20. What a Secretary Did...

Wait until you hear this story about what a secretary did

UPDATE to last week's Headlines:
  • SolarWinds hackers had access to over 3,000 US DOJ email accounts 
  • A website named 'SolarLeaks' is selling data they claim was stolen from Microsoft (source code and repositories $600k), Cisco (source code multiple products $500k), FireEye (security tools – $50k), and SolarWinds (source code and customer portal $250k), or everything for $1mill.
  • Microsoft security teams release report on how Solarwinds hackers stayed hidden (nothing new)
This Week's Security Tip:
In a recent incident reported in US news, an office secretary unknowingly gave some of her law firm’s most private data to a gentleman who had bought a Comcast Cable polo shirt off eBay. He dressed in khakis with a tool belt, and told the secretary he was there to audit their cable modem specifications and take pictures of the install for quality assurance. She had no reason to suspect he was part of a now-extinct hacker ring who would gain access to a business’s private network by going inside the office and noting the configuration details and passwords for their firewalls and cable modems. In some cases, they actually built a secure VPN private backdoor they later used to steal data. If someone dressed up in a utility-provider uniform, would you let them in?

Ask for identification and who they have spoken with about the service they are performing, and be “gracefully suspicious,” as they say in the South. Keep company policies about how visitors are allowed in the building, if such policies exist. If those kinds of policies don’t exist, work to define them. We can help, if needed – but this is a real problem your office needs to address.

Today's Headlines:
  • Ticketmaster fined $10mil after hiring competitor's employee, then used his credentials that were still active to "choke-off" business and steal one of their high-end contracts
  • Nissan NA source code leaked after server hacked using default admin/admin login
  • Ubiquiti – security breach may have exposed all user data – sent mass email to reset pw – force you to create cloud login, which portal was breached,  instead of local account
  • Hacker leaks full database of 77 million Nitro PDF user records (email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information
  • VLC Media Player 3.0.12 fixes multiple remote code execution flaws – very poular traffic cone icon for playing media,  "could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user."
Next Week's Teaser: Bank online? Do this ONE thing…

Call to Action:
We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I’ll do it later). So what’s smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I’ll ask some key questions and give you a quick score. If you’re doing everything right, you can sleep better at night. If there’s room for improvement, we’ll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!

www.mastercomputing.com/discovery