IT News
- Details
Late last week Microsoft issued a high alert warning for a vulnerability in Outlook. The vulnerability affects all currently supported versions of Microsoft Outlook for Windows.
- Details
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday that they added a critical vulnerability in products that use the Log4j software library to their list of exploited vulnerabilities. The announcement was followed by a call hosted by CISA on Monday to explain the potential impact and urged immediate remediation steps to industries in the category of critical infrastructure. CISA is working with cybersecurity experts in both the public and private sector to resolve the exploit before it can be used for widespread attacks. Log4j is a common open-source logging service used by many cloud and enterprise application platforms, such as Amazon, Apple iCloud, Cisco, Microsoft, Twitter, etc.
- Details
A recent UK study found that nearly half of employees (42 percent) cannot spot a scam email. These findings come from the cyber security firm OpenText Solution which surveyed 2,000 employees from small businesses. This research underlines the key issue that is exposing companies to cyber attacks, a lack of cyber security literacy among its employees. Despite the average business being targeted 28 times by cyber threats, most employees weren't even aware that cyber attacks were an everyday threat to companies.
Over half of the surveyed employees stated that they had heard standard cyber threat terms such as DDOS (distributed denial-of-service) or BEB (business email compromise). With nearly half of large organizations reporting networking downtime lasting longer than one day to phishing attacks, basic cyber threat awareness training is growing in popularity and importance.
Matt Aldridge, principal consultant at OpenText Security Solutions, comments,"Security awareness is critically important for all organizations, as the employee is always the first line of defense in cyber security.
"There's no use investing in sophisticated cyber security software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data. It's like turning on a fancy home security alarm but leaving a window open - you'll be left playing catch-up after the bad guys get in.
"To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered - whether that's the Royal Mail scam or the multitude of other threats. Organizations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams.
"These should be implemented alongside strong and robust communication to employees and adequate technical defenses, all of which will help to ensure cyber resilience."
- Details
In a recent statement by the FCC, mobile service providers will be shutting off their 3G networks as soon as January 2022 to focus on newer 5G networks. Once the shutoff occurs, any device that uses 3G will no longer use cellular data to connect to the internet, use data services, or send calls and texts, including calls to 911.
AT&T, Verizon, and T-Mobile have announced their timelines for phasing out 3G services.
- AT&T announced that it will finish shutting down its 3G network by February 2022.
- Verizon announced that will finish shutting down its 3G network by December 31, 2022.
- T-Mobile announced that it will finish shutting down Sprint's 3G network by January 1, 2022 and Sprint's LTE network by June 30, 2022. It also plans to shut down T-Mobile's 2G and 3G networks but has not yet announced a date.
If your mobile carrier is not listed here, you may still be affected. Many carriers, such as Cricket, Boost, Straight Talk, and several Lifeline mobile service providers, utilize AT&T's, Verizon's, and T-Mobile's networks. These dates mark the final shutoff periods, and other services may begin retirement sooner. Mobile companies have started reaching out to users with 3G devices to alert them of their imminent obsoletion. Service providers will be contacting 3G plan holders by text, phone, email, and mail. With the shutdown of 3G also comes the final nail in the coffin for 2G networks. 2G, only being supported by T-Mobile, will be terminated in December of 2022, almost a full year after their 3G networks go dark.
Despite the quickly approaching deadline, 3G has continued to be a popular option for cost-effective phone plans for basic phones from producers such as Nokia and LG. These phones can still be found for sale in stores such as Bestbuy and online marketplaces like Amazon. High-end phones from as earlier as six years ago may not be safe from this shutdown either. Phones such as the Samsung Galaxy were still providing 3G options to buyers in 2015.
3G is not just used by phones, however. Tablets, smartwatches, security devices, and GPS tracking systems that utilize 3G will have their connections fail if they have no other way of finding service.
While nothing is permanent, the death of 3G does not mean that we should be counting the days of 4G LTE. 4G is going to be around for quite some time and is not expected to be surpassed by 5G for at least a decade. 5G may be groundbreaking tech, but it's more costly than 4G for more data than average users need, has limited deployment, and is still only advised for early adopters. If 3G devices need to replacing, 4G LTE is a safe bet for the foreseeable future.
To learn more click the link below to read the statement from the FCC
- Details
Deputy National Security Advisor for Cyber, Ann Neuberger alerted companies during a press briefing today that Russia may be planning cyberattacks against U.S. infrastructure and businesses as retaliation for the stiff sanctions placed on Russia for their actions in Ukraine. Neuberger has signaled for companies to prepare for potential attacks by listing a number of proactive steps to take in securing their networks including, updating/patching systems against known threats, backing up data, implementing multi-factor authentication if not already in place, and run practice drills. U.S. intelligence has picked up information that Russia may be preparing to stage cyberattacks but does not have knowledge of any specific targets or timeline. Earlier this month, The Cybersecurity and Infrastructure Security Agency (CISA) said any potential state sponsored cyberattacks can affect all business from large enterprises to small enterprises and home offices.
- Details
If you have not updated your Apple devices (iPhone, iPad, Apple Watch, or computer yet), Apple is urging its customers to do so immediately. After researchers at Citizen Lab discovered a breach in Apple’s software, the security team at Apple went into action to address the matter and release an update. The origins of the spyware called Pegasus was developed by the NSO Group. The exploit is considered a “zero click remote exploit, which enables criminal elements and foreign adversaries to turn on the camera and microphone and record calls, texts and emails on any Apple device.