Here's what you can do about ransomware

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 18 May 2021 04:00:00 -0700

Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn’t get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

To read this article in full, please click here

Read more

For Windows users, tips on fighting ransomware attacks

Credit to Author: Susan Bradley| Date: Mon, 17 May 2021 07:30:00 -0700

Ransomware.

It’s one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small.

But there’s plenty you can do to protect yourself or your business.

Be wary of what you click on

Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn’t — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack.

To read this article in full, please click here

Read more

Google makes a big security change, but other companies must follow

Credit to Author: Evan Schuman| Date: Mon, 17 May 2021 03:05:00 -0700

In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn’t calling MFA “MFA;’ instead it calls it “two-step verification (2SV).”

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here

Read more

Browser updates are back for the May's Patch Tuesday

Credit to Author: Greg Lambert| Date: Fri, 14 May 2021 12:37:00 -0700

With 55 updates, three publicly reported vulnerabilities and reported public exploits for Adobe Reader, this week’s Patch Tuesday update will require some time and testing before deployment. There are some tough testing scenarios (we’re looking at you, OLE) and kernel updates make for risky deployments. Focus on the IE and Adobe Reader patches — and take your time with the (technically challenging) Exchange and Windows updates.

Speaking of taking your time, if you’re still Windows 10 1909, this is your last month of security updates. 

The three publicly disclosed vulnerabilities this month include:

To read this article in full, please click here

Read more