Awesome security reads!

We’ll I have to say that it appears everywhere you look, there’s some type of security hack, breach, or phishing attack occurring especially during this COVID-19 pandemic.

Lots of sites produce great content and report on the state of cybersecurity all the time but hats off to BleepingComputer.com for staying at the forefront of such threats aimed at us.

Just a few of their latest reads about Office 365 phishing the U.S. Supreme Court and Microsoft Teams, Fake U.S. Treasury emails, and more!  Enjoy!

Coronavirus fraud

Another great report found on BleepingComputer.com in that even during these challenging times, the scam artists haven’t stopped.

According to the U.S. Federal Trade Commission, an estimated $12 million has been lost as a result of Coronavirus-related scams since the beginning of this year.

Furthermore, a whopping 16,000+ fraud incidents have been reported by consumers with almost have of those reporting losses within the same time period.

It’s sad that we as consumers have to deal with this type of scam as a result of this pandemic but its just a reminder that we must not let our guard down and remain alert!  For more info, check out the article here…Stay safe and healthy!

Phone scams during COVID-19

Just came across a post from security expert Chris Krebs on his website detailing some of the best practices in response to phone scamming attempt affecting millions worldwide.

His tagline response of “Hang Up, Look Up, & Call Back” is something that all of us can embrace whether you’re a tech novice or a savvy, seasoned user but if you choose to drop the ball, you would be surprised how easily one can be taken for whatever info these scammers desire.

Check out the post here for the full story complete with a tech expert being taken advantage of!  Crazy stuff indeed!

Microsoft buys Corp.com?

At last, Microsoft has finally bit the bullet and purchased the corp.com domain.  You may be asking yourself, why is this relevant?  The answer to this goes way back in time, back to a time when computers being networked to one another was a relatively new thing to do.  Long story short, Microsoft used the corp.com name as a default name when creating your own Active Directory based domain.

Ok I admit, I’m probably not as well versed its its history as I should be but kudos goes to Brian Krebs who has kept close track of this as of late.

Check out his post about the topic here for the full scoop!

Another “End of Life” extension

Amid the COVID-19 pandemic, pressure has mounted in the tech industry to extend support for various products and services.  One major announcement having to do with email using Exchange Online is that basic authentication will be phased out in late 2021 instead of its originally scheduled October 2020 date.

Although basic authentication is much less secure than other methods available, it is obvious IT departments around the world are dealing with much more important items (including yours truly) at this time and most likely welcome this news.

Check out the full post from Microsoft here for the full scoop!

Issues with Zoom

Amid all the security and privacy concerns regarding Zoom and the subsequent hacking of it that has randomly taken place, their CEO has responded via a blog post on the company’s website detailing the issue at hand.

Although this doesn’t absolve them at all, it’s definitely a good first step in working towards making the necessary changes to give their 200 or so million users some peace of mind.

Check out the post here for more details!

Windows 10 bug affects remote work

According to ZDNet.com, Microsoft has acknowledged that a bug within their Windows 10 operating system is affecting Office 365, Microsoft Teams, and Outlook…three major aspects necessary in order to be effective working from home.

They hope to have a fix in place by the beginning of next month if not sooner; hopefully this doesn’t have too much of an effect on remote users which is pretty much everyone at this point!

Check out the full post here for more!

PC Mag: Tech companies exploiting users

I have to say that for a story like this, a picture truly does say 1,000 words.  And in the case of companies like Avast that have historically offered a good free antivirus program, just know that there’s no such thing as free and that there is always a price to pay.  In this case, your browsing freedom is being spied on.

As the article’s summary states:

Avast is harvesting users’ browser histories on the pretext that the data has been ‘de-identified,’ thus protecting your privacy. But the data, which is being sold to third parties, can be linked back to people’s real identities, exposing every click and search they’ve made.

Check out the full article written by Michael Kan here for the full scoop!

NSA exposes critical flaw in Windows 10!

According to Microsoft’s security update guide, a spoofing vulnerability that utilizes the Crypt32.dll file can be used to control a machine at will.

As stated within the emergency bulletin:

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

Good news is that Microsoft has already released a patch to close the loophole so make sure you take care of this ASAP!

Whistleblower alert results in security fixes

 

I have to admit that this is a rare occurrence…a whistleblower complaint that was brought to the attention of the company’s Board of Directors which actually resulted in significant change to address the issue.  It definitely should not have to come down this and management should get its fair share of blame and be held accountable.  IMHO, this may actually have more to do with the health provider not wanting to lose customers more than anything else.  Funny how when the financial health of a company is on the line, they more often than not take immediate action to address the problem at hand!

Check out the article here for more info and let me know what you think…