Microsoft IE Flaw Actively Exploited; NSA and FBI: New Linux Rootkit

I really like The Registers excellent headline, but I will add one thing: A lot of VPN approaches only support connectivity back to corporate data centers when the user has initiated the VPN and it hasnt timed out. Other VPN approaches that are always on dont handle intermittent or low speed home internet connections very well. Patch success rates for those sporadically-connected devices are always lower than LAN-connected or always on VPN approaches on solid remote connectionsworth extra attention on this patch-filled vacation/holiday month.

John Pescatore

As IE is being actively exploited, it may also be time to change the default browser. Consider limiting IE through the perimeter to reduce the likelihood of interaction with malicious sites. While you're busy queueing up application of this months suite of patches, take a check of your backup system to make sure youre covered in case something goes wrong.

Lee Neely

This is the third "Patch Tuesday" in a row when the number of vulnerabilities addressed exceeded one hundred. One does not know whether to credit Microsoft for its diligence or condemn it for the quality of its code. Suffice it to say that the next Patch Tuesday will address far more than zero vulnerabilities and most of them will be older than a month. While patching is mandatory, one cannot patch one's way to security. Use "least privilege" access control at all layers, internal firewalls, strong authentication, structured networks, and end-to-end application layer encryption to reduce your attack surface and hide potentially vulnerable processes. While I still do not like the expression "Zero Trust," it is an old idea whose time has come.

William Hugh Murray

Threat actors are leveraging anything relating to COVID-19, from wellness advice, contract tracing, and testing to financial relief programs to lure users into clicking/opening their content. With the increased telecommuting, its easy to forget that on-premise protections may not be protecting users full time. Step up user training, keeping in mind that current concerns and stress are leading users to click where they otherwise would not.

Lee Neely

"Phishing," i.e., bait attacks, remains efficient and popular. Because such attacks exploit human frailty and there are so many of us, they are difficult to address. The bait is generally offered in e-mails and on web sites. E-mail and browsing applications are implicated in a majority of breaches. They should be isolated from the rest of the the enterprise network. As a user, I hated it when any of my clients blocked my access to my e-mail (e.g., OWA) from their networks, but as their security adviser I had to appreciate it. Note that one no longer needs the enterprise network to access e-mail or to browse; one uses one's mobile and the cellular data network.

William Hugh Murray

As more information about inappropriate behavior from TikTok emerges, its time to make an active decision whether to block or prohibit the application. Use your MDM to inventory your corporate mobile devices for TikTok. Also took a look at application protections on your BYO devices to make sure that your enterprise information is protected from malicious behavior. Note that not all device/MDM combinations allow blocking installation or removal of disallowed apps.

Lee Neely

Take a look at the voice history your digital assistants are storing. Both Amazon and Google allow you to delete messages from their website, mobile app, or the device itself. Also, review the enabled skills and connected smart devices to make sure that no extra features are enabled, or devices connected.

Lee Neely

While the Lightroom and Acrobat updates are not actively being exploited, the Reader and Acrobat vulnerabilities are considered elevated risk because of past issues with these products. The updates for Reader and Acrobat affect a wide range of versions, back to Acrobat and Reader 2015. Check the Adobe Security Bulletin for the full list of products impacted. This would be a good time to replace older versions with current, patched ones.

Lee Neely

After ten years, we are finally nailing the final nail into the coffin of Flash. Perhaps it is time to consider the future of Reader and Acrobat. Many enterprises already restrict pdf attachments and others use alternative application programs to handle them.

William Hugh Murray

The most critical one is a flaw in baseboard management controller software, an issue Johannes Ullrich covered in the 2019 SANS The Five Most Dangerous New Attack Techniques keynote at the RSA conference and we covered in the 2019 SANS Threat Report. In addition to the usual local patching issues, this is an important risk issue to address with supply chain partners that may be using the impacted server boards.

John Pescatore

WordPress 5.5 has added automatic update status to the plugins listing, as well as the ability to select and bulk enable automatic updates. Even so, not all your plugins will support automatic update. Review and enable it for those which do, consider removing or replacing those which do not. Also look for plugins which are redundant, such as a cache plugin which overlaps the caching of your CDN which may not have been in place when you stood up your site.

Lee Neely

WordPress plugins are popular but of questionable quality. Consider enabling "all" by default until and unless "the solution becomes the problem."

William Hugh Murray