Month: March 2020

If all you think that users are all set , Proper ground work has been done for enabling WFH. Nightmare comes on the way in the name Microsoft.. Here the story below .

The coronavirus could make remote work the norm, what businesses need to know
As if working from home wasn’t challenging enough, Microsoft has now warned that a Windows 10 bug is preventing Office 365, Microsoft Teams, Outlook, and other critical work apps from reaching the internet.

The Windows 10 connectivity bug couldn’t come at a worse time and is probably causing real pain for the millions of employees worldwide working remotely amid the COVID-19 coronavirus outbreak.

Many of these workers are running a Windows 10 PC and accessing work resources remotely via a virtual private network (VPN) connection. And millions of workers will be relying on Microsoft’s productivity apps, such as Office 365, Microsoft Teams, Internet Explorer, and Outlook to get work done.

But a bug affecting all supported versions of Windows 10 that have applied the February 27 cumulative update KB4535996 – or any of the three subsequent cumulative updates – is preventing these core productivity apps from connecting to the internet.

Making matters worse for Windows 10 users, connectivity is more likely to be disrupted when using or connecting and disconnecting from a VPN, which many employees are likely to be doing a lot under the current conditions.

“Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area. This might happen when connected or disconnected to a VPN or after changing state between the two,” explains Microsoft.

“Devices with this issue might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state are as follows but not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11, and some version of Microsoft Edge.”

Microsoft says Windows 10 users “might be able to mitigate the issue by restarting your device”, but that’s still going to be a drain on productivity and a source of frustration.

Suggesting Microsoft considers the bug a severe issue, the company is planning to release an out-of-band fix in “early April“. The update will only be made available on the Microsoft Update Catalog.

Perimeter-based security practices, designed and based on the concept of “trust but verify,” have been rendered obsolete now that IT infrastructures have become borderless. Bring your own device (BYOD) practices, cloud services, mobile everything and digital transformation have created a vast attack surface that cannot be walled off.

In response, organizations are moving from “trust but verify” to zero trust architectures. A zero trust information security framework assumes organizations should not trust any entity inside or outside of their IT infrastructure at any time.

As cited in a Cyber Security Hub article, zero trust architectures are based around the idea of “never trust; always verify” and are “designed to address lateral threat movement within the network by leveraging microsegmentation and granular perimeters enforcement, based on user, data and location.”

Therefore, implementing zero trust requires the ability to process vast amounts of telemetry data. Behavior analytics makes it possible to understand and take action on activity in real time. Combination of trust and analytics will eliminate passwords which is the biggest headache to companies

It all begins with context. By collecting context from disparate sources, including structured data, unstructured data and identity information, it’s possible to know who people are, who machines are, what access entitlements they have, and what they are doing in terms of activities and transactions.

All of this security soup can be linked together using algorithms and compared with each user or entity’s baseline behavior patterns — and even those of their peer groups — to generate a continuously updated risk score that increases when anomalies occur. This risk score can be used to create alerts, drive orchestration patterns and provide intelligence to downstream systems.

Getting Started With Zero Trust

There are five main steps for implementing zero trust security: identifying sensitive data, mapping the flows of sensitive data, architecting zero trust microperimeters, continuously monitoring a zero trust ecosystem with security analytics, and embracing security automation and orchestration.

Like any IT project, it’s best to limit the initial implementation of zero trust to a specific use case. This enables any stumbling blocks to be limited in scope and their impact on business operations. Also, working with technology partners experienced in deploying enterprise zero trust architectures can help avoid common pitfalls associated with do-it-yourself deployments.

Security-savvy organizations are recognizing the benefits of a zero trust architecture for shrinking their attack surface, as well as reducing friction for low-risk users, assets and activities. Meanwhile, the vast sources of data continuously being generated by devices and applications now make it possible to establish the context needed to operate on the “never trust; always verify” security principle.

What’s required, however, is specialized analytics that can transform lots and lots of data into intelligence that is actionable. Put another way, to implement zero trust architectures, we need to understand how risky something is — or how risky someone is — in order to apply the appropriate level of control to each user, entity and request.

Trust your perimeter with cautious .. Zero trust will ensure your security with verification

As everyone is settling into their home office routines, there’s an overlooked danger surrounding our computers.

While keeping our eyes peeled for viral infections outside, have you recently stopped to consider how a bug, virus, or other malware may affect your business’ operations, network, and even put your users’ data at risk?

With the advantage that is working at home, comes the very real danger of experiencing a data leak. Needless to say, that places a customer’s well being at stake. Plus, the business is exposed to potential lawsuits, loss of reputation and derailing of operations.

Two threats from home
Torres stated that the coronavirus pandemic has led to two potential sources of risk.

The first is related to faulty links, attachments, and websites that claim to have solutions and real information regarding the disease. Moreover with the reign of “fake news” unsuspecting users may fall victim to these claims and choose to access this content.

According to cybersecurity company ESET, there were around 2,500 malware infections in a single day due to coronavirus-themed emails.

As a result, panic and misinformation can open the door to malware entering a device.

But given that everyone is at a distance, it’s tougher for them to report what’s happened. And that’s assuming a member of your team notices something is amiss, as Torres rightly pointed out, “on average, a business will realise there’s been a data breach six months after it’s actually taken place.”

Meaning, if you’ve downloaded a virus, your computer won’t cue the flashing lights and sound off the alarm. Chances are you’ll only realise something’s up once you try to locate certain data and find out it’s no longer there, it’s been altered, or someone else notifies you.

The second potential risk comes directly from working at home, where it’s likely staff isn’t operating over a virtual private network (VPN) but rather using their WiFi internet. Plus, unattended laptops and computers can prove to be a source for games or pranks from other members of the household.

How to approach the problem
As businesses shift towards cloud-based solutions to store their information, it’s much easier to access data. That allows teams to keep running from afar.

So that’s the good news.

The bad news is this also means that users and staff can more easily access sensitive information since everything is connected.

For example, a customer service rep probably shouldn’t be able to tap into the accounting department’s books. However you can’t simply block everything, otherwise nobody would be able to do their job.

As a result, companies classify their information based on their level of value. Uber-sensitive data needs a bigger defense to be accessed. And that’s where data loss prevention (DLP) software comes in.

Your startup’s admin can use this software to place barriers in systems where you store information on common cloud solutions like Google or Office, for example. However, there are multiple types and degrees of DLP sophistication.

And depending on whichever you choose to use, an admin can be notified if someone is trying to open a restricted file, limit editing documents, block the printing of documents, etc.

Worst-case scenario…
If worse comes to worst, and you suspect there’s been a data breach, here a few things to keep in mind. isolate the potentially infected devices ASAP. That way you contain the spread of the malware on your system. Also, evaluate whether your users need to be notified based on the information that’s been leaked.

Also raising awareness and talking to your teams about these risks. Emphasize the importance of handling this information responsibly at home, just as they do at the office.

It’s bad enough there’s an awful virus outside cooping us up at home.

Let’s not make matters worse by letting digital viruses affect one of your most valuable assets: data.

DATA is a valid Asset of each organization.. it’s an Intellectual property that need to be safe guarded

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems.

The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.

Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.

The company described the current attacks exploiting the zero-day as “limited” and “targeted.”

All currently supported versions of the Windows and Windows Server operating systems are vulnerable; however, the zero-day is less effective in Windows 10, where the atmfd.dll file is either not present, or runs inside an AppContainer sandbox with limited privileges and capabilities.

Windows 7, which is currently end-of-support, is also impacted.

Security updates are currently not available. Microsoft intimated that they might arrive during next month’s Patch Tuesday.

To mitigate, Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Mitigations include:

1.Disabling the Preview Pane and Details Pane in Windows Explorer
2.Disabling the WebClient service
3.Renaming ATMFD.DLL