PNSCG

The excuse “my company is too small to be a target” is no longer valid, as hackers are using small companies as an entry point into their intended target.

The time is quickly approaching when organization will require that all the companies they do business with can prove that they are doing their best to stay secure.

“The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.”

Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say Hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.

Classic Phishing Scam

A good illustration of how this type of a scam is played out.

It’s important that everyone reboot their home internet/WiFi routers. Even those provided by an ISP (internet service provider).

How to reboot: unplug the power and waiting 10 seconds to plug it back in will do the job.

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide | US-CERT The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.

Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC Adobe has released critical security patch updates for Adobe Acrobat, Reader and Adobe Photoshop CC

Vendor/Third-party risk management concerns are growing: is your small business prepared?

This stresses the importance of keeping your PC security patches up to date.

Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password An information disclosure vulnerability (CVE-2018-0950) has been discovered in Microsoft Outlook that could allow hackers to steal Windows users’ login credentials.

Are you still using the same password for multiple sites or writing them down somewhere "safe"?

As organizations begin to require the use of more complex passwords and that they be changed frequently, it will become more necessary to utilize a password management system.

Best password managers of 2017: Reviews of the top products The best password is one you probably can't easily remember—that's why a password manager is so crucial to your online security. This guide will help you find the best tool for generating and storing strong passwords to shore up your online defenses.

Great source of information. Too many to list out.

If you are an end user or IT pro, there is something for you here.

Largest FREE Microsoft eBook Giveaway! I’m Giving Away MILLIONS of FREE Microsoft eBooks again, including: Windows 10, Office 365, Office 2016, Power BI, Azure, Windows 8.1, Office 2013, SharePoint 2016, SharePoint 2013, Dynamics CRM, PowerShell,.. Eric Ligman, Microsoft Director of Sales Excellence Blog

Why SMBs are at high risk for ransomware attacks, and how they can protect themselves

Many SMBs (Small Medium Business) that fall victim to a ransomware attack never recover from it and are eventually forced to go out of business. Taking the necessary steps to reduce the impact of such an attack now, will lessen the chance of potentially loosing all your data and possibly your business.

Awareness- establish an employee awareness program. At a minimum the program should educate employees on:
1. How to detect phishing emails
2. Safe internet browsing
3. Safe file sharing
4. The importance of keeping system patches up to date
5. Reporting suspicious emails

Backups - establish and maintain a backup policy and procedures.

While there are more things that can be done, the above are foundational to improving cyber security

Why SMBs are at high risk for ransomware attacks, and how they can protect themselves - TechRepublic Ransomware cost businesses more than $1B last year, and SMBs are particularly susceptible to attack. Here are some tips and best practices for keeping your company safe.

No OS is immune to attack.

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back South Korean web hosting provider pays $1 million to Erebus Linux ransomware hackers to get files back hosted on its hosting servers.

Patch your systems and always keep them up to date.

WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives A security researcher has activated the 'Kill Switch' to stop WannaCry ransomware, but it's not over yet, install the security patch for Windows SMB vulnerability.