How is this something completely different?

For this auspicious edition of #WeekendWisdom, I thought I would introduce you to the team behind the series.

This is Scamp, who is a little camera shy. He is my eldest boy.

And this is Paddy, who is my smallest boy. But he has got the biggest personality of them both.

So what is going on?

We’ve been having meetings on our daily walks, discussing how we could possibly improve the content that we provide to you, our audience. We have some ideas which I think you might find interesting and I hope you enjoy them, but we just need a few weeks to get ourselves together. Set out a decent plan for what we are going to do and we will be back sometime in November. It might be called something different, so this will actually be the last #WeekendWisdom, I’m afraid.

But it will be something similar. It will be a weekly video post with some hopefully interesting content that you will enjoy.

TTFN

So that’s it for this week. Lets be careful out there and we’ll talk to you again ………….

The post #WeekendWisdom 100 Something Completely Different appeared first on L2 Cyber Security Solutions.

Why is this a thing

If criminals break into a company’s systems and steal their data, its called a data breach, taking lots and lots of data belonging to a company. They may then try to sell this data on some underground forums, where they might try and sell it to other criminal gangs, for their use.

But there are also, usually, good guy security researchers in those forums too, keeping an eye on things. If they come across some company’s data being trying to be sold, they may try to notify the company that there has been a breach as they may not be aware of it. Sometimes the security researchers find it difficult to get through to these companies to make contact with somebody that they can discuss this data breach.

How can using the security.txt file help

That’s where the security.txt file comes in. This is just a simple text file that contains some contact information for somebody in the security area or in IT. Somebody that would be reachable by email and maybe if you want to do it securely they may also include the public encryption key for the email to make sure that all communications are kept secured so that the security researchers can reach out and contact the company. They can use the contact address and get in touch there to report the data breach and maybe other vulnerabilities that they may have discovered.

Where can I find out more

So it’s always good to have this and it’s usually placed on your website in a well-known location. Here is the security.txt proposed standard.

So if you have a website, set-up this security.txt file for it.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 099 Using the security.txt file appeared first on L2 Cyber Security Solutions.

No. There is no Facebook bashing here. Just the fax mam. 😎

Where were you on the late afternoon, early evening when Facebook and Instagram and WhatsApp were all down for nearly 6 hours?

What had happened to them was that they were making a routine change to their network configuration. But there was a bug somewhere in it, that caused them to basically disconnect completely from the internet. So nobody on the internet could see Facebook, Instagram, WhatsApp or any of their services. But not only that, this bug also cut off their internal access to their systems. So they could not even see their own email or messaging systems internally and this also prevented the engineers who had made the change from being able to get access to the equipment that they put the change onto and to try and reverse it.

Lessons from the Facebook Outage

So what can we learn about this? Well, I suppose the thing is, the way Facebook are set-up, they seem to have everything is in one big giant bubble that they all use internally. So all their eggs are in one basket. But if you were in an environment where a change like that could take out your entire environment, you might want to consider having some other alternatives that are not based on your internal network.

What could you use

So instead of using WhatsApp you might consider using something like Signal for messaging or even come back to good old fashioned text messages. Have some other kind of, what they call, out-of-band way of being able to communicate internally and be able to get around any kind of outage like this that might occur.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 098 Lessons from the Facebook Outage appeared first on L2 Cyber Security Solutions.

More on Zero Days?

In last week’s #WeekendWisdom number 96, I explained what a zero day was. The reason I brought up this topic in the first place was because, as at that date, 2021 had already become a year where there was a record number of zero days being detected.

How is it a record number of zero days?

The number that was reported then was like 66 zero days:

• 20 were associated with Microsoft products
• 15 zero days were associated with Apple products, which people think Apple is the most secure platform … maybe not
• Google had 11 zero days

So previous years there might have been 40 or 50 zero days detected in the whole year. But here we are still in September and we’ve already blown through those records.

Even in just the last week since I recorded the last #WeekendWisdom, there have been four more zero days detected. Three of them associated with Apple products and one with Google Chrome.

So this really is turning out to be a year of the zero days. They really are happening a lot.

How do you protect yourself

So please folks be sure that you put in place good robust patching process to make sure you keep all your software up to date as early as possible. Also do things like keep your backups, do good backups, test the backups to make sure that you can recover from those backups and also make sure you train your staff. But keep your software patched.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 097 Record Number of Zero Days appeared first on L2 Cyber Security Solutions.

Where is this coming from?

Over the last two #WeekendWisdoms I talked about needing to do updates for vulnerabilities and when it comes to software vulnerabilities zero days are usually the most critical.

You see when security researchers are analysing various software like Microsoft, Apple and Google products, if they discovery a vulnerability in that software, they will report it to the vendor and give them an opportunity to rectify it and fix it before they make it public. They usually give them a period of months, normally it is usually 3 months.

What are Zero Days?

But in the case of zero days what happens is that a vulnerability is exposed on a day when nobody is aware of it until everybody is suddenly aware of it, including the vendor and including criminal gangs.

These cyber criminal gangs will immediately start looking to try and exploit that zero day vulnerability, while the vendors are rushing to try and fix it, to put out an update to fix that vulnerability.

That can take time. It can take days, it could take weeks to fix it. So it’s kind of a race against time for the cyber criminals to try and crack it and exploit it and for the vendors to fix it and update it.

What should you do?

So if you ever hear me talking about “There’s a zero day vulnerability out there that you need to patch!”, you should be looking to try and patch that as quickly as possible.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 096 Zero Days appeared first on L2 Cyber Security Solutions.

This sounds familiar

Waaaay back in the early days of the #WeekendWisdom series, back at number 3, I talked about updates. I’ll have a link to that video somewhere on the social media post associated with this video.

The events of the last week has brought it back to me that this really is an important topic that we all need to be aware of.

What happened this last week?

Apple, earlier this week, released updates to its iPhones and Mac computers and watches that plugged a vulnerability which was being exploited by a surveillance software maker which literally all they had to do if they wanted to take control of somebody’s iPhone we’ll say, all they need to do is send a message to that phone and just when the phone receives the message, they now have control of it. The user of the phone did not have to do anything. So that’s pretty scary.

Also there was the vulnerability that I talked about in last week’s #WeekendWisdom. Microsoft have issued updates for that this week. So again, it’s really critical that if you have updates waiting on your Windows computer to apply them.

This is the reason why updates are important

You see the problem here is that when the likes of Apple or Microsoft issue updates, criminals go and take those updates, they look at them and they find out what exactly has been fixed in Windows or in the iPhones or whatever. Then they can figure out how they can exploit that, that vulnerability that was there that was fixed. If people don’t do the updates, the criminals can now exploit them, for those people who don’t, because there are quite a lot of people who don’t apply updates.

But it’s really important that you do.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 095 Why Updates are Important appeared first on L2 Cyber Security Solutions.

Why would you want to do this?

Microsoft are going to retire the Internet Explorer browser in June of 2022. But you might want to consider getting rid of it at bit sooner … like now. You see there is a vulnerability in it that can be exploited by somebody sending you a malicious word document. That all you have to do is open the document. You don’t need to take any other action, like click enable content or any other thing. Opening the document will exploit this vulnerability and cause malicious code to be run on your computer.

Check if you should first

Now before you take any of these steps, please check with your IT support that you really don’t need to use Internet Explorer anymore or that you’re allowed to remove it. So please check first.

How to remove Internet Explorer

This is how you get rid of it.

1. Go down to the bottom left hand corner and click the start button and select settings.
2. Click Apps.
3. Then click Optional features.
4. Find Internet Explorer, click on it and click uninstall.
5. Then when you see this thing and it’s finished, reboot your computer.

Once it comes back up again, you should be safe.

What if you need Internet Explorer?

If you really do need to use Internet Explorer for some legacy application or something like that, there is an Internet Explorer mode in the Microsoft Edge browser. Google that and find out how you can use that mode.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 094 How to remove Internet Explorer appeared first on L2 Cyber Security Solutions.

You’ve mentioned these before

Back in #WeekendWisdom number 76, where I talked about connecting devices to the internet and #WeekendWisdom number 84, where I talked about distributed denial-of-service attacks, I mentioned botnets.

What are botnets?

A botnet is a collection of a large amount of compromised devices that are connected to the internet.

How do they get formed?

There are legitimate services out there that scan the entire internet and every device that is connected to it and it keeps a database of all these devices.

Criminals then using these legitimate services are able to tailor their searches and locate:

• CCTV cameras
• Baby monitors
• Digital video recorders
• In-house IP cameras
• Any other type of device that may be connected to the internet in a very insecure manner

If they can detect these through this database, what they can do then is compromises it using maybe:

• Default credentials
• Known compromise
• Weak vulnerabilities

in those devices. Take them over, add them to their botnet and then they have control of these devices. They give them instructions to carry out a distributed denial of service attack.

So that’s how these botnets get formed.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 093 Botnets appeared first on L2 Cyber Security Solutions.

Where did this story start?

A few weeks ago, I was talking to some people about my favourite topic #Ransomware and I was explaining how ransomware goes through the process of encryption of all the data files that they can see. Somebody stopped me and asked me, what do I mean by encryption?

I was kinda surprised that the word wasn’t really better known out there, maybe its because of the industry I’m in.

What is Encryption?

Encryption at it’s most basic form is the scrambling of a set of data in conjunction with some kind of a key that will scramble the data make it unusable, you won’t understand what it is, unless you have the key which, whoever receives the data, they have the key, they can decrypt the data. Get it back to something that looks normal.

How does it work?

So what we talk about in the information security business:

1. you take plaintext, which is the stuff that you can read.
2. you apply the key to it, which generates ciphertext, which is what’s transmitted.
3. Anybody that gets the ciphertext, they won’t be able to understand it.
4. When it gets to the other side, the person uses the key and it decrypts the data and they get back to plaintext.

All very modern sounding.

This has been around for since ancient times. There was apparently some encryption found in some tomb in Egypt from like 1900 BC. So Encryption has been around a long time. It’s not just something new with computers.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 092 Encryption appeared first on L2 Cyber Security Solutions.

This sounds familiar

I covered something pretty similar back in #WeekendWisdom number 42 where I covered Consent Phishing.

But credential phishing is where the criminals are going to try and get you to give up your login ID, usually your email address and your password. They can later on compromise your email account or perhaps log into your office systems to be able to execute a ransomware attack.

How do they carry out phishing for credentials?

The methods they use are varied, but a very sneaky one that they typically use is, they will send an email with an actual SharePoint link in there, or this could be a Google Drive link as well. People are very familiar with SharePoint links and Google drive links. They are usually fairly safe to click because these are things that people deal with on a day-to-day basis. They’re not some crazy dodgy site that you are being linked to. It’s something you’re familiar with.

Then when you click on the link, then it will say “Oh. You need to sign into your Microsoft account” or “… your Google account to be able to get into this document.” That’s where they catch you. They pop-up a login page and you give up your user ID and password in there. Now they have it.

How can you protect yourself from this?

So it’s really important that you implement something like multi-factor authentication to get an additional set of protections from these sorts of attacks.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 091 Phishing for Credentials appeared first on L2 Cyber Security Solutions.