</p>
<p>Do not open attachments that arrive via email or another method unless you confirm with the sender that it is indeed the file they sent. Remember that attackers can compromise other companies or users and use their email addresses to send malicious files when you expect them. This is a way for even the most security-conscious people to be infected.</p>
<p>Update your MacOS regularly. Instead of answering a prompt on your screen telling you about an update, regularly click on the apple in the top left corner and choose System Settings, General, then Software Update.</p>
<p>Consider removing as many browser extensions as possible. Sometimes malware infects browser extensions or comes included when you install an extension.</p>
<p>Use multi-factor authentication (MFA) on all the websites, Software as a Service (SaaS) solutions, and everywhere else you can. Choosing to receive a text message for the second step of the login process is much better than having no MFA, but it is not the most secure choice due to the SIM-Swapping attackers use. They learn as much as they can about you, frequently using AI, and contact your phone provider and try to convince your provider that they are you and that you have a new SIM chip or a new phone. Recent breaches have exposed your location history gathered by companies who write apps and sell your location information. Threat Actors can use AI to combine location information with publicly available data to learn much about you and your life. If the phone provider is duped, they’ll successfully take over your account and be able to receive the text messages on their device. If you ever change your phone number, you&#8217;ll need to go to all the websites where you set up text-based MFA, disable MFA, and re-enable MFA when you get the new number.</p>
<p>For more secure multi-factor authentication, if the website or SaaS tool allows, set up an authenticator app on your smartphone that generates a number every thirty seconds. This Time-Based One-Time Password (TOTP) is more secure because it doesn&#8217;t rely on a text message. Popular authenticators include Google Authenticator, Microsoft Authenticator, Authy, and more. (Same disclaimers as above). Be sure to back up your authenticator app in case you lose or upgrade your phone. Otherwise, you could be locked out of everything you set up for TOTP. If you can’t generate the codes, you won’t be able to log in to the sites that require that code. There are other options that are more secure than text message-based MFA, including USB Keys, Passkeys, etc.</p>
<p>Be sure you use different passwords for every website or SaaS offering. When attackers compromise your password anywhere, they’ll perform credential stuffing, meaning they try the same username and password at dozens of other popular websites and SaaS platforms. It is challenging to remember passwords, and password manager software can be very helpful. Password managers remember your passwords for you and can fill them in when prompted. Although web browsers have this feature, too, many people consider password managers more secure since, if an attacker compromises your browser, the passwords are not readily available to them. Some password managers will synchronize across multiple devices, reset weak passwords for you, and offer other features. It is almost always best not to use the VPN and other services that come with password managers. 1Password, DashLane, Keeper, LastPass, and many others are common. (Same disclaimers about not endorsing these nor do we get compensation). And Apple has revamped the MacOS Keychain password manager to be more secure than it was. When you use a password manager, be sure it is backing up somewhere in case you lose your laptop. Apple Keychain automatically backs up to iCloud and synchronizes across your other devices.</p>
<p>If you have sensitive data, consider encrypting the files in case Banshee Stealer or other malware accesses and steals them.</p>
<p>Computers and devices communicate through a network, copper or WiFi. Malware can move from one computer to another. If you use your Mac at home and family members have Macs who aren’t as careful as you are, having a segmented network for you to use, separate from everyone else, helps protect you from malware spreading from their computers onto yours. Segmentation is slightly technical, and the easiest way to segment a home network might be to have all the other family members connect to the “guest” network and use the primary network.</p>
<p>Set up text messages for all financial transactions. Most financial institutions offer SMS or email alerts whenever transactions larger than a certain amount are processed. I have my accounts set to text me anytime a transaction of more than one dollar occurs on any account because that is the minimum amount my banks allow. Yes, I receive many alerts, but I’d prefer to receive many alerts than not knowing about an unauthorized withdrawal. Continue to monitor bank statements and other financial records.</p>
<p>If your company has an Extended Detection and Response (XDR) solution, contact your IT professionals to be sure they&#8217;ve installed the XDR agent on your Mac, too. If your business isn&#8217;t already using XDR, you must. This technology is designed to detect and stop malicious activity before it has time to do much, if any, harm. Examples of XDR tools include Crowd Strike, Cynet, Sentinel One, and more (we don&#8217;t endorse nor receive compensation for mentioning them).  As cybersecurity consultants, we recommend that our customers get XDR from their IT Team&#8217;s vendor. The typical approximately $20/mo/user seems expensive until after a breach. Many companies get breached even though they have XDR in place, but the most common reason is that something wasn&#8217;t implemented correctly or there is a breakdown or delay in communications. Companies engage with us to perform independent periodic vigorous red team exercises to attack and test their XDR response. Most XDR implementations fail the first exercise, but finding weaknesses before the threat actors do is the point. After the exercise and forthcoming recommendations are implemented, a company is much more prepared for a real-world attack.</p>
<p>This recommendation isn’t for everyone; I left it for last. Implementing this can be complicated and frustrating and is most often initiated by enterprises using Windows and Mac. Another strategy to help avoid getting malware from websites is to use a hosted browser, also known as browser isolation. This service runs a web browser on their servers, and your computer shows you their browser. Thus, all browser attacks will attack the company hosting the browser, not your computer’s browser. Sometimes, hosted browsers work better than others, but you might consider this option to further isolate and protect your computer from browser-based threats. For example, if a website wants to access your local mic and camera, it won’t work since you’ll be using the hosted browser. But this protects you from malicious websites that take over your mic and camera. My research to locate a hosted browser for the Mac was complex, and I want to rush this blog to the press due to the urgency of Banshee Stealer. Candidates for stand-alone hosted browser solutions for the Mac include Menlo Secure Cloud Browser, Authentic8, and the Puffin Browser. Zscaler and Cloudflare also offer hosted browser solutions for the Mac, but they don’t seem to be sold as a stand-alone solution but as part of a larger package. We are not endorsing or receiving any compensation for listing those products.</p>
<p><strong>Proactive Steps to Take In Case You Get Infected:</strong></p>
<p>There are other steps to take that will help you if you do get infected. Be sure you are backing up with Mac OS’s built-in Time Machine or another service. Using multiple external USB drives for backup and rotating them is a great idea. Mac OS will keep track of each drive and apply the backups when you plug in the specific drive. Strongly consider an online backup service. Examples of highly rated cloud backup services for Mac users include BackBlaze, iDrive, and Acronis, but there are others. We are not endorsing those, nor do we receive any compensation for recommending them. You might even copy your files to an online storage service; use multi-factor authentication and all the other industry-best cybersecurity practices for cloud storage. Some people copy their most important files to one or more external drives, leaving them disconnected except when copying files.</p>
<p><strong>What to do if you think you are infected:</strong></p>
<p>Turn off your Wi-Fi or disconnect your Ethernet cable to stop any more files from being stolen and uploaded.</p>
<p>Run an anti-malware package described above under prevention.</p>
<p>Continue to watch your financial accounts for any suspicious activity.</p>
<p>Follow all the steps above under the section on what to do to avoid infection.</p>
<p>Consider moving your assets to a new, secure wallet if you use cryptocurrency.</p>
<p>You should contact gurus at Apple or another support organization who can help you with your Mac.</p>
<p>Reset all of your passwords. If you are not using a password manager, now might be a good time to do so.</p>
<p>Decide whether to alert your business and associates that if they receive an email pretending to be from you, it is likely not from you.</p>
<p>If you want to feel confident you’ve removed all of the malware, consider backing up your data and performing a clean install of macOS.</p>
<p><strong>Final Thoughts:</strong></p>
<p>I hope you do not become infected with Banshee Stealer and are not already infected, which is tricky to detect. Following the guidance in this article can also help protect you from other Mac malware. Tell your friends.</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/mac-users-urgent-security-alert-protecting-your-mac-from-banshee-stealer-malware/">Mac Users &#8211; Urgent Security Alert: Protecting Your Mac from Banshee Stealer Malware</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Protecting Your Financial Interests in the Wake of a Major Data Breach</title>
		<link>https://fosterinstitute.com/protecting-your-financial-interests-in-the-wake-of-a-major-data-breach/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sun, 21 Apr 2024 13:33:01 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Anti-virus]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Credit Freeze]]></category>
		<category><![CDATA[Cyber Attacks]]></category>
		<category><![CDATA[Cyber Fraud]]></category>
		<category><![CDATA[Cyber Scams]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cyber Security Breach]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Data Restoration]]></category>
		<category><![CDATA[Family Security]]></category>
		<category><![CDATA[Identity Theft]]></category>
		<category><![CDATA[laptops]]></category>
		<category><![CDATA[Malicious Advertising]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Restoring]]></category>
		<category><![CDATA[Security Breach]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5779</guid>

					<description><![CDATA[<p>In today&#8217;s digital age, the security of your personal information is more than a convenience &#8211; it&#8217;s a crucial aspect of your financial strategy. Recently, a significant breach at a major phone provider has put the personal data of 73 million individuals at risk, including high-net-worth individuals like yourself. This exposed data includes not only [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/protecting-your-financial-interests-in-the-wake-of-a-major-data-breach/">Protecting Your Financial Interests in the Wake of a Major Data Breach</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>In today&#8217;s digital age, the security of your personal information is more than a convenience &#8211; it&#8217;s a crucial aspect of your financial strategy. Recently, a significant breach at a major phone provider has put the personal data of 73 million individuals at risk, including high-net-worth individuals like yourself. This exposed data includes not only names and contact details but also sensitive information such as social security numbers, dates of birth, and account credentials. The potential financial repercussions are substantial, making it imperative to take action to safeguard your assets. Follow these guidelines to mitigate risks and ensure your financial security remains uncompromised.</p>
<h3>Credit Freeze</h3>
<p>If you haven’t already, consider freezing your credit to prevent new credit accounts from being opened in your name without your permission. Here are in-depth instructions and details: <a href="https://fosterinstitute.com/help-protect-your-financial-future-freeze-your-credit/" target="_blank" rel="noopener">Help Protect Your Financial Future: Freeze Your Credit &#8211; Foster Institute</a></p>
<h3>Monitor Financial Accounts</h3>
<p>Keep a close watch on your financial accounts for any unauthorized activity or transactions. Consider subscribing to an identity theft protection service, which can help monitor your information and alert you to potential misuse of your personal data. If you didn’t place the credit freeze mentioned above, doing so is essential.</p>
<h3>Beware of Fraud and Scams</h3>
<p>Beware of email, text, phone calls, or messages popping up on your computer that claim you are hacked and offer tech support help. Familiarize yourself and your family with the latest fraud techniques. Be skeptical of emails, phone calls, or messages that request personal information or direct you to websites asking for personal or financial data.</p>
<h3>Be Cautious with Search Engine Results that are Ads</h3>
<p>Threat actors can purchase ads so that, if you search for keywords such as &#8216;My phone provider database was hacked,&#8217; the ad, disguised as a helpful search result, will appear at the top. This can lead you to a page designed to defraud you or compromise your computer</p>
<p>To help protect yourself, when you search, scroll down and click on the organic search results rather than the ads. You are more likely to access safer websites.</p>
<p>Malicious advertising is not limited to search engines. Advertisements on websites can be just as dangerous. These attacks are called malvertising and trick millions of users each year.</p>
<h3>Change Passwords Immediately</h3>
<p>If you haven’t recently, change passwords for all your accounts including phone provider, social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts.</p>
<h3>Use a Password Manager</h3>
<p>Consider using a password manager to manage your unique passwords on every website. Detailed information about using password managers: <a href="https://fosterinstitute.com/password-managers-speed-your-workflow/" target="_blank" rel="noopener">Password Managers Speed Your Workflow &#8211; Foster Institute</a></p>
<h3>Set Up Unique Security Questions</h3>
<p>When setting up security questions, avoid real answers that are easy for a bad actor to research. Instead, use fictional answers like, “The fourth crater on the moon.” Save your secret answers in a randomly named file such as “socks.docx,” and consider encrypting this file for added safety.</p>
<h3>Enable Two-Step Verification</h3>
<p>Enable two-step verification for accounts. Prioritize setting this up on sensitive websites and services where it&#8217;s available.</p>
<h3>Update Operating Systems and Software</h3>
<p>Ensure that all your devices have the latest security software, web browsers, and operating systems updates and patches. This is one of the best defenses against viruses, malware, and other online threats.</p>
<h3>Secure Your Tax Identity with an ID.me Account</h3>
<p>Given that social security numbers were compromised, there&#8217;s an elevated risk of someone attempting to file a fraudulent federal tax return in your name. To combat this, consider registering for an ID.me account which provides access to IRS services. With this account, you can also apply for an IRS Identity Protection PIN (IP PIN) that adds an extra layer of security to your tax filings by requiring this unique six-digit number on your tax return.</p>
<h3>Protect Your Property Records</h3>
<p>With personal details like your SSN in the wrong hands, even your home ownership documents could be targeted. It&#8217;s advisable to monitor and possibly register your property deeds with services that alert you to any unauthorized filings or changes. While a universal solution for this isn&#8217;t available yet, taking initial steps such as contacting your local county clerk&#8217;s office to inquire about protective measures can be beneficial.</p>
<h3>Awareness for Business Impact</h3>
<p>Businesses, particularly those utilizing services from the breached provider, should be acutely aware of the implications this breach can have on their operations. It&#8217;s crucial for business owners to assess their exposure and strengthen their internal security measures, including employee training on data privacy and regular security audits to prevent further damage.</p>
<h3>Register for Online Tax Accounts in All States</h3>
<p>To prevent the misuse of your personal information for fraudulent state tax filings, consider registering for an online tax account in each of the 50 states. This pre-emptive registration can block identity thieves from creating accounts in your name, a tactic increasingly used to commit tax fraud across state lines.</p>
<h3>Digital Footprint and Data Sharing</h3>
<p>Be vigilant about the information you share online and through mobile applications. It&#8217;s crucial to minimize data sharing and scrutinize the permissions you grant to apps, especially those that request access to sensitive personal information. Educate yourself and limit exposures to safeguard against unauthorized data usage. The less information threat actors can gather about you, the more difficult it will be for them to misuse your identity.</p>
<h3>Review and Update Privacy Settings</h3>
<p>Regularly review and update your privacy settings on social media and other online platforms to ensure minimal public exposure of personal information. This proactive measure can significantly deter fraudsters from using accessible data to facilitate identity theft or scams.</p>
<h3>Legal and Financial Consultation</h3>
<p>Consult with legal and financial advisors to explore additional protective measures tailored to your personal or business circumstances. Discuss setting up legal structures such as trusts to shield assets, or other strategies that may offer enhanced security against identity theft and financial fraud.</p>
<h3>Emergency Contacts and Protocols</h3>
<p>Prepare an emergency contact list and establish protocols for immediate action if you suspect identity theft or if a data breach occurs. Include the contact information for essential services such as credit bureaus, your bank, and legal advisers, to ensure a swift and organized response to security threats.</p>
<p>Forward this message to your friends so they can follow these steps can help mitigate the damage from the breach and protect their personal information.</p>
<p><strong>Subscribe</strong> to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: <a href="https://fosterinstitute.com/e-savvy-newsletter/">https://fosterinstitute.com/e-savvy-newsletter/</a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<h6>Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.</h6>
<p>The post <a href="https://fosterinstitute.com/protecting-your-financial-interests-in-the-wake-of-a-major-data-breach/">Protecting Your Financial Interests in the Wake of a Major Data Breach</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Deepfakes and Business: An Urgent Call to Action</title>
		<link>https://fosterinstitute.com/deepfakes-and-business-an-urgent-call-to-action/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sat, 21 Oct 2023 20:55:31 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Alerts]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5675</guid>

					<description><![CDATA[<p>The rapid advancement of deepfake technology poses not only a societal threat but also a profound risk to businesses and global stability. &#160; The Danger: Bad actors can create highly realistic videos that can damage the reputation of nations or corporate executives. False narratives disseminated via deepfakes on social media can mislead shareholders, employees, and [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/deepfakes-and-business-an-urgent-call-to-action/">Deepfakes and Business: An Urgent Call to Action</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The rapid advancement of deepfake technology poses not only a societal threat but also a <strong>profound risk to businesses</strong> and global stability.</p>
<p>&nbsp;</p>
<h3>The Danger:</h3>
<p>Bad actors can create highly realistic videos that can damage the reputation of nations or corporate executives. False narratives disseminated via deepfakes on social media can mislead shareholders, employees, and the public at large.</p>
<p>Disinformation, once released, can spread rapidly as many people turn to social media for their news.</p>
<p>&nbsp;</p>
<h3>Opportune Time:</h3>
<p>Current global challenges create an environment ripe for deepfakes to cause destabilization. Factors include:</p>
<ul>
<li>Multiple <strong>global conflicts</strong></li>
<li>Heated US <strong>political infighting</strong></li>
<li>Intense prejudices and <strong>hate-based violence</strong></li>
</ul>
<p><strong>Deepfake artists are exploiting the current emotionally charged climate,</strong> leading even rational thinkers astray.</p>
<p>&nbsp;</p>
<h3>Misguided Courage:</h3>
<p>People have the courage to stand up for their beliefs, but deepfakes can mislead them with disinformation. While they may see themselves as heroes, they could inadvertently become pawns in the hands of disinformation creators.</p>
<p>&nbsp;</p>
<h3>Take Action:</h3>
<p>In the midst of current chaotic wars and global threats, new AI tools offer bad actors the perfect means to destabilize both businesses and the global economy.</p>
<p><strong>Stay objective and vigilant. Remind those around you: &#8220;Always verify facts, regardless of how convincing a news article or video may seem.&#8221;</strong></p>
<p>Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: <a href="https://fosterinstitute.com/e-savvy-newsletter/" target="_blank" rel="noopener">https://fosterinstitute.com/e-savvy-newsletter/</a></p>
<p>(Image source: Bing. Learn more at [Bing.com].)</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/deepfakes-and-business-an-urgent-call-to-action/">Deepfakes and Business: An Urgent Call to Action</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Make Contingency Plans to Prepare for an Attack Against Critical Infrastructure</title>
		<link>https://fosterinstitute.com/make-contingency-plans-to-prepare-for-an-attack-against-critical-infrastructure/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Thu, 07 Apr 2022 22:03:56 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Cloud Security]]></category>
		<category><![CDATA[Hacking]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5227</guid>

					<description><![CDATA[<p>An executive asked for a short list of what they should be doing now to prepare for the unlikely event of a disruption to our critical infrastructure. Here are some basics: Make contingency plans for what you’ll do if the power goes out for an extended time. Consider how you’ll respond if you’re unable to [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/make-contingency-plans-to-prepare-for-an-attack-against-critical-infrastructure/">Make Contingency Plans to Prepare for an Attack Against Critical Infrastructure</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An executive asked for a short list of what they should be doing now to prepare for the unlikely event of a disruption to our critical infrastructure. Here are some basics:</p>
<ul>
<li>Make contingency plans for what you’ll do if the power goes out for an extended time.</li>
<li>Consider how you’ll respond if you’re unable to use your online banking.</li>
<li>What is your plan if one of your vendors or SaaS providers shuts down for an extended period?</li>
<li>Make contingency plans in case your Internet Service Provider goes down.</li>
<li>What will you do if fuel becomes unavailable as it was to some regions after the Colonial Pipeline attack?</li>
<li>What if your shipping companies cannot deliver packages to you or your customers?</li>
<li>Should you take out enough cash to make payroll for your next pay cycle?</li>
</ul>
<p>Find cybersecurity specific recommendations here: <a href="https://fosterinstitute.com/10-things-every-organization-can-do-right-now-to-protect-themselves-from-state-sponsored-foreign-attacks/" target="_blank" rel="noopener">https://fosterinstitute.com/10-things-every-organization-can-do-right-now-to-protect-themselves-from-state-sponsored-foreign-attacks/</a></p>
<p>Here are tips to protect your and your worker’s families: <a href="https://fosterinstitute.com/family-disaster-preparedness-protect-your-loved-ones/" target="_blank" rel="noopener">https://fosterinstitute.com/family-disaster-preparedness-protect-your-loved-ones/</a></p>
<p>The post <a href="https://fosterinstitute.com/make-contingency-plans-to-prepare-for-an-attack-against-critical-infrastructure/">Make Contingency Plans to Prepare for an Attack Against Critical Infrastructure</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Beware: Attackers Place Malicious Ads at the Top of Search Engine Results</title>
		<link>https://fosterinstitute.com/beware-attackers-place-malicious-ads-at-the-top-of-search-engine-results/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Fri, 01 Apr 2022 14:52:43 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Family Security]]></category>
		<category><![CDATA[Mobile Security]]></category>
		<category><![CDATA[Ransomware]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5221</guid>

					<description><![CDATA[<p>OpenOffice is a free program that allows you to create documents and spreadsheets. Right now, attackers are buying ads so that, if you search for OpenOffice and are a lucky searcher, an ad appears at the top of your search. Clicking on the ad could take you to a site to download a malicious program [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/beware-attackers-place-malicious-ads-at-the-top-of-search-engine-results/">Beware: Attackers Place Malicious Ads at the Top of Search Engine Results</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>OpenOffice is a free program that allows you to create documents and spreadsheets. Right now, attackers are buying ads so that, if you search for OpenOffice and are a lucky searcher, an ad appears at the top of your search. Clicking on the ad could take you to a site to download a malicious program rather than OpenOffice.</p>
<p>To help protect yourself, when you search, click on the organic search results rather than the ads. That behavior can be safer if the advertisers are bad actors trying to lure you to a malicious site or download.</p>
<p>Malicious advertising is not limited to search engines. Advertisements on websites can be just as dangerous. These attacks are called malvertising and trick millions of users each year.</p>
<p>Please forward this to your friends so they know online advertisements, even search engine results, might take them to dangerous sites that attack their computers. The sites could offer downloads that, while the programs might seem legitimate, are tainted executable files infested with malware to attack their computer, encrypt files, steal their information including keystrokes and passwords, and provide remote access to unauthorized bad actors.</p>
<p>Note: We are not endorsing or advising you to use or not use OpenOffice. We use their name as an example because this incident is a current event. This does not indicate that OpenOffice is hacked; if anything, it suggests that the program is attractive enough that users eagerly seek it. Attackers use many famous brands and products. Being selected as a keyword can be flattering. Malvertising is unrelated to companies having security weaknesses.</p>
<p>The post <a href="https://fosterinstitute.com/beware-attackers-place-malicious-ads-at-the-top-of-search-engine-results/">Beware: Attackers Place Malicious Ads at the Top of Search Engine Results</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>10 Things Every Organization Can Do Right Now to Protect Themselves from State-Sponsored Foreign Attacks!</title>
		<link>https://fosterinstitute.com/10-things-every-organization-can-do-right-now-to-protect-themselves-from-state-sponsored-foreign-attacks/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Thu, 24 Feb 2022 01:50:20 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Cloud Security]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Email Security]]></category>
		<category><![CDATA[Hacking]]></category>
		<category><![CDATA[Password Security]]></category>
		<category><![CDATA[Ransomware]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5141</guid>

					<description><![CDATA[<p>Help protect your organization from attacks related to possible cyber-warfare. Ask your IT pros, in-house or outsourced, to: If your network firewall supports blocking data traffic by country, restrict all connections from all non-essential countries. You might need to allow traffic from specific addresses if one of your providers has a data center in another [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/10-things-every-organization-can-do-right-now-to-protect-themselves-from-state-sponsored-foreign-attacks/">10 Things Every Organization Can Do Right Now to Protect Themselves from State-Sponsored Foreign Attacks!</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Help protect your organization from attacks related to possible cyber-warfare. Ask your IT pros, in-house or outsourced, to:</p>



<ul class="wp-block-list"><li>If your network firewall supports blocking data traffic by country, restrict all connections from all non-essential countries. You might need to allow traffic from specific addresses if one of your providers has a data center in another country.</li><li>If you use Office 365, configure Conditional Access by Country to only accept users logging in from countries where your users will be when they access Office 365. You might need to upgrade your O365 license to enable conditional access by country.</li><li>Configure firewalls on your websites and web applications to only accept connections from countries where you do business. Before limiting countries, ask your web developers if they use tools hosted in other countries. You’ll need to allow connections from those specific companies; else, your web application might malfunction.</li><li>Block your users, in case they get fooled by a fraudulent email message, from accessing websites in countries and categories except those essential for business. When you configure web content filtering, you might be surprised to find out that some of the sites you use must connect to other countries to work correctly. Your team can allow those specific sites without enabling the entire country. Be careful not to overload your IT team with this recommendation.</li><li>If you haven&#8217;t already, be sure to implement multi-factor authentication for your VPN, Microsoft Office 365, your privileged user accounts, social media accounts including LinkedIn, and anywhere attackers could inflict damage if they gain access.</li><li>Shut down any unnecessarily exposed ports on your firewall, including remote management. If you must leave ports open, filter by the source address to prevent connections from anywhere except authorized static addresses.</li><li>Configure your spam filter to block email messages from all countries except for those from which you wish to receive messages.</li><li>Implement the email protection features SPF, DKIM, and DMARC to help block fraudulent emails and messages that someone tampered with. There are services to help IT departments accomplish this.</li><li>Discuss Distributed Denial of Service (DDOS) attacks with your Internet provider and web hosting companies and ways they can protect you in case an attacker floods your network, your phone systems, or your websites with so much traffic that it shuts down your systems.</li><li>Uninstall all the programs you do not use. If foreign attackers take over a software company, as they have recently, you won&#8217;t be affected if those programs are not installed.</li></ul>



<p class="wp-block-paragraph">All of these are in addition to the other protections you should already have, including double-checking that all the critical security updates from Microsoft and your browsers are installed on all of your systems, using anti-virus and Endpoint Detection and Response tools, making sure no users are local administrators to make it difficult for attackers to install malware on their computers, using application control, and other recommendations you read in these blogs.</p>



<p class="wp-block-paragraph">Alert your users to the heightened threat and tell them to be wary of fake news. Remind them never to enter their usernames and passwords when prompted, no matter how convincing a site appears. If they read something that seems scary and instructs them to do something urgently, they must pause before acting. They should ask the IT department if they have the slightest suspicion. If they spot something fraudulent, you might tell them to send an alert to your other users to know the message is fake. They should remove links before they forward the message.</p>



<p class="wp-block-paragraph">If you have an on-prem Exchange server, attackers will target the server relentlessly. Immediately ensure the Exchange server is patched with all critical updates. Be sure your firewall is configured to block all traffic except specific IP addresses. Talk to your executives about fast-tracking your migration to hosted Exchange if migration is possible.</p>



<p class="wp-block-paragraph">While the following won&#8217;t prevent an attack, you want to be prepared:</p>



<ul class="wp-block-list"><li>Confirm that the backups of your cloud data function correctly in case attackers delete your Office 365 or other cloud data and render the cloud provider&#8217;s backups useless.</li><li>After ransomware attacks, many organizations&#8217; executives are shocked at how long it takes to restore. Be sure your whole disaster recovery process is quick enough to meet your return to operations (RTO) requirements. You might prioritize which services need to be running soonest and make recovery point objectives (RPOs). Practice restoring and measure the time it takes to restore and recover.</li></ul>



<p class="wp-block-paragraph">Make contingency plans for what you’ll do if the power goes out for an extended time. Consider how you’ll respond if you’re unable to use your online banking. What is your plan if one of your vendors or SaaS providers shuts down for an extended period? Make contingency plans in case your Internet Service Provider goes down. What will you do if fuel becomes unavailable as it was to some regions after the Colonial Pipeline attack? What if your shipping companies cannot deliver packages to you or your customers? Should you take out enough cash to make payroll for your next pay cycle? Planning for these and other risks will allow you to have systems in place in the unlikely event they occur.</p>



<p class="wp-block-paragraph">You can find additional guidance at <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-011a" target="_blank" rel="noreferrer noopener">https://www.cisa.gov/uscert/ncas/alerts/aa22-011a</a></p>
<p>The post <a href="https://fosterinstitute.com/10-things-every-organization-can-do-right-now-to-protect-themselves-from-state-sponsored-foreign-attacks/">10 Things Every Organization Can Do Right Now to Protect Themselves from State-Sponsored Foreign Attacks!</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Prepare Now to Recover Quickly from Ransomware on Mac and Windows Computers</title>
		<link>https://fosterinstitute.com/prepare-now-to-recover-quickly-from-ransomware-on-mac-and-windows-computers/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Thu, 28 Jan 2021 17:31:33 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cyber Security Best Practices]]></category>
		<category><![CDATA[Cyber Security Consultant]]></category>
		<category><![CDATA[cyber security expert]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=3421</guid>

					<description><![CDATA[<p>Equip all of your Work from Home users with a cloned drive so they can help protect your network and get up and running quickly if they get ransomware or if their hard drive crashes. Protect your home family computers the same way. Cloning a hard drive creates a second drive that looks, to a [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/prepare-now-to-recover-quickly-from-ransomware-on-mac-and-windows-computers/">Prepare Now to Recover Quickly from Ransomware on Mac and Windows Computers</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Equip all of your Work from Home users with a cloned drive so they can help protect your network and get up and running quickly if they get ransomware or if their hard drive crashes. Protect your home family computers the same way.<span id="more-3421"></span></p>
<p>Cloning a hard drive creates a second drive that looks, to a computer, identical to the source drive. If your laptop or computer gets ransomware or seems infected somehow, you can restore a cloned drive&#8217;s image to effectively reset the computer to how it was when you most recently made a clone. Additionally, if the hard drive crashes, the clone could quickly replace that drive&#8217;s functionality.</p>
<p>Create frequent clones of your computer&#8217;s hard disk to one or more external USB hard drives. Keep making your other backups too.</p>
<p>For Windows computers, Microsoft provides the System Image Creation feature. Commercial options include Shadow Protect Desktop from StorageCraft and Acronis True Image.</p>
<p>For Macs, options include Carbon Copy Cloner, Acronis True Image, and SuperDuper! Check compatibility with your version of OSX. Apple Time Machine is always compatible, and it is possible to boot into recovery mode to restore a drive from Time Machine, but it&#8217;s not a clone.</p>
<p>(We do not receive compensation for, nor do we endorse specific products. It is essential to give you examples.)</p>
<p>Please forward this to your friends to ensure they know cloned hard drives often permit speedy recovery of ransomed computers. If they have a clone image of a hard drive, work from home users can likely stay productive even when their computer malfunctions.</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/prepare-now-to-recover-quickly-from-ransomware-on-mac-and-windows-computers/">Prepare Now to Recover Quickly from Ransomware on Mac and Windows Computers</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Tips and Tricks: An Unconventional way to Protect Yourself from SolarWinds and Future Hacks</title>
		<link>https://fosterinstitute.com/tips-and-tricks-an-unconventional-way-to-protect-yourself-from-solarwinds-and-future-hacks/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Wed, 13 Jan 2021 22:53:39 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Executives and IT]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[Cyber Security Best Practices]]></category>
		<category><![CDATA[Cyber Security Consultant]]></category>
		<category><![CDATA[cyber security expert]]></category>
		<category><![CDATA[it risk management]]></category>
		<category><![CDATA[it security audit]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=3406</guid>

					<description><![CDATA[<p>Will running one rarely used program stop future attacks? It will in the SolarWinds attack and perhaps stop future compromises too. It makes sense that malware uses strategies to infect and hide inside of networks undetected. Here is some fascinating insight into that self-preservation: The malware related to SolarWinds attack looks for specific security related [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/tips-and-tricks-an-unconventional-way-to-protect-yourself-from-solarwinds-and-future-hacks/">Tips and Tricks: An Unconventional way to Protect Yourself from SolarWinds and Future Hacks</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Will running one rarely used program stop future attacks? It will in the SolarWinds attack and perhaps stop future compromises too.<span id="more-3406"></span></p>
<p>It makes sense that malware uses strategies to infect and hide inside of networks undetected. Here is some fascinating insight into that self-preservation: The malware related to SolarWinds attack looks for specific security related software, including a free program named WireShark, before installing itself. If Wireshark is running in Windows, the virus installation terminates itself.</p>
<p>Should you run WireShark on your computers 24&#215;7? Ordinarily, IT Professions remove WireShark in case attackers installed it. Paradoxically, running WireShark will stop the initial activation of the SolarWinds attack. WireShark is not the only choice. Open this Microsoft article and use CTRL-F search for the word WireShark to see the other security related tools that will horrify some malware: <a href="https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/" target="_blank" rel="noopener">https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/</a></p>
<p>But, after SUNBURST installs itself, it is too late. It doesn&#8217;t look for security related tools after installation.</p>
<p>This message is not a recommendation to run these applications, nor is it intended to dissuade you. If organizations start adopting this strategy to thwart cautious attacks, it will be interesting to see how malware responds.</p>
<p>Forward this article to your friends so they receive this insight into how bad actors strive to avoid detection and discuss implementing this unconventional approach to stopping malware installations.</p>
<p>The post <a href="https://fosterinstitute.com/tips-and-tricks-an-unconventional-way-to-protect-yourself-from-solarwinds-and-future-hacks/">Tips and Tricks: An Unconventional way to Protect Yourself from SolarWinds and Future Hacks</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Three of the Most Useful Links About the SolarWinds Attack:</title>
		<link>https://fosterinstitute.com/three-of-the-most-useful-links-about-the-solarwinds-attack/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Thu, 07 Jan 2021 17:37:03 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cyber Security Best Practices]]></category>
		<category><![CDATA[Cyber Security Consultant]]></category>
		<category><![CDATA[cyber security expert]]></category>
		<category><![CDATA[it security review]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=3386</guid>

					<description><![CDATA[<p>Even if you don&#8217;t use SolarWinds, your suppliers and customers might. In some cases, your security is only as good as their security. There are so many webpages about the Solar Winds attack. Here are three of the most useful. Please forward this to your IT team. Do not let the title of this Microsoft [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/three-of-the-most-useful-links-about-the-solarwinds-attack/">Three of the Most Useful Links About the SolarWinds Attack:</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Even if you don&#8217;t use SolarWinds, your suppliers and customers might. In some cases, your security is only as good as their security.</p>
<p>There are so many webpages about the Solar Winds attack. Here are three of the most useful. Please forward this to your IT team.<span id="more-3386"></span></p>
<p>Do not let the title of this Microsoft article fool you. Microsoft explains how the attack starts and progresses, complete with diagrams. Not only is this page fascinating reading about this horrible attack, understanding the tactics helps your team protect you from future supply chain attacks:<br />
<a href="https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/" target="_blank" rel="noopener">https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/</a></p>
<p>Microsoft&#8217;s recommendations about how to protect Office 365: <a href="https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754" target="_blank" rel="noopener">https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754</a></p>
<p>SUPERNOVA is malware that different attackers made to impersonate the SolarWinds SUNBURST attack, and it is dangerous too. SolarWinds addresses both in their comprehensive information about determining if SolarWinds installations are affected and how to protect your organization: <a href="https://www.solarwinds.com/securityadvisory" target="_blank" rel="noopener">https://www.solarwinds.com/securityadvisory</a></p>
<p>Please forward this message to other organizations you care about, especially your suppliers, so their IT Pros have three of the most useful links amongst the dozens of others.</p>
<p>The post <a href="https://fosterinstitute.com/three-of-the-most-useful-links-about-the-solarwinds-attack/">Three of the Most Useful Links About the SolarWinds Attack:</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
