The attacker does not need to know any passwords; they do not even need a username. They plug in a cable, and 3 seconds later, they’ve completely compromised your network. An attacker posing as a visitor, a copier repair person, or a member of a cleaning crew can all compromise your organization. They can steal sensitive information, install ransomware, and can shut down operations entirely. They bypass the majority of, if not all, of your other protections because now they’re a Domain Administrator.

This exploit is so severe that the Department of Homeland Security directed all federal agencies to apply the patch in accordance with the Federal Emergency Directive 20-04.

Take these three steps ASAP:

First, ask your IT team if they’ve backed up your Domain Controller servers and applied Microsoft’s patches that address the Zerologon exploit CVE-2020-1472. They must do this immediately. Be compassionate if they’ve not. IMPORTANT: Realize that if an attacker already took over a network, the patch doesn’t help.

Second, if you have Domain Controllers using operating systems older than Windows Server 2008 R2, your IT professionals must shut them down for good. Be sure to migrate any mission-critical services to other servers.

Third, does your organization rely on third parties to support you? What if one of your major suppliers, a distributor, or your biggest customer falls prey to an attack? Prepare your organization now for an interruption of their operations. Be sure their executives know about this flaw and these three steps. You do not want a catastrophe at their organization to domino and cause a disaster for you, even though you’ve protected your systems.

Additional steps:

Inform your work-from-home team members that, in some cases, the attacker can take over your network using a VPN connection. Do you have an armed guard at every work-from-home user’s home to watch visitors? Of course not. But your entire organization might rely on their security. What if a teenager’s friend feels like playing around, experimenting, with this new cool exploit on a mom or dad’s computer?

The patches only protect you from attacks from Windows devices. If an attacker accesses a network port or cable with a non-Windows machine, the attacker can still take control of your network. Microsoft will release a second patch on February 9, 2021. Ask your IT team to configure alerts now to monitor security log events 5827 thru 5831 to see when connections are allowed or denied.

The average time for IT Professionals to apply critical security patches is five months, but you need to help yours be above average. Ask them what you can do to help them have time to test and install all critical security patches within 14 days or sooner. They might want to have a patch management tool. They might need more time to devote to applying updates.

Confirm that your IT Team disconnects or disables all unused Ethernet ports, including those in conference rooms. Lock doors to any offices and conference rooms that contain active Ethernet ports. Train everyone to be proactive and remove opportunities for anyone, including guests and repair people, to plug a device into a network port.

Keep in mind that 911 systems, airlines, governments, and every organization that you depend on are at risk for Zerologon exploit CVE-2020-1472 until they take action too.

Please forward this to fellow executives you care about so they can support their IT Professionals successfully backing up servers and applying the emergency patch.

The post Attackers Can Take Control of Your Network in Three Seconds, and How to Stop Them appeared first on Foster Institute.

Intel advises that IT Professionals stop deploying the current versions of patches for the recently discovered security flaws in CPU chips. Find details, just updated, by searching:
Root Cause of Reboot Issue Identified Updated Guidance for Customers and Partners site:intel.com

Do not insert a space after the colon.

For most of you, deploying Microsoft patches is easy compared to managing Flash, Java, and browser updates. Oracle is releasing multiple security patches for Java SE. Additionally, if you are upgrading Chrome to the 64 bit version, Google is releasing new patches for that browser.

For executives wondering what to do at home, you may find it best to download fresh versions of any non-Microsoft browsers you use, and reinstall the most recent versions of Flash and Java, if you still use either, from https://get.adobe dot com/flashplayer/ or java dot com . Your Microsoft and/or Apple patches are likely configured to install automatically.

For both organizations and home office users, if you can remove Flash and/or Java from some or all of your computers, then you can forget about patching them. If you haven’t already, try it on a few computers. You may find that all of the websites essential to your business no longer require either. Worst case, you can re-install the most recent version.

Executives, please forward this to your IT Professionals. Be sure to, if you have not already, have a conversation with them about how aggressive you want them to be with patching. They can share the pros and cons with you. These days, an aggressive posture related to patches can increase your security dramatically, when handled properly. Provide them time to test the patches, test un-installing the patches, and then to deploy the patches in stages. They will also need to contact your cloud providers to discuss how they are handling the flaws and patches.

The post Patching Nightmare – Please Forward to Your IT Pros appeared first on Foster Institute.

Knowing that updates might cause a problem, please back up your computer first. You are backing up all the time already, right? Time Machine is a wonderful tool and is built in. If you want to supplement Time Machine with an additional backup, Carbon Copy Cloner from Bombich dot com is very popular and clients experience great results. You’ll need a couple of external USB drives, but the investment is worth it.

In case you are not familiar with how to apply patches, here are instructions:

On your Apple computer, even if your computer is set for automatic updates, it is good to verify that you have the most recent patches. Click on the image of the apple in the top left corner, and choose App Store. If not already selected, choose Updates inside the title bar that already contains the words: Featured, Top Charts, Categories, Purchased, and Updates. You may see many updates for your applications, and those are fine to apply, but the urgent one is the update called macOS Sierra Update and the version is 10.12.5. If you’ve not updated in a while, you may see other macOS updates too.

iPhone and iPad users, press on the Settings icon that looks like a gear. In the left-hand column, select General, and you’ll see Software Update on the right-hand column near the top. The most recent patch is for iOS 10.3.2.

If you want to configure automatic updates for your Apple computers, find instructions by searching for this phrase in Google: Automatic security updates os x site:apple.com

If you want to configure automatic updates for the iPhone and iPad, find instructions by searching for this phrase in Google: Automatic security downloads iOS site:apple.com

Please forward this to everyone you know who uses Apple devices and you want to help be more secure…

The post Get Apple’s Urgent Patches that Fix Dozens of Security Holes appeared first on Foster Institute.

Instructions for Windows and Apple home users are listed below the numbers. For organizations, here are 10 Steps To Avoid Incidents Including the Massive Ransomware Attack:

1. The reality is that most organizations are missing critical security patches and there is a very strong likelihood that yours is too.

2. Provide your team with extra time, and perhaps additional personnel, to test and then deploy patches ASAP. Some organizations are adding a new IT professional to their team whose sole responsibility is to manage patches. If the patch fails testing, then time must be invested to resolve the issue or implement compensating controls.

3. Prioritize critical security patches for the operating system, all the browsers, Flash, Java, your PDF Reader, and Microsoft Office. They are usually the easiest to attack and form your first line of defense.

4. Many IT teams are very reluctant to apply patches for fear of breaking your systems that are already running. Help remove their fears by reassuring them that you take on responsibility if the patch causes a problem. Encourage them to follow a procedure that mitigates risks:

5. Test Patches in a test environment that uses the same applications as the rest of your network. For very small companies, your test environment might be a single computer. For larger organizations, and organizations that stand to lose a great deal in the event of an attack, create a separate testing environment that is isolated from the production environment.

6. Have a pre-tested rollback plan so that, if the patch does cause a problem, your IT team will already know what they need to do right away to roll back a patch that causes an unexpected problem. They will then go back to the testing phase.

7. Deploy the patches in stages rather than patching all machines simultaneously. That way, even if the patch does cause a problem, not all your machines will be affected.

8. You may decide to empower your IT team with a patch management tool such as Ninite, LANGuard, Shavlik, or others. Allow them to test and choose a tool, and provide them with the means and time to do so, ASAP.

9. Ask IT, perhaps weekly and at least monthly, to provide you with a list of missing patches, not a pie chart.

10. You must upgrade from older operating systems, any of the ones that Microsoft no longer supports. If some machines cannot be upgraded, then they must be isolated or some other compensating control put into place. Microsoft clearly states when they stop producing patches for old operating systems.  So, there was no patch available for Windows XP and others.

Call me if they are not able to apply patches. Let’s team up to help prevent this.

At home, or if your organization is so small that you do not have an IT team or have an outsourced IT company that takes care of your patches, be sure that the option that provides automatic updates to Microsoft is enabled. The instructions are easy to find – just google the phrase: configure automatic updates site:Microsoft.com

Apple computer users, google: Automatic security updates os x site:apple.com

iPhone and iPad users, google: Automatic security downloads ios site:apple.com

Additionally, manually check for updates in Microsoft Office to be sure those are applied. Be sure that automatic updates are enabled in your browsers. Regularly download and apply patches to, or new versions of, Flash, Java, and your PDF reader.

Please forward this to everyone you care about and want to help stay secure.

The post Patching – 10 Steps to Seal the Holes in Your Armor appeared first on Foster Institute.

Patching VMware, which is often used as a platform for many of your other servers, can be frustrating. If the patch causes a problem, there is a risk that all your servers hosted on that machine will go down.

This is one of those risk vs. benefit decisions that is so important, business executives must be involved.

On the one hand, the patch could interrupt business, but not applying the patch could be considered reckless.

Test the patch prior to deployment, when possible. Having a pre-planned, if not pre-tested, roll-back plan is crucial in case the patch causes a problem.

Preferably patch one server at a time so that, if the patch does cause a problem, at least the interruption is limited to that server.

Without the patch, someone could run programs on your computer, potentially taking control of the server.

The patch fixes a vulnerability in the VMware Customer Experience Improvement Program, even if a customer is not participating in the program.

Please emphasize the last phrase to your IT pros.

Ask your IT pros to look at VMware’s information by searching for VMSA-2017-0007.

Please forward this to everyone who may be using VMware, so that they can alert their IT pros just in case they don’t know already.

The post Alert Your IT Team – Urgent Patch for Network Servers appeared first on Foster Institute.

Microsoft has released a series of patches related to the Windows Graphics Component. As IT professionals, we are tempted to think that, since it only applies to graphics, the patch isn’t that important.

Actually, the patch is very important. An attacker can execute code on your computers, perhaps even ransomware, if the patch is not installed.

We are seeing a trend during audits, of these patches being missing.

If you are a home user, be sure you are applying patches too. Chances are that you have your computer configured to auto-update.

And at your organization, be sure to alert your IT team that these patches to the graphics component are important too.

As long as your IT team is provided enough time to keep your system backed up, and to test the patches, then their applying your patches isn’t as ominous as hackers hope they feel it is.

And, as executives, you can help a lot by providing them time to focus on testing and deploying the patches. They are very busy already.

Please forward this to everyone you know whose systems may be missing these seemingly unnecessary patches. It will help stop the attackers!

The post Alert IT to Graphics Component Patches appeared first on Foster Institute.

Yesterday, someone told me their security was good since they only get infected by a few viruses each year.

Even a single infection means there is a possibility that their machines are already infected.

If one virus can get in, other undetectable viruses can too.

Unless security protections are very poor on a network or computer, visible virus infections are rare these days.

People who see virus infections need to act, including patching their Internet facing applications and enabling click-to-play. Those features already come with Windows and applications so there is nothing to buy or download. For more information, see foster institute dot come slash blog.

If you know someone whose computers on their network catch viruses, tell them the viruses are more like chest pain, not like the common cold. Infections are the sign of some greater damage that is about to, or already has, occurred.

The post Only One Virus is a Huge Problem appeared first on Foster Institute.

1. Keep critical operating system and application patches up to date, especially Flash, Java, Reader, and your browsers. Updates fix security loopholes in programs. The fear of a patch causing a program to malfunction can be reduced with proper testing, performing a staged rollout, and having a rollback plan.

2. Utilize Application Whitelisting. Application whitelisting allows you to specify what programs are permitted to run, such as Microsoft Office, your accounting program, and anything else your team needs for business purposes. Because of not being on the ok list, the majority of malicious software is blocked from running. The reason most companies don’t use application whitelisting is that their IT Pros know it can be a daunting process to set up and make it work well. Therefore, we can set that up for your IT pros. Why should they need to learn something when it only needs to be done once? The upkeep can be simple from then on.

3. Reduce the number of users with Local Admin rights as much as possible. This removes a user’s ability to install programs on their computer. As a result, it greatly hinders the ability for attackers to install malicious software too.

Other than implementation, none of those cost any money. You already paid for the technology. Emphasize the importance of, and support your IT Pros, as they implement these 3 powerful controls in your network.

Wishing you a thankful week and thank you all for remembering cyber-security as part of your main strategy for successful business operations!

The post Cyber Security’s Three Essential Steps appeared first on Foster Institute.

Microsoft presents the feature to users saying, “Download apps and OS updates from multiple sources to get them more quickly”.

Think about it and it sort of makes sense. Rather than every computer on the planet having to go to Microsoft’s servers to download patches and apps, Windows 10 computers can reach out to other Windows 10 computers and obtain the patch from them. This helps prevent Microsoft’s servers from becoming overloaded, and can allow your computer to receive patches and apps sooner. Ultimately, this can even reduce the amount of traffic flowing on the Internet in general.

Microsoft has built in strong security – though security can be broken.

Microsoft does their best not to use your computer to deliver patches if you are connected to the Internet using a mobile hotspot – helping you avoid unexpected data charges. You can also specify what Wi-Fi connections are charged as metered networks.

One concern is that, if your computer is being used to deliver updates, your Internet connection may slow down. Or, perhaps you don’t want your computer to be, what some users may feel is, a zombie for Microsoft to use as part of their patch delivery mechanism.

How to turn this feature off in Windows 10: Go to the Start button icon, choose Settings > Update & Security > Windows Update > Advanced Options. You can choose to not participate, or to select either PCs on your local network only, or PCs on your local network and PCs on the Internet”

Please help spread the word and forward this newsletter on to those you care about!

The post Microsoft Using Your Computer To Deliver Software appeared first on Foster Institute.

A benefit of knowing when to expect patches is that patch time could be planned in advance. Now your IT Pros will have to be vigilant about applying Microsoft patches any time of the month. That’s the way it is with Adobe Flash, Java, PDF Reader, and browser patches.

And, patches do you no good until they are installed on your systems.

Applying patches is one of the best things you can do to protect against hacker attacks.

3 Cardinal rules for patches:

First, test the patches. Patches sometimes cause problems, especially Java patches, so they have to be tested. Test them ASAP so you can deploy them ASAP.

Second, use a staged deployment. Patches need to be deployed first to a few machines, then more, then to the rest of your network. That way, if a patch causes a problem, not everyone is down at the same time.

Third, always have a plan on how to “roll back” the patches if they do cause a problem. That’s just another reason to always have good backups and test your ability to restore.

Microsoft says the new “ASAP” patch release proactive will start when Windows 10 is released. That will probably be in July 2015.

Please post your comments below…

The post Huge Change in Scheduled Patches appeared first on Foster Institute.