Alerts for Windows administrators, install this ManageEngine update, and more.
Welcome to Cyber Security Today. It’s Wednesday, December 22nd. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Attention Windows administrators: If you haven’t already done so install Active Directory domain controller patches that Microsoft issued last month to close two vulnerabilities. The warning comes because researchers have released a proof of concept exploiting these two bugs. Combining them would give an attacker who has compromised the account of a regular user the ability to upgrade their access to a domain administrator. Once they have that status an attacker would have easier access to sensitive corporate data.
Separately, Microsoft released a new security baseline package for configuring the latest version of Windows 10. It includes a recommendation for enabling the Tamper Protection feature in Microsoft Defender for Endpoints, which adds more protection against ransomware attacks. It also adds a new setting for protecting against exploitation of a printer driver vulnerability known as PrintNightmare. The security baseline packages part of the downloadable Microsoft Security Compliance Toolkit.
I told listeners earlier this month about a recent critical vulnerability found in ManageEngine Desktop Central for managing computers. This week the FBI issued a flash alert reminding IT administrators to patch their servers. That’s because advanced threat actors are exploiting the bug to get into IT networks. The application’s developer, a company called Zoho, issued a patch on December 3rd.
Meta Platforms, the parent company of Facebook, Messenger, Instagram and WhatsApp, is trying a new tactic to fight phishing attacks. It’s asking a court for an injunction against the creators of more than 39,000 fake Facebook, Instagram and WhatsApp login pages. People who fall for the scam give away their usernames and passwords. The scam allegedly uses an American-based internet relay service to obscure its infrastructure. What’s unusual, according to the news site The Record, is that the names of the creators of the fake sites are unknown.
Five Russians have been charged by the U.S. in a multi-million dollar scheme that made tens of millions of dollars on stock markets through information stolen from American computer networks. One of the five has been extradited to the U.S. from Switzerland. The other four are at large. One of them is allegedly a former member of Russia’s military intelligence agency who has also been charged with allegedly being involved with hacking and illegal online influence efforts in the 2016 U.S. elections. He’s also facing allegations of being part of hacking and disinformation against international sports anti-doping agencies.
As the online holiday shopping season comes to a peak this is a time when IT leaders should have locked down everything they need to so consumers can have a safe online experience. They need to do one more thing: Make arrangements to call in staff if there is a cyber incident. Unfortunately crooks like to pick times like holidays and weekends to strike.
And I’ll make one last plea for safe online holiday shopping: Be careful of the websites you buy from. Remember, crooks try to set up sites impersonating big brands as well as phony retail sites. They also try to lure people with prices too good to be true, or special limited-time offers.
Finally, there’s a late program change: Because of the holiday I won’t have any podcasts on Friday. The Year in Review podcast with Dinah Davis and Terry Cutler will be available Monday morning. See you then.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.