Bryley Information & Tips · December 2021
Hacked for the Holidays (ain’t no ho ho ho)
In an ongoing effort to elude this year’s frustrating shipping delays, more consumers are turning to the web for what they may see as an easy answer to the holiday hassle. Vasu Jakkal, Corporate Vice President for Microsoft’s Security, Compliance and Identity said that with “headlines about supply chain issues, worker shortages and costs rising … it’s no surprise that … at least sixty-three percent of holiday shopping will be done online.”
Despite consumers looking to their devices for peace with their shopping experience, cybercriminals make hay out of desperate late holiday shoppers. Cyber-scammers have developed newer and more clever ways of tricking consumers into believing that what they see online is what they get. Deceptive deals are often presented to online shoppers by hackers with terms like “low availability” or refer to the product as a “good buy” … [5 min. read]
If Not Now, When?
Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library “is one of the most serious I’ve seen in my entire career, if not the most serious.”
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” she said of the Apache Log4j flaw. The issue is an unauthenticated remote execution vulnerability that could allow an intruder to take over an affected device.
Hundreds of millions of devices are likely to be affected, said Jay Gazlay of CISA’s vulnerability management office in the [same] call –as reported by Tim Starks, cyberscoop.com, Dec. 13, 20211
Because of how widespread this vulnerability is, affecting everyone from Microsoft to Apple to Amazon to Google (in fact it affects millions of pieces of software2), it is time to make sure your business is as protected as possible. You may not hear bullets, but that doesn’t mean we not are in a war … [5 min. read]
Tech News Mixtape
Stories at the intersection of business and technology
Install OS and application software updates when they’re available. The log4j vulnerability has left software developers scrambling to see and mitigate the potential impact, as this bit of open-source software made to keep track of what happens in an application “affects millions of pieces of software, running on a large number of machines that many systems interact with …” morningbrew.com
The Microsoft community featured an examination of an updated approach to the 3-2-1 rule for backup: 3-2-1 requires backup redundancy. It’s important to have redundant backups because you never want to be unable to restore data because your only backup is corrupt, damaged or missing. And 3-2-1 discourages organizations from putting all their eggs in one basket by requiring two different media types, which helps to guard against media failure. “[With the updated Cloud-based approach] 3 can mean that there should be three backup copies in addition to the original data copy. The 2 in the updated 3-2-1 rule should be that backups need to exist in at least two regions. Using multiple regions within the public cloud helps to insulate data against a regional disaster. The 1 part of the updated 3-2-1 rule reflects that one backup copy needs to be in close proximity to the original data set [you really don’t want to have to restore a lot of data from the Cloud, which would be slow and costly] …” redmondmag.com
“HI” read the Subject line. The body of the email, from a gmail account, contained no text … this was the start of a bait attack. In a bait attack the criminal is trying to get a response to “confirm the existence and accessibility of the recipient’s email” .… techrepublic.com
“Anti-virus software and advanced firewalls do an excellent job at protecting business systems, but they leave an access tunnel open for employees to be able to log in to the network. If an attacker uses stolen credentials to gain access, they can bypass all other security measures that are in place.” Read Six Reasons You Need MFA …expertinsights.com
Note: The Tech News Mixtape section is Bryley’s curated list of external stories – stories on the internet that we found helpful. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Information You Can Count On
Bryley Systems’ Information & Tips newsletter arrives monthly in your email box. It’s a New England-based resource, in continuous publication since 2000.
Subscribe free, below. Unsubscribe any time via the link at the bottom of each newsletter.
Sign up for our newsletter to have tech news and tips delivered monthly via email