CYBER SECURITY IS UP TO ALL OF US!
Having a proper cyber security posture is up to all of us. All information created in the company is subject to the behavior of every collaborator. Use complex passwords and don’t share them with anyone. Note the sender’s and recipient’s domains when exchanging messages. When dealing with suppliers, have the confidentiality terms in mind.
THE HIGHER THE JOB POSITION, THE WORSE THE LOSSES CAUSED BY LACK OF KNOWLEDGE
Managers and leaders must be an example! Decision-making roles are always on the attackers’ radar. Decision makers exchange a lot of confidential information that, if leaked, can cause great loss to the company’s reputation and finances. Use complex passwords and enable two-step verification to create barriers against the attackers.
IF YOU FIND ANYONE NOT COMPLYING WITH SECURITY PRACTICES, DEMAND PROPER BEHAVIOR
Information leaks affect the daily life of all collaborators. If you find unlocked computers, passwords on Post-it Notes, and information about … Read the rest
Kaseya Script To Remove Splashtop
This is a simple Kaseya Script to remove the Splashtop agent from workstations and servers.
What does it do?
I am glad you asked. The script uses the Kaseya scripting engine to execute the uninstallation string for the Splashtop agent. It is a very simple script but it does the job.
<?xml version="1.0" encoding="utf-8"?> <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting"> <Procedure name="Splashtop Removal CMD" treePres="3" id="1984353680" folderId="113237001566792" treeFullPath="myProcedures - [email protected]"> <Body description=""> <Statement name="ExecuteShellCommand" continueOnFail="false"> <Parameter xsi:type="StringParameter" name="Command" value="MsiExec.exe /x {B7C5EA94-B96A-41F5-BE95-25D78B486678} /qn" /> <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" /> <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" /> </Statement> </Body> </Procedure> </ScriptExport>
I hope this article was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.
… Read the rest
Back To School Safety And Security Checklist
It’s that time again, many of you are going back to school and a proper safety and security checklist will help you for the coming year. Schools hire new Administrative staff and teachers, teachers and students move to new classrooms, school buildings undergo construction. Before the new school year begins, teachers, administrators and parents should review old emergency plans and make updates accordingly. Share the below lists with the people in your community to make this upcoming school year one of the safest and most secure year yet!
Administrators
- Ensure emergency protocols are in place and posted in each classroom.
- Go over basic emergency protocols with teachers and staff (i.e.: Evacuation, Shelter in Place, Lockout and Lockdown.) Answer questions when possible.
- Review key plan elements such as alert capability, relocation sites, and transportation elements to ensure they are in place.
- Develop a drill-schedule for early and mid-year that practices the
Physical Security Crossword Puzzle
As businesses become more dependent on technology so does the need for digital and physical security. Technology demands a significant amount of physical security to safeguard data, servers, networks and other devices.
Security awareness is not just about preventing cyber attacks, it is also about protecting data in the physical world. Solve the Crossword puzzle below using terms related to physical security.
Vertical
Horizontal
How To Block Mobile Attacks
Mobile Attacks statistics show that more than 60% of fraud originates from mobile devices.
Much of the world has gone mobile, and so have mobile attacks. Of the world’s cyberattacks, around 60% are initiated on mobile devices. About 80% of attacks against mobile devices take place via apps. Apps give hackers access to your device under the hood, so they can easily access your mobile banking app and initiate multiple levels of cybercrime.
Here are a few ways to block mobile attacks.
Wifi  |
• Don’t allow your device to auto-join random unknown public networks. • Try to turn off the WiFi when you aren’t using it. • Never send sensitive information over unknown WiFi connections unless you’re absolutely sure it’s a secure network. |
Bluetooth  |
• Make sure you have automatic Bluetooth pairing disabled. • Always turn Bluetooth off when you don’t need it. |
Apps  |
• Only use apps available |
The 18 Identifiers Of PHI
In this article I will outline the 18 identifiers of Protected Health Information also known as PHI. Under the Health Insurance Portability and Accountability Act, known simply as HIPAA, PHI is any information (identifiers) about health care, health status, or payment for health care that can be linked to a specific individual.
THE 18 IDENTIFIERS
- Names
- All geographical subdivisions smaller
than a state, including street address,
city, county, precinct, and zip code - All elements of dates (except year) for
dates directly related to an individual
(birthdate, admission date, etc.) - Phone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers,
including license plate numbers - Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, such as fingerprints
and voiceprints - Full face photographic images and any
comparable images - Any other
How To Fix Remote Desktop CredSSP Encryption Oracle Error
In a few steps I will show you how to fix the remote desktop CredSSP encryption oracle error. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to an attack. An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.
However, after patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.
Lets Get Started
We will be using group policy settings to make changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.
- Open Group Policy Editor, by executing gpedit.msc
- Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
- Run gpedit.msc and expand Administrative Templates
- Expand System
- Expand
Physical Security In The Workplace
With so much attention focused on securing networks and preventing phishing and avoiding ransomware attacks, the physical side of security sometimes goes overlooked. Even in the modern-day work environment where seemingly everything has an internet connection, we still must remain vigilant against physical threats to our security!
KEEP THINGS ORGANIZED.
It’s a lot easier to misplace sensitive documents and keycards/badges if your desk/office is a mess.
RESPECT PRIVILEGED ACCESS.
Keep your systems and devices locked when not in use. When accessing secured areas of our building, be sure no unauthorized persons sneak in behind you or are allowed to enter with you.
ALWAYS FOLLOW POLICY.
It’s your responsibility to know and understand our organization’s security policies. If you’re not sure of something or need more information, please ask!
KNOW HOW TO PROPERLY DISPOSE OF SENSITIVE MATERIALS.
Social engineers never hesitate to dive through dumpsters in search of valuable info. Shred … Read the rest
New Password Guidelines
For the longest time, security experts have recommended long, complex, and sometimes random, passwords. Unfortunately, those guidelines create a dilemma for individuals and organizations alike. Of course, the more complexity you add to a password, the harder it is to crack. But a more complex password also means it’s harder to remember. Complexity often fosters frustration, which in turn promotes laziness and tempts people to use the same password for multiple accounts. But there is hope! The National Institute of Standards and Technology (NIST) released a special publication of updated best practices for creating passwords.
Ditch the complexity.
Passwords that feature a bunch of random characters and capitalization no longer get the stamp of approval. Instead, passphrases that feature simplicity, now top the list of recommendations.
For example, the previous guidelines recommended developing a passphrase like, “The dog wants to play fetch.”
- Use a mixture of upper and lowercase letters:
LinkedIn Breach Exposes 92% Of Its Users Data
I’m shocked and upset about this LinkedIn breach. This is their second massive LinkedIn breach. It was reported that 700M users were effected in this breach, which is more than 92% of the total 756M users. The database is found for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.
What Happened?
According to the RestorePrivacy website, the hackers were able to abuse the official LinkedIn API to download the data.
On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information:
-
Email Addresses
-
Full names
-
Phone numbers
-
Physical addresses
-
Geolocation records
-
LinkedIn username and profile URL
-
Personal and professional experience/background
-
Genders
-
Other social media
Loading ...