Today's Headlines and the latest #cybernews from the desk of the #CISO:
Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Apple Patches 'Actively Exploited' Mac, iOS Security Flaw
Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S.
Story Links:
https://www.securityweek.com/vulnerability-popular-survey-tool-exploited-possible-chinese-attacks-us
https://threatpost.com/microsoft-petitpotam-poc/168163/
https://www.securityweek.com/apple-patches-actively-exploited-mac-ios-security-flaw
https://www.securityweek.com/kaseya-denies-paying-cybercriminals-who-launched-ransomware-attack
“The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine
The Practitioner Brief is sponsored by:
KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub
Attivo Networks: www.attivonetworks.com
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Today's Headlines and the latest #cybernews from the desk of the #CISO:
Hackers Deploying Backdoors on Exchange Servers via ProxyShell Vulnerabilities
Ransomware gang uses PrintNightmare to breach Windows servers
Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
Colonial Pipeline reports data breach after May ransomware attack
Hacker Dubbed 'Mr White Hat' to Return Entire Stolen Crypto Fortune
Story Links:
https://www.securityweek.com/hackers-deploying-backdoors-exchange-servers-proxyshell-vulnerabilities
https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-printnightmare-to-breach-windows-servers/
https://thehackernews.com/2021/08/dozens-of-starttls-related-flaws-found.html
https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-data-breach-after-may-ransomware-attack/
https://www.securityweek.com/hacker-dubbed-mr-white-hat-return-entire-stolen-crypto-fortune
Hacking MFA Webinar with Roger Grimes of KnowBe4, Tuesday, August 24th, ...
Today's Headlines and the latest #cybernews from the desk of the #CISO:
Prometheus, the secret TDS behind some of today’s malware campaigns
Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs
LockBit ransomware recruiting insiders to breach corporate networks
Energy group ERG reports minor disruptions after ransomware attack
Story Links:
https://therecord.media/meet-prometheus-the-secret-tds-behind-some-of-todays-malware-campaigns/
https://thehackernews.com/2021/08/cisco-issues-critical-security-patches.html
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/
“The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine
Today's Headlines and the latest #cybernews from the desk of the #CISO:
DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos
PyPI Python Package Repository Patches Critical Supply Chain Flaw
Novel Meteor Wiper Used in Attack that Crippled Iranian Train System
This new phishing attack is 'sneakier than usual', Microsoft warns
Chipotle's Email Marketing Account Hacked to Spread Malware
Story Links:
https://www.securityweek.com/deadringer-three-pronged-attack-chinese-military-actors-against-major-telcos
https://thehackernews.com/2021/08/pypi-python-package-repository-patches.html
https://www.zdnet.com/article/microsoft-watch-out-for-this-sneakier-than-usual-phishing-attack/
https://threatpost.com/novel-meteor-wiper-used-in-attack-that-crippled-iranian-train-system/168262/
https://www.securityweek.com/chipotles-email-marketing-account-hacked-spread-malware
“The Microsoft Doctrine” by James Azar now on Substack ...
Today's Headlines and the latest #cybernews from the desk of the #CISO:
Cisco Patches High-Risk Flaw in ASA, FTD Software
D-Link issues hotfix for hard-coded password router vulnerabilities
US and allies officially accuse China of Microsoft Exchange attacks
New Windows print spooler zero day exploitable via remote print servers
Story Links:
https://www.securityweek.com/cisco-patches-high-risk-flaw-asa-ftd-software
https://www.bleepingcomputer.com/news/security/d-link-issues-hotfix-for-hard-coded-password-router-vulnerabilities/
https://www.bleepingcomputer.com/news/security/us-and-allies-officially-accuse-china-of-microsoft-exchange-attacks/
https://www.bleepingcomputer.com/news/microsoft/new-windows-print-spooler-zero-day-exploitable-via-remote-print-servers/
“The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine
Firewalla Gold Expert Tip: You can add your own custom DNS over HTTP (DoH) server. In this example, "Cloudflare for Families" was added so that not only are all the DNS queries hidden from my ISP, but lookups to known adult content or malware destinations are dropped. So of course if the device can't get the IP address to talk to, the conversation is over before it could even begin.
Now turn off IPv6. When you have IPv6 enabled, any connection to an IPv6 server will use the DNS service provided by your ISP anyway. That means your DoH efforts will have been largely wasted. If you really need IPv6 enabled for some devices, just create a new VLAN (super easy on the Firewalla) and put those devices into that network, then enable IPv6 only for that VLAN. That or just disable IPv6 on a device-by-device basis, if available/possible.
Finally, go ahead and block all the Google DNS servers entirely from your network with a few simple firewall rules (see screenshots). Some apps build these in, ...
