Baltimore schools struggling with ransomware
The November 25th attack forced the Baltimore County Public Schools to announce they would be closed through December 1st, promising more information after 5pm ET on that day. School officials are urging students and staff to stop using their school-issued Windows computers, only to use Chromebooks and associated Google accounts for the time being. It’s unclear what ransomware group was behind the attack, and if any data was exfiltrated as part of the attack.
UK tightens restrictions on Huawei 5G equipment
The UK previously announced that purchases of 5G network equipment from Huawei are banned after 2020, with carriers having until 2027 to actually install the equipment. However under a proposed Telecommunications Security Bill scheduled to be introduced to parliament, telcos would have until September 2021 to install any Huawei equipment, although existing equipment can be maintained through 2027. The proposed law would also give the government powers to identify network equipment as a national security risk and ban its use in domestic networks, and power to issue fines of up to 10% of turnover for noncompliance. The government will also invest £250 million behind a 5G diversification plan to grow the telco supply chain and increase competition.
ZeroLogon now detected by Windows Defender
While Microsoft recently patched the vulnerability, it realizes some organizations cannot update domain controllers right away that are vulnerable to the exploit. The company has updated Microsoft Defender for Identity along with other Microsoft 365 Defender solutions to detect attempts to exploit the flaw. This detection covers both the aspects of exploitation and traffic inspection of the Netlogon channel. Microsoft said it first saw a surge in ZeroLogon attack with customers starting on September 13th.
Chris Krebs appears on 60 Minutes
The former CISA head appeared on the program for his first interview since being removed from his position by President Trump. Krebs reiterated the the US election was secure, that election day was heavily monitored by multiple agencies and was ultimately a quiet day, and that there was no evidence of forign or domestic voting interference that impacted the vote count. He said the use of paper ballots as backups dismisses conspiracy theories that so-called algorithms on electronic voting machines changed votes, and that all recounts shows consistency in electronic and paper backups. Krebs further said he and his team at CISA worked three and a half years to prevent any kind of election interference from foreign sources, as occurred in 2016. (CBS News)
Thanks to our episode sponsor, SecureLayer7
Microsoft cuts off Teams access for IE 11
This comes as part of Microsoft’s planned end-of-life rollout for the venerable browser. Originally announced back in August, Microsoft will no longer support Teams in IE as of December 1st. The service may still work for now in the browser, but Microsoft will no longer work to make all features available in IE. The next major milestone for phasing out IE 11 comes on August 17, 2021, when the company will stop supporting Microsoft 365. Going to the Teams web app in IE11 will now display a splash page directing users to the desktop app or to use another browser.
Updated malware is targeting macOS
Security analysts at Trend Micro identified a malware campaign impacting the OS that appears to be tied to the Ocean Lotus hacking group, who have links to the Vietnamese government. This campaign begins with phishing emails designed to get users to open a Word document in a zip file. This opens the door for a multi-stage payload designed to install a backdoor into the Mac, ultimately allowing attackers file access and potentially serving as a beachhead for further exploits. The researchers believe the malware is being actively developed.
US consumers estimate their risk of cyberattacks
The findings come from Comcast’s Xfinity Cyber Health Report, which combines user surveys and network statistics received from the company’s consumer security platform. According to the report, since January, Comcast’s xFi Advanced Security has blocked nearly six billion cybersecurity threats, about 104 threats per household per month. In surveys customers estimated they saw 12 threats a month. Customers had an average of twelve devices connected to the network, up from 10 last year. 85% of respondents said they were taking adequate security measures, while 64% admitted to risk increasing behaviors like password sharing. 83% of respondents were not certain if a non-screen connected device, like a printer, had been hacked on their network.
Making the case for cyber distancing during COVID-19
Tim Bandos at Security Week laid out why conditions from the COVID-19 pandemic make cyber distancing an important security posture. While mixing work accounts with personal devices and vice versa was not uncommon before the pandemic, the massive shift to work from home has seen the practice explode since March. He recommends taking precautions on your home network like not broadcasting your SSID and changing default router passwords, disabling any remote access features, and updating router firmware as solid first steps. This is especially vital for organizations not segmenting traffic using a VPN or virtual desktop deployment.