Cyber Vigilance Update

Today’s Connection

Cyber Engage Update - 05/05/2023 (#23) (#24) (#25)

Office Alert

Welcome Cyber Criminals!

Some Security Controls are so weak its like leaving the key under the mat!

Cyber criminals routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics which are intended to compromise a victims’ system.

The following techniques are commonly used to gain initial access to victim networks.

  • Exploit Public-Facing Application
  • External Remote Services
  • Phishing
  • Trusted Relationship
  • Valid Accounts

Cyber criminals often exploit the following common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.

  1. Multifactor authentication (MFA) is not .
  2. Incorrectly applied privileges or permissions and errors within access control lists.
  3. Software is not up to
  4. Use of vendor-supplied default configurations or default login usernames and passwords.
  5. Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorised
  6. Strong password policies are not implemented.
  7. Cloud services are
  8. Open ports and misconfigured services are exposed to the internet.
  9. Failure to detect or block phishing attempts.
  10. Poor endpoint detection and response.

What can you do?

Applying the following practices can help organizations strengthen their network defenses against common exploited weak security controls and practices.

  • Control Access i.e. Only those who need access should have access
  • Implement Credential Hardening i.e. improved practices to protect user credentials (e.g. passwords, API keys, access tokens, etc.)
  • Establish Centralised Log Management i.e. Centralising records to improve visibility, management and security
  • Employ Antivirus Programs
  • Employ Detection Tools and Search for Vulnerabilities
  • Maintain Rigorous Configuration Management Programs
  • Initiate a Software and Patch Management Program

Home Alert

Keeping Social Safe

Protecting yourself from the trolls, creeps, and criminals lurking in the digital abyss!

Social media sites and apps are great ways to connect and share information. User profiles, timelines, social media status, friend lists, and message services grant your contacts insights into your day-to-day activities.

However, these sites can also provide cyber criminals with the critical information they need to disrupt your life and harm or harass you, your co-workers, or even your family members.

What can I do?

Practicing good operations security (OPSEC) and using simple countermeasures will minimise the risks that come from using social media and help you protect your critical information. These steps are recommended to follow to enable good security of your social media profile.

  • Identify Critical Information
  • Don’t post critical information
  • Lock down your privacy settings
  • Apply Countermeasures e.g. Firewalls, Anti-virus and Anti-Malware etc.
  • Update immediately and frequently review privacy settings
  • Protect your location data
  • Know your “friends”
  • Minimize pivoting to home and work networks
  • Be aware of your physical and virtual surroundings
  • Secure and strengthen your passwords
  • Monitor your cyber footprint
  • Report suspicious activities
  • Recognize social engineering tactics
  • Close the window into your private life

Remember - What you post on social media, even when that information is set for private audiences, could someday become public…

 

This week's Training module

MODULE 4

Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance

homeapartmentcloud-downloadlinkcross