Articles of interest from the week of April 27, 2020

Researchers Exploit Almost Every Anti-Virus Software & Turn Them Into Self Destructive Tools

Researchers uncovered a simple flaw that existed in nearly 28 Antivirus software that allows malware authors to exploit the system and disable the Antivirus software also turn them into self-destructive tools on Windows, macOS, and Linux. (By Balaji N, GBHackers On Security)  Ingalls: The four pillars of traditional IT Risk Management (firewalls, anti-virus, patch management, and backup) are no longer enough to mitigate the risk from today’s cybersecurity threats. Our cybersecurity experts can help secure your company's information in a personalized and efficient way with our cybersecurity and Managed Detection and Response services.

Fake FedEx and UPS Delivery Issues Used in COVID-19 Phishing

As people socially isolate and work from home, shopping online and home deliveries have increased. Scammers are capitalizing on this by creating new scams using Coronavirus delivery issues as a lure to get people to visit malicious links or open malware. In a new report by Kaspersky, researchers see a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL (By Lawrence Abrams, BleepingComputer) Ingalls: We strongly recommend to always enable two-factor authentication (2FA) or multi-factor authentication (MFA) when possible. If your MFA solutions fails, make sure your business has a plan to deal with the emergency. Our blog post provides useful information on how to build a cybersecurity incident response plan. 

Enterprise Security Woes Explode with Home Networks in the Mix

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network. (By Tara Seals, Threatpost) Ingalls: Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defense-in-depth approach which monitors and correlates network activity with endpoints, logs and everything in between. .

Us Govt Updates Microsoft Office 365 Security Best Practices

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an update to its Microsoft Office 365 security best practices as part of an alert distributed via the US National Cyber Awareness System. (By Lawrence Abrams, BleepingComputer) Ingalls: Can We Work From Home (WFH) Securely? Our recent blog covers some basic ground rules so that we can all help protect our information while working from home.

Ransomware Groups Continue to Target Healthcare, Critical Services; Here’s How to Reduce Risk

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. (By Microsoft Threat Protection Intelligence Team) Ingalls: Ransomware has become a serious threat to businesses of all sizes and industries, and traditional security practices are no longer strong enough to protect your business: early detection and response is key. Are you prepared to defend against ransomware?