Trusted Internet is elated to again, be named a top MSSP in the MSSP Alert Top 250 list for 2021. We’re a small company, helping small companies, and the webinar both validated the tools we’re using and our 2022 strategy.

Considering an MSSP? Consider a Top 250. Consider Trusted Internet!

https://www.msspalert.com/wp-content/uploads/2021/09/Top-250-MSSPs-2021-Report.pdf

Overview

A newly discovered vulnerability (CVE-2021-30860) impacts all Apple operating systems that use the iMessage application.

Details

Affected devices:

•  iPhones with iOS versions prior to 14.8

•  Mac computers with operating system versions prior to OSX Big Sur 11.6

• Mac computers with operating system versions prior to Catalina Security Update 2021-005

• Apple Watches prior to watchOS 7.6.2

• All iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later

• iPod touch 7th generation

This vulnerability leaves the device susceptible to the installation of spyware without user knowledge, granting the attacker the ability to track messages and media sent and received by the user.

Conclusion

Trusted Internet recommends the owners of Mac computers, Apple Watches, and iPads check for and apply the most recent patches to their system soonest. (For iPhone users, that will be version 14.8.)

If you own an Apple device that falls outside of support for this patch, we recommend upgrading.

Trusted Internet remains dedicated to 24/7 monitoring for cyberattacks like this one. We also provide tailored consulting and project management to further secure your networked systems, data, devices, and accounts. If you have any questions or need to report a suspected cybersecurity incident immediately, please call:

SOC hotline at 1-800-853-6431 ext. 1 or email support@trustedinternet.com.

How are we doing? What would you like to see improved? Please take our survey at:

https://www.surveymonkey.com/r/Trusted_Internet

In light of cyber happenings in one NH town in the last weeks, and seemingly endless attacks on other small towns across the country, Trusted Internet is hosting a webinar this Thursday morning to discuss with town administrators and town managers, how best to protect their towns using a standardized low-cost high payoff reference architecture.

During the talk, we’ll discuss how best to protect your towns from ransomware, business email scams, and more.

When: Sep 2, 2021 10:00 AM Eastern Time (US and Canada)

https://us02web.zoom.us/meeting/register/tZwufu6przMrGNSp495IYHnyf-D7KfvVNUF-

After registering, you will receive a confirmation email containing information about joining the meeting.

I look forward to seeing you online.

Jeff Stutzman, CISSP
CEO, Trusted Internet

I’m happy to announce, after our first full year of training veterans, the US Department of Labor has reviewed our training program and yesterday, moved us from a Provisional Apprenticeship status to Permanent. This is a major milestone for Trusted Internet, and over 200 veterans who’ve been working through the program with the hopes of becoming information security professionals

How’s it work? We train 10 Veterans at a time, first, with 145 hours of online courseware. Once completed, you’ll be brought onto the watch and undergo another eighteen months of training as a SOC analyst, with options to move into any number of other information security paths.

For more information, please see https://trustedinternet.io/trusted-internet-cyber-vet-program

Summary:

The COVID-19 crisis and the resulting stay-at-home orders have caused many businesses to rush to deploy remote work solutions for their employees. Although Microsoft Office 365 has been a popular choice for remote collaboration, weakly configured security settings can lead to vulnerabilities that can be exploited by attackers. Although attacks targeting Microsoft users are a major concern, there many simple steps businesses can take to protect themselves and their employees from cyberattacks as we continue to work from home.

Details: 

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently published a new alert recognizing that security considerations may have been overlooked in the rush to get remote solutions up and running.[1] It advises organizations to ensure that their O365 software has been set up securely and to follow security best practices when it comes to working from home.

The alert comes alongside a wave of phishing attacks impersonating emails from Microsoft teams. As many as 50,000 users were hit with phishing emails masquerading as automated notification emails from Teams. The emails contained a malicious link to a phishing website where they were prompted to enter their O365 credentials.[2] If successful, this attack steals the victim’s O365 credentials and grants the attacker access to even more information due to Microsoft’s single sign-on feature. To help mitigate these and other attacks, CISA recommends the following security configurations when deploying O365:[3] 

1.     Enable multi-factor authentication (MFA) on all accounts, especially administrator accounts, and disable legacy authentication protocols that do not support MFA.

2.     Avoid using the global administrator account unless absolutely necessary and assign administrator roles using Role-based Access Control (RBAC).

3.     Enable Unified Audit Log (UAL) to help administrators investigate policy violations or suspicious activity and integrate these logs with your existing Security Information and Event Management (SIEM) system if possible.

1.     Enable alerts within the Security and Compliance Center to detect anomalies like logins from suspicious locations or accounts exceeding sent email thresholds.

2.     Incorporate Microsoft Secure Score to evaluate your organization’s security posture and enhance security compliance.

In addition to the above recommendations, Trusted Internet recommends making sure updates to Microsoft software are installed regularly. In the May 2020 update alone, Microsoft released patches for 111 different security vulnerabilities, including at least 16 critical vulnerabilities that, if exploited, could allow attackers to install malware or take remote control over systems.[1] It is also important to make sure employee laptops or workstations are running antivirus or endpoint protection, and that users have been trained to follow company security policies related to remote work.

Looking to the future, many employees may continue to work from home even after the COVID-19 pandemic has passed. Twitter announced this week that it will allow its employees to work from home “forever” if they choose.[2] If working from home becomes the new normal, it will be even more important to ensure businesses know how to do so safely.

Conclusion 

Implementing solutions like Microsoft Office 365 has been instrumental in allowing organizations and their employees to collaborate remotely and stay online. Taking the time to ensure that your O365 integration has been completed securely is a simple way that your company can maintain its security in this transition. Trusted Internet is a managed security service that can help you deploy secure remote work solutions and protect your business and employees from cyberattacks. If you have any questions or need to report a cybersecurity incident immediately, please call our SOC hotline at 1-800-853-6431 ext. 1 or email support@trustedinternet.com.

[1] https://krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/

[2] https://www.cnbc.com/2020/05/12/twitter-tells-employees-they-can-work-from-home-forever.html

[1] https://www.zdnet.com/article/microsoft-office-365-us-issues-security-alert-over-rushed-remote-deployments/

[2] https://abnormalsecurity.com/blog/abnormal-attack-stories-microsoft-teams-impersonation/

[3] https://www.us-cert.gov/ncas/alerts/aa20-120a