This Cyber Weekly includes:
It really takes a community to fight against ransomware. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share this post at the top right corner.
Last week, Apple warned iPhones and iPads of a major vulnerability that allows hackers to take control of Apple devices. It is unsure if the vulnerability has been exploited or exactly how many (if any) people have been affected.
“This could allow potential attackers to impersonate the device's owner and run any kind of software in their name. She added that those "within the public eye" like journalists and activists should be attentive in getting the update.” (Mashable)
If you haven’t already updated your phone, go into “Settings,” tap “General,” then “Software Update” and “Download and Install.”
My thoughts: Apple prides itself on providing a robust and secure device(s) / experience. I wonder how they discovered this vulnerability. Did it come from the internal team, a client or a cybercriminal trying to extort Apple? It would be reassuring if Apple found this vulnerability themselves. This would mean, as expected, they take user security serious and have deployed the processes to continuously monitor for vulnerabilities. In this case, we are not sure as there is limited information available. I’ll keep an eye out for more details.
An incident response team is piecing together the details of a cyber attack against the Fremont County systems. Officials were alerted to the malicious activity last Wednesday and are working to mitigate a cybersecurity attack on county computers, with employees unable to use computers or access emails while phone systems are still working. The county has launched a full investigation into the incident. Many Fremont County buildings were closed to the public immediately after the attack. So far there is no indication that city and state-managed systems have been compromised. (Govtech.com)
In a press release Friday, Fremont County Commissioner Chairperson Debbie Bell said there is no indication that city- and state-managed systems are compromised. "We are working to restore county services that were impacted by the cybersecurity event as quickly and safely as possible," Bell said. "We understand it can be very hard to wait, but please know we are waiting right alongside all of you.
My thoughts: County and government related entities service a lot of people offering public services to individuals of all ages. Some who really rely on these services. Taking them offline for days could result in some very serious consequences for certain individuals. Throughout my career, I have often heard that municipalities and governments “don’t’ have the available funds” to conduct or execute IT Projects. I challenge anyone working for these entities superficially public officials, who dares not to take their constituents and their personal data seriously. Times are changing. Individuals are demanding better protection in general, especially when taxpayers are picking up the bill. I also like how transparent the County was and how they continue to update their citizens on a daily basis here in the daily updates section on their website.
Earlier this week, Google updated its search engine Chrome to version 104.0.5112.101 on Mac and Linux and version 104.0.5112.102/101 on Windows.
Please verify that your Chrome web browser is up to date. Google found vulnerabilities that are currently being exploited by hackers. (Mashable)
My thoughts: Like other hacks this week, at the moment, there is little information about this. I will keep an eye on it as well. If we learned anything this week, spend the few minutes required, to ensure we update our systems when we know about these situations. Tell everyone you know.
After Estonia removed a Soviet-era monument, a Russian hacker group attacked the government. The Estonia government was able to avoid major cyber attacks, with minor disruptions. Although the hackers insist on claiming responsibility of DDoS attacks on 207 websites, the government claims the hackers and their techniques were not effective.
My thoughts: This is a scary and dangerous situation. Regular criminals who don’t like a political move now have “power” to cause havoc. With reduced cyber security measures employed for critical infrastructures, we are exposing ourselves to the extremist criminals.
Over the weekend, a hospital in Paris became the victim of a cyber attack. Emergency services and surgeries were disrupted by the attack. The hackers are demanding $10 million in ransom. (RFI)
My thoughts: When large enterprises get hacked, people don’t really pay attention. There’s a belief that companies have a lot of money and they can deal with it. What is not so evident is the effect a cyber attack has on the end-users. It would be difficult to find someone sympathetic if a company like Apple would lose $1million every now and then. However, we do care about the millions of people that might be affected. We do care that an enterprise getting hacked might affect the privacy of millions of end-users. We also care even more when lives are put in danger when a hospital gets attacked. The context is different in every scenario, but in the end, it affects people like you and I. Let’s spread the word about what a cyber attack really means. A cyber attack means average people may unknowingly get in harms way.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.