–> ONE: Ask your IT team, “Do we still have Microsoft Exchange Server email software installed anywhere?”

If they answer affirmatively, even if they’re already moving to the cloud, you must continue:

–> TWO: Ask them, “What can I take off your plate or postpone so that you can immediately test and deploy the patches to the Exchange Server right now?”

Essential: Applying security updates to your Exchange server does not resolve the issue if your organization is already compromised. There might be a small program on your system quietly waiting for an attacker’s commands.

To help determine if you are already compromised: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log

If your team cannot update immediately, send them here: https://github.com/microsoft/CSS-Exchange/tree/main/Security

–> THREE: Say, “The emergency is too great to postpone. Later, let’s discuss the pros and cons of moving email to the cloud.”

Pros include eliminating one server and associated headaches. Often, online email is better for remote workers too. But you could lose some integration features you have now, for example, an on-site phone system tied into Exchange. Because saving money and streamlining is essential, online Exchange is often less expensive.

The blog posting https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log has a plethora of other information and guidance for your team related to the updates. Some organizations are experiencing errors after applying the security updates. For example, some learned they must install the updates from an elevated command prompt window. Microsoft provides more guidance:

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2010-service-pack-3-march-2-2021-kb5000978-894f27bf-281e-44f8-b9ba-dad705534459

The post Three Essential Questions to Ask Your IT Team Today Because of the Massive Exchange Attack appeared first on Foster Institute.

The post Warn Your Workers about Attacker Decoy Tactics appeared first on Foster Institute.

The bad actor immediately took over the network and started performing highly illegal activities that appeared to come from the victim’s systems.  User training is not enough. It is essential to take additional steps to help protect your network when an attacker is crafty enough to trick a user.

Firewalls, almost universally, have a feature called web content filtering. There is a possibility that your IT professional configured the firewall to block known gambling, gaming, and sites with people with no clothes.

Unless you do business with every country in the world, tell your IT team to block the firewall from permitting traffic from all countries except those where you do business.

It is possible that some of your third parties use sites in other countries to handle your sensitive data, and this is a great time to find out by blocking other countries to see what happens. Your security is only as good as the security of your third party providers, and they need to disclose to you any risks they take with you, and your customers’ confidential data.

If you want to be super cautious, rather than block everything at once, you can ask your IT professional to dump the contents of your web filter’s log into a spreadsheet, or some other database, that will identify traffic trends, sources, and destinations.

Now is an excellent time to ask your IT professionals, even if you outsource IT, to devote time to tuning your web content filtering to be restrictive.

You can even update your routers at home if they support web content filtering, and they might. An excellent place to start is at the device manufacturer’s website. There will be instructions to download and install the most recent firmware. Look at the support site about ways you can enable supported security features in your home devices, including web content filtering.

Please forward this to everyone you know so they can ask their IT professionals to turn up your web content filtering to help protect against social engineering attacks.

The post Protect Your Network Even when Attackers Trick Your Users appeared first on Foster Institute.

Beware of additional fraud. Several sites are claiming to help you find out if you were part of the breach, but of course, the sites ask for personal information. Be safe: Use the contact information provided by Equifax. The Equifax FAQ says to visit: https://www.equifaxsecurity2017.com/

To find out if you are affected, that site points you to: https://www.equifaxbreachsettlement.com/

For identity theft, credit monitoring is helpful, so you know you are a victim, but by then, it is too late.

Placing credit freezes are a critical step in preventing your identity from being stolen.”

Freeze your credit, everyone in your family’s, at all major credit bureaus. To save you time, here are four and how to reach them:

Experian (888) 397-3742
https://www.experian.com/freeze/center.html

TransUnion LLC – To Freeze: (888) 909-8872
https://www.transunion.com/credit-freeze

Equifax Information Services, LLC (800) 685-1111
https://www.equifax.com/personal/credit-report-services/

Innovis – To Freeze: (800) 540-2505
https://www.innovis.com/personal/securityFreeze

Please forward this to your friends. If they don’t understand the importance of a credit freeze, The FTC provides more information at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

The post Find Out if You Can Collect a Bundle from the Equifax Breach appeared first on Foster Institute.

First, see if you are vulnerable. Click on the apple symbol on the top left of your screen, then choose About This Mac. If you have macOS High Sierra, you are probably vulnerable. If you have anything else, stop here.

Second, you can protect yourself by making sure nobody other than you can get to your computer. So far, though theoretically possible, the vulnerability has not been exploited remotely unless you have enabled “Share my Screen.” If you feel confident that no bad actors will have access to your computer, you can stop here.

Third, reset the root password. Apple provides the 8 necessary steps at support.apple.com/en-us/HT204012 , Scroll down to the section entitled: Change the Root Password. In their step 7, if the option Edit > Change Root Password is grayed out on your Mac, then instead click the option Edit > Enable Root User and continue with step 8.

Please forward this to everyone you care about that has a Mac.

The post Mac Vulnerability Permits Unauthorized Login appeared first on Foster Institute.

That’s right. You have a second computer running inside each of your organization’s existing computers. And probably don’t know it.

An attacker’s dream come true:
-A scarcely known operating system
-Hidden in millions of computers
-Using a secret microprocessor
-With priority over everything else on the computer. Something IT Pros refer to as ring negative three.
-With network access
-Patching security flaws are a nightmare
-And there is no anti-virus

Even if the attackers don’t soon find a quick way to access sensitive information, they might find a way to shut down all of your servers. And keep them shut down.

Intel has great intentions. MINIX is part of Intel’s ME Management Engine that has desirable features. MINIX runs on, coexists with, Windows, Linux, or whatever you thought was the only operating system.

The most important thing for you, as an executive, to do is to make sure your IT Team is aware of MINIX. They can read more at www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

The race is on: Attackers are looking for ways to use MINIX to their advantage. Intel, Google, and others are working to find ways to make MINIX more secure.

Forward this message to any organizations that you care about, especially organizations upon which you rely to perform services and provide products to your own organization. If they get shut down, or infiltrated, that will affect you too.

The post A Secret Operating System is Running Inside Your Computers appeared first on Foster Institute.

If you want to be able to reach them when they are off playing around the neighborhood, or stay in contact when you all go to holiday festivities, the amusement parks, or about anywhere else, consider the wonderful radios that can be purchased for a fraction of the price of phones.

The FCC set aside frequencies for family radio service (FRS) for free, and for a FCC registration fee, members of the same household can use the more powerful GMRS radios.

Someone loses, or breaks, a radio? Easy to replace. No monthly fees.

We keep several radios right next to the front door. Someone leaves to go play? Grab a radio. The whole family headed for an indoor or outdoor adventure, grab all the radios. The range isn’t unlimited, but we can reach each other easily within a two-mile radius, and usually, since our family travels, and howls, in packs, it is more than enough. Need more range? That’s an option too.

If you want more details, please ask.

The post Portable Radios Can Replace Family Phones appeared first on Foster Institute.

The attack can permit attackers to potentially eavesdrop on your network traffic and your communications, change information, delete information, and insert information, all to cause problems and cost you money.

The good news is that the attacker needs to be within range of your Wi-Fi network. They could be some distance away if they use a strong antenna or if they plant a remotely controlled device nearby.

Do two things to mitigate this danger:

First: Apply the new patches that address this issue. That can prevent the attack.

Second: Isolate your wireless network from the rest of your network. That can help reduce the damage.

Related to the first step: Apply the most recent critical security patches, often called firmware updates, to your wireless devices. The company brands of your devices should release patches. Additionally, apply patches to your operating systems and applications that use Wi-Fi networking.

Microsoft released a patch a few days ago, on October 10, as part of the expected second Tuesday of every month patches, that solves this problem on their side of the products. At home, your automatic update should have patched your Windows workstations. But you will still need to patch your wireless access point. At the office, your IT team will need to patch the computers and devices. Please give them time to do so – it can take some time. Information about the attack in general, and some of the patches, can be found at: kb.cert.org/vuls/id/228519 If the manufacturer of your devices does not produce updates, your next step might be to replace the devices with new ones.

For the second step: It is an IT Security best practice to isolate all wireless devices on your network to be away from the wired devices. For years, organizations would add wireless capabilities to their network by connecting wireless access points to the same network as your workstations and servers. That is a very dangerous practice since it can permit wireless devices, perhaps belonging to an attacker in the van outside your building, to access the wired resources on your network. In the case of this specific attack, it makes it easier for the attacker to access the data on the most protected parts of your organization’s network. Isolate all wireless devices on their own, what your IT professionals call a, filtered subnet.

As is often the case with IT Security, this will be a risk vs. expense decision. It is important that the executives of a company make the final decision about whether or not to ask IT to implement the mitigation steps. Your IT Team will appreciate your deciding, and the choice is yours since, if there is a successful cyber-attack, the executives, especially the president, CEO, and owner will suffer the most.

Please forward this to everyone you know who uses wireless networks.

The post Wireless Security is Broken & What You Need to Do appeared first on Foster Institute.

Even if you do not use Kaspersky, you still need to take 5 important steps.

There is no guarantee that other anti-virus software is immune.

What can you do to better protect your and your customers’ sensitive information when you cannot trust other programs like CCleaner, Kasperski, and who knows what else you will find out is a threat?

First of all, never let employees take sensitive information to their home computers. That’s not a panacea, but according to sources, the attack happened on a worker’s home computer. It is always important to keep sensitive data away from home computers that your IT professionals cannot maintain.

Second, more companies may start to embrace the technology called application whitelisting; it works the opposite of anti-virus tools that look for bad programs. Application whitelisting only lets approved programs run, so all other programs, by default, are not permitted to run. The strategy is that you give a list of approved programs to your computers and those are the only programs permitted to run. Configuring application whitelisting can take time, and time to maintain. And it will involve you meeting with IT to help them know what programs are essential to your organization. And Microsoft has a version, called App Locker, built in for company computers.

Third, limit the number of software vendors you use in your company. Every new company you let in the door is a potential risk. This is an opportunity for Microsoft, Apple, Citrix, VMware, Adobe, and others to really step up their game and offer more complete solutions.

Fourth, companies will just start installing fewer programs to begin with. Make users local standard users so they are unable to install their own programs. Every program, whether intentionally by the manufacturer or not, is a potential foothold for attackers to use to get into your systems. The whole movement for simplicity may overlap into the cyber world too.

Once upon a time, many years ago, I had the opportunity to work in South Africa for several weeks. While in Johannesburg, a taxi driver told me that the company with yellow colored taxis was very successful competing against the company with blue taxis. People chose to ride in yellow taxis more often than blue.

So, in order to increase business, the drivers with blue colored taxis started shooting guns at people riding in the yellow colored taxis. That was an incentive for riders to choose to ride in blue taxis. And it worked. More people chose the blue cab company over the yellow cab company. However, as you can imagine, the strategy was adopted by other taxi drivers too, so it became very dangerous to ride in any colored taxis.

The driver told me that taxi passengers became so fearful for their lives, that they all started taking the train. The trains got very busy. How did some taxi drivers respond? He told me that the taxi drivers, if they were having a slow day, would throw people off trains in order to make people more afraid of riding trains than riding in taxis.

Now, in 2017, according to the news, taxi drivers are attacking uber drivers for a similar reason.

This isn’t about South Africa. I love the people I met there – they had extreme kindness, integrity, hard working – there are people there that epitomize ideal friends, work associates, and customers. I have great feelings just thinking back to the amazing people and the experiences.

How this relates to cyber security is that bad actors use cyber-security tools, and other programs that your organization trusts, to launch attacks. If we allow it to, this can get out of hand. Do you remember the story about the Greeks who built a big horse, loaded their soldiers inside quietly, and managed to get the citizens of the ancient city of Troy to bring the horse into their city walls? According to the story, the trick worked very well and the trusting citizens had a very bad day when the soldiers poured out of the horse and attacked.

If programs were like big wooden horses, most of them would not contain attackers. But the lesson here is that it is difficult to know for sure. It may be best for organizations to be careful to not let so many programs, like horses, enter their gates at all. Trim back the number of programs you have installed at your company.

Fifth, stop storing data on computers and networks if you do not need the data readily accessible. Sure, a lot of your data does need to be instantly accessible. But think about it, strategize about it, is there any data that your team doesn’t use on a regular basis? Store that information offline. You can copy the information back onto your servers when you need it, but it isn’t there all the time. Data that that is not stored in servers cannot be stolen from the servers, nor can it be encrypted if ransomware encrypts the files on your servers.

Please forward this to your friends so that they can start protecting their systems with the 5 steps above.

The post 5 Steps to Take Now Even if You do not use Kasperski Anti-Virus appeared first on Foster Institute.

Almost universally, security log files are too small and have overwritten themselves, making it impractical, and sometimes impossible, to see what security events have been happening on the network for more than a few hours.

Ask your IT Pros to be sure that the security log file size is set to at least 256 Megabytes.

Your IT Pros probably already know all about security logs, and can find out all the details on Microsoft’s site. Someday, as time permits, they may be interested in monitoring more than the default events, and that’s good. Microsoft provides detailed recommendations about events to monitor.

Please forward this to every executive you know so that they can forward it to their IT professionals and outsourced IT companies. Experience has shown that the majority of companies are still configured to use the tiny default size, and attackers love that.

The post Please Alert Your IT Pros – Increase Your Security Log File Capacity appeared first on Foster Institute.