What we’ve been reading …
U.S. critical infrastructure organizations need to improve cyber hygiene
In almost all attacks seen against U.S. critical infrastructure organizations, cyber actors have taken advantage of poor cyber hygiene practices. These include the use of default or weak passwords, unpatched known vulnerabilities, and poorly secured network connections. Avril Haines, Director of National Intelligence, said they are seeing record levels of attacks against U.S. industrial control systems typically used to automate industrial processes and widely used by critical infrastructure organizations. Defense.gov
Aiden for addressing vulnerabilities and keeping Windows endpoints at the desired specification
Aiden Technologies announced new security capabilities to mitigate vulnerabilities faster across Windows endpoints. Its AidenVision system identifies and alerts on high and critical CVEs across all Windows endpoints, maps what new software patches are needed to address these CVEs, and then automates remediation. Pre-AidenVision, the company says that organizations typically took 55 days to remediate 50% of the most critical KEVs from CISA. Post-AidenVision, organizations can deal with 97% of the most critical CVEs within 3 days. The reporting system gives audit-ready evidence to meet enquiries from regulatory bodies and insurance carriers. Aiden Technologies
Another reason to stop relying on SMS for MFA
Receiving one-time codes by SMS is a very convenient way of enacting multi-factor authentication requirements. It is, however, one of the least secure methods of MFA and one we continually recommend against. With phishing kits routinely including MFA bypass capabilities for one-time codes, SMS and other MFA mechanisms that take this approach should be deprecated in your security posture. And here’s another reason: fraudsters are targeting employees at mobile carriers with offers of money to perform a SIM swap, thus giving them access to a user’s phone number to receive MFA codes, among other malicious benefits. Security Boulevard
Leave a Reply