By Randy Becker, VP & Principal Security Architect The pandemic has brought new and interesting challenges for all of us to deal with and certainly the balance of supporting users working remotely while ensuring security has not been easy. Initially we all had to scramble to figure out ways to allow employees to work from home. Some crazy things happened, including people bringing their desktop PCs home, connecting home PCs (with unsupported operating systems) to corporate VPNs, etc. Now we are seeing discussions about returning to work. What does that look like and what is it called?

By Randy Becker, CISO & VP, Network and Security Consulting I am often asked by customers, “If you could only do one thing to improve your security posture right now what would it be?” That’s an easy answer: implement immutable backups to protect against a ransomware attack. So, what exactly is an immutable backup? Simply stated, it is a backup that is read-only and cannot be deleted by anyone, including an administrator, threat actors, or, you know, the “bad guys.”

By Randy Becker, CISO & VP, Network and Security Consulting Microsoft just released a new PowerShell script called the Exchange On-premises Mitigation Tool (EOMT). https://github.com/microsoft/CSS-Exchange/tree/main/Security#exchange-on-premises-mitigation-tool-eomt. This single script will automatically grab necessary downloads and dependencies for mitigation and malware scan, and reverse changes made by known threats.

By Randy Becker, CISO & VP, Network and Security Consulting As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021. Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.  

By Randy Becker, CISO & VP, Network and Security Consulting It isn’t common for Microsoft to release a security update for an 11-year-old server application. So, when they do, people take notice. Especially when tied to Email. Microsoft has just released out-of-band security updates for a zero-day exploit that is actively being exploited in the wild. Of significant importance is that this is for all supported Microsoft Exchange versions plus Exchange 2010.

By Randy Becker, CISO & VP, Network and Security Consulting Zero Trust is not new, but it has recently started to show up a lot in security circles. A quick search shows that there are a lot of organizations with thoughts on this topic. Given the infamous SolarWinds breach, we are starting to hear more about “Zero Trust,” “Defense in Depth,” and my personal favorite “Assume the Breach.” Last Friday CISA quietly posted the following important guidance on Zero Trust: NSA Releases Guidance on Zero Trust Security Model. This should be on the short list of reading for everyone.

By Randy Becker, CISO & VP, Network and Security Consulting There is a new form of malware (dubbed “Silver Sparrow” by Red Canary) that seems to be affecting Macs running Intel processors and Apple’s own M1 processors. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire. VMware announces Remote Code Execution (RCE) vulnerability in the vCenter with a CVSSv3 base score of 9.8 CVE-2021-21972. This one looks ripe for exploitation as it is a RCE **AND** a 9.8 In addition to this, two others were found—all in the CVSSv3 range of 5.3-9.8.

By Randy Becker, CISO & VP, Network and Security Consulting SolarWinds, Solorigate, Sunburst, Teardrop, Sunspot, Raindrop… will it ever end? (Check out Microsoft’s deep dive for a comprehensive summary.) The breach was even the lead story on 60-Minutes with Microsoft President Brad Smith and FireEye CEO Kevin Mandia interviewed.

By Randy Becker, CISO & VP, Network and Security Consulting On February 9th, Microsoft moved into the second phase of enforcing CVE 2020-1472. This affects companies that are still using legacy unsupported Microsoft operating systems. Will Microsoft finally get closer to closing the vulnerability down? How may customers are affected by this?