IT Security Rundown

IT Security Rundown

I thought we would switch it up this week and do a rundown of some hot topics in security.  Here are a few that I’ve picked out that seemed relevant to our audience with links to more in depth articles if you want to know more.

Group Policy Exploit

A recent batch of patches from Microsoft addresses 129 vulnerabilities across its product stack.  One particular vulnerability is a new exploit with group policy that could give hackers full access to your server.  Ensure that all patches and updates are run on your server as soon as possible.  Here are some additional details. https://www.itworld.com/article/3561616/local-attackers-can-use-group-policy-flaw-to-take-over-enterprise-windows-systems.html

Cloud Configuration Changes Could Leave You Open to Attack

More and more companies are moving critical business processes to the cloud.  The ability to work from anywhere has become especially important in the last few months.  This article discusses some of the security risks associated with the cloud.  In general, the cloud is a safe place.  However, many companies have their cloud security settings changed along the line and do not realize it.  That could leave you open to attack. https://www.itworld.com/article/3543878/most-cloud-resources-drift-from-secure-configuration-baseline-after-deployment.html

Pretexting

Pretexting is a kind of social engineering where the attacker tries to get the victim to give up valuable data that will help them get in your systems.  What makes this different is that the attacker comes up with a story, and frequently tries to make the victim feel like they are being helpful.  An example I witnessed was a demonstration where they called a cell phone company, played a recording of a crying baby in the background, and told a sob story about how they were locked out of their account to get themselves added with rights.  The person on the other end of the line wanted to help so badly they gave access where they should not have. https://www.itworld.com/article/3546299/what-is-pretexting-definition-examples-and-prevention.html

Google Password Manager

Remembering all the passwords in a digital world can be a serious problem.  Google has a new password manager that can help make it easier. https://www.itworld.com/article/3542932/getting-started-with-google-password-manager.html

Attackers Exploiting COVID-19

Even with a worldwide pandemic causing problems, hackers still want your money and your data.  They’ve using COVID-19 as a new attack point with phishing emails, malicious apps, bad domains and more.  This article details several things to look out for.