A ransomware test for companies, a Windows Print Spooler warning, fight brute force attacks and more.
Welcome to Cyber Security Today. It’s Monday July 5th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
To Canadian listeners, welcome back from a long holiday weekend. To American listeners, thanks for tuning in on your Independence Day holiday weekend.
IT managers worried about their readiness to face ransomware attacks now have a defence evaluation tool to use. It comes from the U.S. Cybersecurity Infrastructure and Security Agency. As part of its free Cyber Security Evaluation Tool, a Ransomware Readiness Assessment module has been added. Administrators can use it to see if what they’re doing to protect their IT and industrial control system networks meets best practices. There’s a link to the tool here.
Windows administrators are being warned to disable the Windows Print Spooler service, or at least disable the ability to print remotely. This comes because Microsoft is investigating a serious vulnerability in the service, which has been dubbed PrintNightmare. From news accounts, this sounds like a nightmare: A Chinese security company apparently leaked a proof-of-concept exploit for a zero-day vulnerability it thought had been plugged. Nothing wrong with talking about something that a patch has been issued for. However, the company released information about a bug that hadn’t been patched. Security experts are hoping Microsoft can release a fix soon.
There were a lot of headlines over the weekend about a warning from U.S. and United Kingdom government cyber agencies. They warned that Russia’s military intelligence unit is using brute force password attacks against government departments and companies around the world. Target applications include cloud services like Microsoft’s Office 365. Russia issued a statement on Facebook denying the involvement of Russian government agencies in attacks “on government and private facilities in the United States and abroad.”
But here’s the thing: Brute force attacks aren’t new. There’s a great tool organizations should be using to defend against brute force attacks: Multi-factor authentication. Properly managed, multifactor authentication is a terrific at lowering the odds of this kind of guessing attack. Firms should consider insisting that senior managers and IT administrators use hardware-based multifactor authentication. Second, there should be time-out and lock controls to prevent repeated guessing password attacks. And as protection in case an attacker does get onto the network only a few people should be able to access vital data. In other words there has to be tough access control. The restricted access of other employees should be hard to change.
Attention network administrators: If your infrastructure has the Netgear DGN2200 version 1 wireless modem router, make sure you’ve got the latest security patches. These patches have been available since December. The reason I’m reminding you of this now is that Microsoft has gone public and revealed it found and warned Netgear about the vulnerabilities months ago. With that revelation out in the open hackers will be looking for Netgear equipment that isn’t patched.
Here’s something I missed last week: A team from the Canadian Navy won this year’s Cyber Flag cyber simulation exercise. Seventeen government teams from the United States, Canada and the United Kingdom participated in the test, which is run by the U.S. Cyber Command. Teams had to defend a virtual IT environment from numerous attacks.
The World Economic Forum has launched a Global Coalition for Digital Safety. It hopes to accelerate co-operation between governments and the private sector to reduce the spread of online harmful content including child sexual exploitation and abuse, violent extremist and terrorist content and health misinformation. Members so far include Microsoft, the United Kingdom’s telecom regulator and Australia’s eSafety commissioner.
Finally, with some provinces and states relaxing COVID-19 travel restrictions air travel is picking up. However, a cybersecurity firm called Bolster warns the number of phony airline, car rental and Airbnb websites is also increasing. Often crooks spread links to these sites through emails, texts and social media posts offering bargains. Go to a travel site yourself rather than click on a link. If you’re in the travel business, make sure your website isn’t hacked or copied.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.