Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools.
New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack.
US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor
State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign.
Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers
Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.
Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system.
WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password.
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity.
Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW
Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems.
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.
Responsible Computer Usage
Responsible Computer Usage
Computers and networks may never be completely safe from security risks but we can follow some simple rules and procedures to try and prevent attacks on our computer systems. Remember that the way you operate your computer has a definite impact on everyone else on the network. A compromised organization's computer can be used to sniff passwords from its neighbors' network traffic or cause poor network performance for other users so it is important to consider the following tips for responsible computer usage to help you mitigate the risks.
Always run up-to-date virus protection
You should make sure that your computer has an anti-virus program and that it is always updated. If it is not evidently running on your PC, you should contact your IT officer. Also, make sure that all the files you send to other people are virus free. Viruses are frequently spread through infected email attachments. So before forwarding an attachment to your colleagues or friends, scan it for viruses.
Check before you install software
While browsing the internet, users may encounter websites that tempt them to install something on their computers. Some software may also be installed without the user's knowledge. These programs may contain spyware or adware. Do not install software that you were not specifically looking for. Some websites trick people into installing programs that claim to improve the performance of their computers. More often than not, the opposite is true. It is also a good practice to research on any software before installing. If you are using a computer at work, do not install unauthorized or personal software. If you need a program installed, ask permission to your IT officer to do so.
Stop sending spam
Are you the type who forwards every joke or cute picture that gets emailed to you? If you are, then you may be considered a spammer. Professional spammers send out millions of email, flooding the network with junk email. This slows down the performance of the entire network. If everyone stops forwarding jokes and chain email, the speed and performance of our networks would greatly improve.
Avoid the use of non-business resource intensive software
Peer to peer programs like Napster, Morpheus and Kazaa are just a few examples of software that slow down computer resources. These programs are non-business tools that are usually a heavy load on the network. They run constantly, and allow people to download files from your computer so you should avoid installing these programs on your computer.
Passwords should be routinely change
The confidentiality of passwords is critical to the protection of any sensitive information and systems. In many cases, passwords offer the first line of defense in stopping unauthorized and malicious users from accessing a user's personal account, or from accessing an organization's systems. It is paramount that the passwords used are adequately protected and remain secret.
It is recommended to change your password routinely as a good practice and it is recommended to use a password that has a minimum of 8 characters. Where possible, passwords should not be identifiable with the user (such as first name, last name, spouse name, friends, relations, colleagues, or other easily guessed names, although you can use names or phrases that you can easily remember that contain a combination of numbers, upper and lower case letters, and non-alphanumeric characters (such as: !@#$%^&*()_~"?><,./\) so the password can be strong. E.g.: theMoon!3*
Never write down your password on a sheet of paper that can be found near your computer. Memorize the password instead. Non-disclosure of passwords: Do not share your password with co-workers since you may be held liable for any misuse or unauthorized activity using your password.
Avoid personal and unauthorized websites
There are some websites that install spyware and adware on your computer without your knowledge. Websites that are known to do this are adult/ sexually explicit sites, hacking sites and sites that distribute pirated software.
Pay attention to the usage and copyright of downloaded files
Check the legality of downloading the information, particularly with respect to copyright permission. If in doubt of the legality, staff members should contact the Center focal point on IP matters for advice.
Do not redistribute downloaded material unless the owner has given permission for them to do so either directly or in the copyright/license terms.
Do not download unlicensed software or violate limitations on the use of particular software as imposed by any license agreements.
Most downloaded software, including shareware and freeware, is copyrighted and subject to license, which sets limitations on its use. Downloading MP3, movie files and games slows down the network. You may also be violating company policy by downloading these files.
Avoid viewing of non-business related streaming media
Streaming media like internet radio or music videos eat up a lot of bandwidth. They run continuously and slow down the network. Avoid using these services if they are non-business related.
Make sure your operating system is patched
The IT departments in the organization are in charge of maintaining your operating system patched, but it is important that you verify that these updates are being implemented successfully because if not updated, your computer may be vulnerable to worms and viruses.
Backup your files
Make sure to regularly backup your most important data and files. Computers are never 100% safe. Even if you get attacked by a hacker or even hardware failure, backing up your data makes recovery much easier. The IT departments usually have some backup procedures in place, so please contact your IT officer for more information about the options in your center.
Be sure to use high-quality media to store your backups. CD-RWs, DVD+RWs, external hard drives are good storage devices you can use.
Keep backup copies in a fireproof and heatproof safe or vault, or offsite (a location separate from the computer site).
Check USB (universal serial bus) memories from virus
USB memories are portable devices that are convenient to transfer files from one place to another. However, it is very easy to get virus transmissions, corruption or loss of data with these devices, so it is recommended to check them before connecting them to your computer in office.
Be careful when transmitting Sensitive or Personal Information
You should not use the Internet to send sensitive information belonging to the center (such as non-public research data or passwords used to gain access to systems and devices within a center) in unencrypted form. This includes the sending of sensitive information using any of the following means: E- mail, Posting to newsgroups or Posting to forums, blogs or websites.
Lock your computer with password when away from your desk
When you leave your workstation unlocked, anyone can assume your identity and gain access to any applications or files that you may have access to. To prevent this, automatic password protection should be invoked after a minimum time period of inactivity (15 minutes recommended) and you should lock your workstation whenever you leave it.