IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Man in the Middle of Your Email

 Cybercriminals stole $15 million from a U.S. company by inserting themselves in email correspondence relating to legitimate business fund transfers. The tactic is called Business Email Compromise (BEC) and is one of the most financially damaging online crimes according to the FBI. BEC is a lucrative scam because we rely on email to conduct financial business transactions, such as wire transfers.

Windows Zero-day Issue

 If you Google “Win10 zero-day”, you’ll likely find a number of results. Today’s zero-day is one that involves both Google Chrome and Microsoft Windows and is actively exploited. It has been disclosed with a proof of concept but is still not patched by Microsoft!

Cisco Devices Vulnerable

 Cisco is warning of attacks actively exploiting the CVE-2020-3118 vulnerability found to affect carrier-grade routers running the Cisco IOS XR Software. The issue resides in the implementation of the Cisco Discovery Protocol for Cisco IOS XR Software and could allow an unauthenticated attacker to execute arbitrary code on the device.

Virtual Appliances Vulnerable

 When deploying new software for your enterprise, there are a number of things to consider: cost, hardware, and what value it provides. One area of consideration often lacking is how to ensure the software stays up to date and doesn’t become a security liability. Containerized applications usually excel in this area because they can be deployed and upgraded with ease. In a lot of cases you just restart the application and it’s automatically updated to the latest version.

Warning about false updates

 Riding on the edge of current events is one of the best ways to catch someone unaware. Having, or hinting at, something that is still unknown can provide enough cover for a malicious entity to confuse a victim into falling for a trap. A common technique includes providing false updates for a program that is new enough to precede the victim’s expertise, thus taking advantage of their naiveé. There were a glut of issues and vulnerabilities when Zoom had just started out as a popular videoconferencing tool.

Pages

Subscribe to RSS - Jay Ferron's blog