Hi, it’s Jim. Just a reminder to check out CDW Canada Tech Talks. If you’re passionate about technology and innovation, this is the podcast for you.
Join host KJ Burke, as he and industry experts dive into the latest trends, insights, and strategies shaping the tech landscape in Canada. From hybrid cloud to AI adoption, CDW Canada Tech Talks covers it all. Don’t miss out—visit cdw.ca/techtalks to tune in today. The link is in the show notes.
Early results for Microsoft’s October Patch Tuesday causing headaches.
A second major Chrome update in 10 days for four new high-severity vulnerabilities
Canadian Internet Registration Authority (CIRA) annual Cybersecurity Study
World’s major security agencies publish a report on Active Directory
And the FCC clamps down on telecoms with T-Mobile paying $31.5 Million to Settle Four Data Breaches
Early results for Microsoft’s October Patch Tuesday causing headaches.
Microsoft’s latest Patch Tuesday preview for Windows 11, KB5043145, has sparked a series of headaches for users and admins alike. Released as an optional preview ahead of October’s full update, the patch has caused severe stability issues, including repeated device restarts, “blue or green screens,” and systems stuck in unresponsiveness. Some users even report BitLocker recovery being triggered, USB and Wi-Fi malfunctions, and boot failures.
The update was intended to introduce helpful features, such as local file sharing from search results and a new sign-out command in the Start Menu. However, given the track record of bugs in Microsoft updates, many users are wary about opting in. If you’ve installed KB5043145 and experienced issues, rolling back the update is the recommended fix.
Since Patch Tuesday is usually the second Tuesday of the month, Microsoft has until October 8th to get these issues fixed, but you may want to exercise a little bit of caution with this patch. Back when I headed IT, we’d hold back a couple of days on running patches just to be sure. Testing before you apply it widely is potentially another option.
I’d love to hear what others do in similar circumstances. You can write me confidentially at editorial@technewsday.ca
A second major Chrome update in 10 days for four new high-severity vulnerabilities
If you use Google Chrome on Windows, Mac, Linux, or Android, there’s an urgent security warning you need to know about. Google has confirmed four new high-severity vulnerabilities in its Chrome browser, prompting the release of version 129.0.6668.70/.71. This marks the second major security update in just 10 days, and it’s a strong reminder of the importance of keeping your browser up to date.
Unlike iOS users, who seem to be unaffected by this wave of security flaws, users on other platforms are at risk and should update their browsers immediately. Google is withholding details about these vulnerabilities until the majority of Chrome users have had the chance to protect themselves.
If you haven’t already, take a moment to check for updates and secure your browser against these latest threats.
Canadian Internet Registration Authority (CIRA) annual Cybersecurity Study
The Canadian Internet Registration Authority (CIRA) kicked off Cybersecurity Awareness Month with its annual Cybersecurity Survey, highlighting the broader impact of cyber attacks on Canadian businesses. The report found that the costs of a cyber attack go far beyond ransom payments, with many companies experiencing loss of customers, reputational damage, and significant operational setbacks.
According to CIRA’s findings, over a quarter of businesses lose customers due to cyber incidents. Nearly three-quarters of businesses hit by ransomware had their data stolen, and 79% of those opted to pay the ransom, typically between $25,000 and $100,000.
Despite organizations claiming they typically pay these ransoms, three-quarters (74 per cent) support legislation that would prohibit ransom payments.
Beyond ransom costs, 2 in 10 companies also faced direct financial impacts, including loss of revenue (26%) and recovery expenses (27%).
Recovery times are relatively swift for many, with 72% of businesses reporting that their IT systems were back to pre-incident capacity within a month. However, the increase in reputational damage has been striking, quadrupling since 2018. The survey underscores that cyber attacks not only drain financial resources but also erode customer trust, business growth, and years of progress.
There’s some great data in this but I have to confess that I’m shocked at how many businesses claim to have paid a ransom. It goes against what we’ve been seeing in other research reports. But, we’ve been in contact with CIRA and they’ve promised us an interview and if we can get them on-line we’ll ask them about and run something on Friday or on the weekend edition.
Link to the press release and report is in the show notes.
New CIRA data finds cyber crime is driving customers away (globenewswire.com)
World’s major security agencies publish a report on Active Directory
A group of security agencies including Canada, Australia, the US, UK and others issued a new report called “Detecting and Mitigating Active Directory Compromises.” It focuses on identifying and addressing vulnerabilities in Microsoft’s Active Directory (AD). The report covers 17 common techniques used by malicious actors to compromise AD, providing an overview of each and offering mitigation strategies.
Active Directory is crucial for authentication and authorization in IT networks, making it a prime target for cyberattacks. According to the report, expert susceptibility arises from permissive default settings, complex relationships and permissions, legacy protocol support, and a lack of security diagnostics tools. The document claims that every AD user has permissions to discover and exploit weaknesses, contributing to a large attack surface.
Key themes include:
– Understanding Active Directory: An overview of AD objects, structures, and their relationships, which malicious actors commonly map to exploit.
– Mitigating Compromises: Various techniques such as Kerberoasting, AS-REP Roasting, password spraying, MachineAccountQuota compromise, and unconstrained delegation are outlined, with detailed methods to mitigate each.
– Securing Privileged Access: Strategies are provided for securing access using models like Microsoft’s Enterprise Access Model, enforcing a hierarchy, and protecting privileged user and computer objects.
– Tools for Protection: The guidance recommends tools such as BloodHound, PingCastle, and Purple Knight for understanding and enhancing AD security.
The document also offers a detailed analysis of various attacks and their detection as well as logging strategies and event IDs for detecting these compromises. It includes appendices on security controls and AD event monitoring for robust AD security.
I make no claim to being an Active Directory expert, I can only claim to have lived through one major attack and recovery. But these are very reputable sources and this looks to be a very comprehensive work. There’s a link in the show notes for those who are interested.
https://media.defense.gov/2024/Sep/25/2003553985/-1/-1/0/CTR-DETECTING-AND-MITIGATING-AD-COMPROMISES.PDF
T-Mobile to Pay $31.5 Million FCC Settlement Over Four Data Breaches
T-Mobile has agreed to pay $31.5 million to settle an investigation by the Federal Communications Commission (FCC) over four data breaches that compromised millions of U.S. customers’ personal information. The breaches, occurring between 2021 and 2023, involved incidents including an API flaw and a sales application breach, prompting the FCC’s Enforcement Bureau to act.
As part of the settlement, T-Mobile will pay a $15.75 million civil penalty to the U.S. Treasury and invest an equal amount in cybersecurity improvements. These enhancements include adopting modern security frameworks like zero-trust architecture and multi-factor authentication to resist phishing attacks. T-Mobile has also committed to providing regular cybersecurity updates to its board of directors, minimizing and properly disposing of customer data, tracking critical network assets, and conducting independent third-party security audits.
“Today’s mobile networks are top targets for cybercriminals,” said FCC Chairwoman Jessica Rosenworcel. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections.”
The FCC’s Privacy and Data Protection Task Force, which played a central role in this investigation, previously reached settlements with AT&T ($13 million) and Verizon’s subsidiary TracFone ($16 million) earlier this year. In addition, the FCC fined the top U.S. wireless carriers nearly $200 million in April for sharing real-time location data without customer consent.
That’s our show for today.
Thanks to our sponsor, CDW and KJ Burke’s CDW Canada Tech Talks. Check it out if you get the chance. You can find it like us on Spotify, Apple or wherever you get your podcasts.
You can find links to reports and other details in our show notes at technewsday.com. You can reach me at editorial@technewsday.ca
I’m your host, Jim Love, thanks for listening.