security – Fabella Security

Navigating the Cyber Tempest: The CrowdStrike and Microsoft Outage of July 2024

Posted on July 25, 2024 by Greg Price in Articles

Ahoy, digital navigators! Batten down the hatches and grab your keyboards, because we’re diving into the deep waters of the recent cyber tempest that rocked the tech world. On July 19, 2024, a software update gone awry sent waves through the digital seas, causing widespread chaos across Microsoft’s services and showcasing the intricate dance of technology – sometimes it’s a waltz, and sometimes it’s a full-blown mosh pit.

What Happened?

Picture this: It’s a calm Friday morning when suddenly, like a scene from a cyber horror flick, blue screens of death (BSOD) start popping up everywhere. The culprit? A botched update from CrowdStrike, a leading cybersecurity firm, which caused Windows systems worldwide to crash, resulting in unprecedented outages.

The Details

CrowdStrike released an update to its Falcon Sensor software, but a critical error in the update caused a faulty kernel driver to be deployed. This driver, csagent.sys, was supposed to bolster security but ended up causing systems to crash with the dreaded BSOD. The issue arose from a missing null check in the code, which led to attempts to access invalid memory locations. Think of it as trying to read a note you never actually wrote – chaos ensues.

The impact was monumental. From grounded flights to disrupted cellular networks, the ripple effects of this snafu were felt globally. Airports, banks, hospitals, and countless businesses found themselves in the digital dark.

The Aftermath

CrowdStrike and Microsoft sprang into action to mitigate the damage. CrowdStrike released a statement acknowledging the issue and provided a workaround solution. They advised affected users to boot their systems into Safe Mode and delete the faulty driver manually.

Microsoft, on the other hand, offered technical guidance and support to help users restore functionality. They also worked closely with CrowdStrike to expedite a permanent fix.

How to Protect Yourself

While we hope you weren’t caught in this particular storm, it serves as a poignant reminder of the importance of robust cyber hygiene. Here are some steps to keep your digital ship afloat:

Keep Software Updated: Regularly update your software to ensure you have the latest security patches. But, always verify the update source.
Enable Two-Factor Authentication (2FA): This adds an extra layer of security, making it harder for cyber pirates to plunder your data.
Regular Backups: Ensure you have regular backups of your critical data. If a storm hits, you’ll be able to restore your system without losing valuable information.
Stay Informed: Keep up with the latest cybersecurity news. Knowledge is your best defense against the ever-evolving tactics of cybercriminals.

Final Thoughts

The CrowdStrike-Microsoft outage of July 2024 is a stark reminder of how interconnected and vulnerable our digital world can be. As we continue to sail through these cyber seas, it’s crucial to stay vigilant and prepared. Remember, in the world of cybersecurity, it’s always better to be a step ahead than a step behind.

Stay safe, stay informed, and may your digital voyages be smooth and secure!

Navigating the Cyber Seas: What You Need to Know About Recent Data Breaches

Posted on July 12, 2024 by Fabella Security in Articles

Ahoy, fellow digital sailors! As we dive into the heat of summer, it’s not just our bodies that need protection from sun overload – our digital lives need some serious safeguarding too. Recent events in the cyber world have thrown a couple of curveballs our way, and it’s high time we arm ourselves with knowledge and a pinch of humor to tackle these digital perils.

AT&T Data Breach: A Slight Bump on the Cyber Highway

First up on our radar, AT&T recently faced a data breach. From May to October 2022, unauthorized folks accessed call and text records. Luckily, your name, Social Security number, and financial information were kept safe from prying eyes. Think of it as someone sneaking a peek at your grocery list but not your bank statement. AT&T has since locked the doors and beefed up their security.

RockYou2024: The Mother of All Password Leaks

Next, we have the granddaddy of password leaks – RockYou2024. Nearly 10 billion passwords (yes, you read that right, billion with a B) were discovered on a hacking forum. It’s like finding out your secret cookie recipe was shared at the biggest bake sale ever. This treasure trove of passwords includes both new and old ones, setting the stage for potential credential stuffing and brute force attacks.

How to Protect Yourself: Tips from Your Cyber Lifeguard

So, how do you dodge these cyber cannonballs? Here are some lifesaving tips to keep your digital treasure chest secure:

Change Your Passwords:
- If you suspect any of your passwords might have been part of the leak, change them faster than you can say “cybersecurity.”
- Use strong, unique passwords for each account. Think of it as creating different keys for every lock.
Enable Two-Factor Authentication (2FA):
- Add an extra layer of security by enabling 2FA. It’s like having a bouncer for your online accounts.
Monitor Your Accounts:
- Regularly check your financial and online accounts for any suspicious activity. Consider it your digital equivalent of checking under the bed for monsters.
Be Cautious of Phishing Attempts:
- Be wary of emails or messages asking for your credentials or personal information. If it smells fishy, it probably is.

The Perils of Password Recycling

Using the same password across multiple accounts is like using the same key for your house, car, and office. If one gets compromised, you’re in big trouble. Always use unique passwords for different services to avoid a cyber domino effect.

Password Hygiene: Keeping It Clean

Practicing good password hygiene is crucial:

Create complex passwords that include a mix of letters, numbers, and special characters. Imagine you’re concocting a digital alphabet soup.

Avoid using easily guessable information like birthdays or common words. Your dog’s name might be cute, but it’s not a secret.

Additional Resources

For more detailed information on the AT&T breach, visit AT&T’s Data Incident Page, https://att.com/dataincident. For general cybersecurity tips, check out AT&T CyberAware, https://about.att.com/pages/cyberaware.

Stay informed and stay safe out there, digital sailors.

Anchors aweigh, and may your passwords be ever secure!

The Real Cost of Cybersecurity: Avoiding Overspending While Addressing the Basics

Posted on June 28, 2024 by Greg Price in Articles

In today’s digital landscape, cybersecurity is a critical concern for organizations of all sizes. With an increasing number of cyber threats, companies often feel pressured to invest heavily in advanced cybersecurity tools and services. However, this rush to implement high-end solutions can lead to overspending, especially when basic cybersecurity measures are overlooked. This article explores the pitfalls of overspending on cybersecurity and emphasizes the importance of foundational security practices.

The High cost of Cybersecurity Missteps

Statistics Highlighting the Issue

Recent reports underline the significant time and resources required to handle cybersecurity breaches. According to the IBM / Ponemon Institute’s “Cost of a Data Breach Report 2023,” it takes organizations an average of 207 days to identify a breach and an additional 70 days to contain it, totaling 277 days (over nine months). This prolonged period can have severe financial and reputational impacts on businesses.

Additionally, the 2024 Verizon Data Breach Investigations Report (DBIR) reveals that 68% of breaches involve human error, and 14% are due to unpatched vulnerabilities. These statistics underscore a critical issue: many breaches occur due to basic security lapses that could be mitigated with fundamental cybersecurity practices.

The Vendor Trap

Many organizations fall into the trap of purchasing expensive cybersecurity solutions, often influenced by vendors who promote high-end tools and services. While these solutions can be effective, they are not always necessary, especially when the basic cybersecurity measures are not in place. This misallocation of resources can lead to significant overspending without addressing the root causes of vulnerabilities.

Essential Cybersecurity Measures

Patching and Updates

Regularly updating and patching software is one of the most effective ways to prevent cyber attacks. Unpatched systems are a primary target for cybercriminals, as evidenced by the surge in vulnerability exploitation noted in the Verizon DBIR. Organizations should prioritize timely updates to close security gaps.

Two-Factor Authentication (2FA)

Implementing two-factor authentication adds an extra layer of security, making it more difficult for attackers to gain unauthorized access. 2FA should be used for all critical systems to enhance protection.

Regular Backups

Maintaining and testing regular backups is crucial for data recovery in the event of a breach. Ensuring that backups are up-to-date and stored securely can help organizations quickly restore operations and minimize downtime.

Awareness Training

Human error is a significant factor in many breaches. Regular cybersecurity training for all employees can reduce the risk of phishing attacks and other social engineering tactics. Educating staff on best practices and potential threats is essential for creating a security-aware culture.

Endpoint Protection

Deploying and regularly updating antivirus and endpoint security solutions is fundamental to protecting devices from malware and other threats. Endpoint protection should be part of a comprehensive cybersecurity strategy.

Balancing Security Investments

While advanced cybersecurity tools and services can offer enhanced protection, they should not replace basic security measures. Organizations need to assess their specific needs and ensure that foundational practices are firmly in place before investing in high-end solutions. Here are a few steps to balance security investments:

1. Evaluate Vendor Proposals: Scrutinize vendor offerings to ensure they meet your organization’s specific needs without unnecessary costs.

2. Prioritize Basic Security: Focus on fundamental protections, such as patch management and employee training, before investing in advanced tools.

3. Continuous Improvement: Regularly review and update your cybersecurity practices to adapt to evolving threats and ensure that basic measures remain effective.

Conclusion

Overspending on cybersecurity without addressing the basics can leave organizations vulnerable and financially strained. By prioritizing fundamental security measures and making informed decisions about advanced tools, businesses can achieve a more effective and cost-efficient cybersecurity posture.

Antivirus Program Runs Afoul

Posted on January 31, 2020February 1, 2020 by Greg Price in Articles

This article was originally published in The Troy Messenger on January 31, 2020.

The internet is riddled with all sorts of wickedness. The opportunity to encounter malicious content is ever-present. Protecting our technology and digital presences is a matter of necessity. Quite often, the most frequent tool to assist with protection is an anti-virus application.

If you’re not running an anti-virus program on a modern computing device, it’s likely you’re either playing with fire, or, a very lucky person – in either case, it’s only a matter of time before the would-be bad actors reach success and infiltrate your devices with some virus or malware. I’ve written extensively on the importance of protecting devices, updating software and maintaining a healthy dose of skepticism about “apps”.

However, it’s with a heavy heart that I inform you of a substantial issue with a common, and, free antivirus tool: Avast.

I suppose we shouldn’t be too shocked that trusted software can serve duplicitous roles. You all have read of reported issues with other security tools sharing information via clandestine avenues with shadowy organizations. So, let’s add Avast to the list of protective software accused of deceptive tactics.

Avast is well-known and loved. Since 2017, Avast has been the most popular anti-virus vendor on the market. The company holds the largest share of the market for anti-virus applications. I’ve suggested it for many years, in fact, I use the tool. Well, I suppose I should say, I used the tool until recently…

Earlier this week, an investigative report revealed that the Avast anti-virus platform was collecting personal data from its enormous user base and selling the collected personal data to third-parties.

The accusation sent waves through the security community. Such a violation of trust by a provider of software anchored in trust was incorrigible. I was both angered and disappointed.

There’s a reason why the endpoint protection axiom is shouted from the rooftops of every cybersecurity manual: it works. Protect the endpoint, the end-user device, and your defenses are strengthened. Neglect the endpoint and you will suffer the perils of the internet-connected world.

So, what happens when the good guys are suddenly exposed as supposed bad guys?

The trust relationship erodes quickly.

If my anti-virus program fails, that’s a big deal. If I update the application frequently, scan my device intensively and discover that my computer is littered with a variety of badness, I will doubt the product, the company’s ability to deliver on their promise: protect me.

But, what are your concerns about an anti-virus company that protects you while simultaneously spiriting away personal data in the background? Is a moral conundrum afoot?

As an aside, please review every social media platform article I’ve written. But, back to Avast.

The harvesting of personal data is the claim via an investigation by Motherboard and PCMag.

Documents reveal that Avast has been purposefully collecting data from customers for years. A subsidiary company of Avast, called Jumpshot, served as the intermediary for the sale of the data.

What types of data, you ask?

Well, for starters, web browsing history.

Yeah, pause for a moment and think about that. Your anti-virus program protects your device from badness, while peaking over your shoulder. All of those clicks, those websites have been bundled and sold.

Included among the web browsing history are shopping and search engine queries.

The report indicated that some of the biggest companies in the world paid millions of dollars for the data.

One option offered within the data was something referred to as “all clicks feed”. The option tracks all web clicks and interactions with websites with an incredible degree of both accuracy and completeness.

In one example described in the investigative report, a user was observed visiting pornography sites. Not only were the pornography sites listed, but, every click on the sites, every search on the sites, and how the user located the pornography site were included among the datasets.

The report revealed that the data was anonymized: personally identifiable features were not included among the data. But, given the extent of the intrusion, it’s not hard to imagine that data exists somewhere.

So, what do you do?

According to several reports, simply installing Avast doesn’t necessarily equate to an invasion of privacy. A specific browser plugin, suggested by Avast, appears to be the key to the data harvesting efforts. The plugin is offered as a way to protect against cyberattacks and unauthorized connections from dubious web servers and traffic. If the browser extension, plugin isn’t installed, it’s likely that your data hasn’t been pilfered.

Avast’s initial response to the report was weak. They didn’t deny the operation, instead, they simply indicated that the data had been anonymized, bundled within large datasets, and can’t be used to personally identify or target a specific user.

While the statement appears to be technically true, Avast assigned an identifier as a substitute for a personally-identifiable attribute. The assigned identifier persists on your device unless you uninstall the Avast anti-virus product.

However, in the world of big data, when large datasets are combined, the opportunity to specifically identify an individual increases greatly. A collection of anonymized data in the right hands can be reassembled with other “known” data and a clearer picture of the user brought into focus.

On January 30, 2020, Avast announced that they would close Jumpshot and issued an apology.

So, what should you do?

Consider another product. If you’re a Windows user, use Windows Defender. The tool is robust, runs intimately with the operating system and is updated very frequently.

In the meantime, read those software agreements thoroughly and be safe!

Hello Facebook

Posted on November 18, 2019 by Greg Price in Articles

Facebook’s business model is based heavily on the collection and sale of user data.

Fostering digital “friendships” and promoting likes are some of the beguiling tools used to keep you clicking and browsing your feeds – maintaining engagement equals income for Facebook.

Despite Facebook and its leader’s claims to value online privacy, the continued issues and perplexing security conundrums suggest the company is struggling to maintain a positive image.

In 2018, following the Cambridge Analytica debacle, Facebook promised to restrict developer access to user data. Recent announcements by Facebook suggest the new privacy policies haven’t been applied to every developer – possibly over one-hundred application designers continue to have access to the personal data of users in Groups.

Data harvested by the developers include names, profile photos, phone numbers and Facebook reactions, such as your “likes “. According to Facebook, despite the neglect and continued release of the data, the data hasn’t been abused or used inappropriately – trust me, I’m from Facebook. Who knows if the data has been misused, most don’t know it’s being used by other firms.

The incredible irony in these continued abuses is Mark Zuckerberg’s statement that “the future is private”. Is the statement dishonest or the result of poor engagement?

Here’s a simple fact. If you use Facebook, your data is being sold. Stop, don’t argue, don’t venture any further. That’s Facebook’s primary source of income. After all, you are allowed to use Facebook for “free”.

This week’s latest Facebook controversy involves a bizarre issue on the Facebook app for Apple iOS.

When you look at an image or video within the Facebook app, the Apple device’s camera activates on its own, for no known reason. When the issue was reported, nobody had any idea why the app opened the camera.

When you open a photo within the app, swipe down and you will see that your phone’s camera is running live in the background. Why?

Facebook has corrected the issue through a hastily-delivered fix to the Apple App store. Simply visit the App store and download the latest version of the app.

The very peculiar thing for me, when I tested the app on a lab phone, was not once did the Facebook app ask for permission to launch the camera app. At first, I thought the issue was a design intent that presented an impersonated camera interface or maybe a quick include to launch the camera interface rapidly. However, I moved the phone and the surroundings changed – the camera was live.

I could not reproduce the problem on an Apple device running an older version of the iOS; only the latest version, 13.2.2 presented the problem.

I haven’t noticed a formal notice of the issue from Facebook, simply the push of a new version of the app that appears to resolve the matter.

Was the problem the result of buggy software?

Maybe.

If you’re running the latest version of Apple iOS, you have a few options.

First, delete the Facebook app.

Not only will you resolve the current camera problem, but, you’ll tackle all future failures of the social media platform.

But, seriously, you don’t have to use the app to check Facebook. You can use a web browser such as Safari or Firefox and interact with your account through a common tool.

If you’re not ready to abandon ship just yet, obviously, the easiest thing to do is update the Facebook app to the most current version.

Lastly, if for whatever reason, you can’t update the app, disable the camera access for the Facebook app in the phone’s privacy settings. Simply visit the Settings app, select Privacy and then tap Camera. Find the Facebook entry and toggle the green switch to off to disable the camera access.

While you’re there, take a look at the other apps that you’ve granted access to your camera. See something you don’t like or don’t recall enabling? Disable those too.

If you can’t tolerate the thought of deleting Facebook, I urge you to consider restricting what Facebook knows about you. In order to do so, you must make your profile settings as private as possible.

Keep in mind, adjusting the settings to reduce data collection will not make you immune to the inspection and exchange of data; but, perhaps, tightening your settings will allow you to control more of your data and reduce what Facebook collects.

Facebook provides a security checkup – but, only on the desktop version, for now – you cannot perform the security checkup from the mobile Facebook app. The security checkup is supposed to reveal what data is being shared. As you observe those data, you can restrict some of the data.

The downside?

Your tailored, or customized ads and recommendations will be less specific to you – from my perspective, the creepiness will be reduced – not a bad thing.

How do you run the Facebook privacy checkup?

Click the question mark at the top of any Facebook page. Then select Privacy Checkup. Three options should appear: Who can see what you share, How people can find you on Facebook and Your data settings on Facebook.

Click each of the three options and adjust the settings based on your personal needs.

As you step through the privacy checkup, you will see which apps are sharing your data and which data is presented to the public.

I recommended the security checkup to a friend recently. He sought the feature within the app for a day or so before he emailed me. Remember to use a desktop device and a web browser to check the settings and to make adjustments. You can’t do this from within the mobile app.

Interestingly enough, after perusing the settings and associated data, he emailed me and asked how to remove the Facebook app and delete his profile.

Be careful as you look behind the curtain, you might not like what you see.

Be safe.

Protect Your Business Continued

Posted on November 12, 2019 by Greg Price in Articles

Last week I referenced the Verizon breach report and some of the key observations among the data.

Small businesses are a favorite target for cyberattacks.

I offered two “stacks” of suggestions: the easy-to-do stack and the more-difficult stack. Each stack represents best practices for improving your cybersecurity posture and reducing data breach risk.

The “easy” stack included suggestions for raising employee awareness, managing backup routines, enabling automatic updates, upgrading password hygiene, and strengthening physical security.

The “difficult” stack is heavy with policy and planning.

Verizon’s report revealed that an incredible sixty percent of small businesses that suffered a data breach were closed within six months of the cybersecurity event.

Why?

Obviously, cost and damage to reputation account for many of the closures. However, given that small businesses often operate on razor thin margins, and, owners are also operators, time is a precious resource.

As a result, expending time on building technology usage plans and incident response plans are not front-burner priorities. Making payroll and improving revenue are vital to the business’ success, not a plan that may never be used – at least, that’s a common thought.

However, let’s suppose you operate a business that is dependent upon mechanical devices. Your ability to produce is dependent upon machines, and, more specifically the efficient operation of those devices.

If a device breaks, many small businesses owners have the expertise to repair their equipment themselves, in fact, their knowledge of the functional side of a business is often the value they depend upon for success. Manuals and a network of knowledgeable resources complement what the owner may lack.

What happens when a data breach occurs?

Choose your own adventure – a hacker breaks into your business software and steals customer data. Or, a ransomware attack is successfully deployed via an email and all of your computers and cash registers are broken. Or, perhaps, a thief smashes a window and walks away with your server.

What do you do?

If a piece of vital equipment broke, you’d employ your knowledge, or, knowledge network to repair the device.

In other words, you would launch a repair plan.

The same must exist with your IT operations. A plan is needed, especially if IT isn’t your core business function.

Enter the IT plans.

A written security policy is necessary for modern businesses. In some instances, a security policy is a regulatory requirement.

In Alabama, the new data breach notification law requires that businesses evaluate and implement reasonable security measures – a security policy/plan will assist in those efforts.

While there’s no penalty for not being proactive, if a breach results, your situation will not be enhanced by not having a written security policy.

A good security policy outlines how you manage customer data, how you protect it, and, if an incident occurs, what you do to respond.

I suggest considering the plan as a blueprint for you and your employees: if something goes wrong, it’s a basic manual for controlling the situation.

A good starting place for policies are templates designed by security experts. Free templates are available at https://www.sans.org/security-resources/policies.

Review the policy templates and tailor them to your specific needs. Share them with your employees and review them, at least annually.

Encryption is another must.

Encryption of your data reduces the likelihood of the data being read by an unintended recipient. Most modern operating systems provide a mechanism by which you can encrypt your local data. By enabling local encryption on your office devices, you reduce data loss through physical theft. If someone breaks into your office and steals a computer, an encrypted device presents a formidable challenge to the thief. Similarly, using encryption for accessing email and other sensitive systems is important. If you employ a commercial email product, encryption is always included in the solution, simply verify that it is enabled.

Backups, part two.

I mentioned the importance of backups last week. However, in addition to establishing a backup routine and testing the quality of your backups, there are a few additional items to consider.

The purpose of a backup is to restore lost data.

If your backup solution doesn’t encrypt your data, you should enable backup encryption. If a data thief gains access to your backups, if they aren’t encrypted, you’ve provided a nice package that enables easy theft of volumes of data from one location.

Also, consider your backup strategy.

Are you depending on a local device for backup, such as an external hard drive, tape? Do you depend on a cloud backup, such as Microsoft OneDrive?

Redundancy is important. If you backup data to a local external hard drive, that’s great – make sure it’s encrypted and stored safely. But, what do you do if the hard drive fails? What do you do if your cloud provider is down when you need to restore lost data, or, if your internet service provider is experiencing problems?

Redundancy provides extra protection and can be accomplished very simply. In fact, for small businesses, the tools are often available with current software subscriptions, the features simply need to be activated.

And, lastly, data destruction and life cycle should be reviewed.

Don’t hoard electronic data. If you have no regulatory requirement or business need to maintain copies of unused data, get rid of it. Dispose of the data properly, use verified tools for deletion of the data. By doing so, you reduce the amount of data that a would-be bad actor can access, and, make your systems run more efficiently.

Last week’s small, easy tasks will enhance your security posture quickly.

This week’s suggestions require more planning and thought. However, there are many free sources for technology, security plans, and, most modern software provide the enhanced features that I mentioned.

Be safe and protect your business and your customers’ data.

National Cyber Security Awareness Month 2019

Posted on October 4, 2019October 17, 2019 by Greg Price in Articles

Observed every October, National Cyber Security Awareness Month is committed to encouraging personal accountability, securing behaviors, and maintaining digital privacy in our ever-changing and connected world. The initiative was created as a joint effort between the US government and industry to foster access to resources that advocate methods for staying safe online, as well as securing your personal information.

For 2019, the theme will emphasize personal accountability and promote the significance of being proactive in securing your cybersecurity at home and at work. The theme for 2019 is Own IT. Secure IT. Protect IT.

“Own IT” suggests that you should understand completely your digital profile, or, your digital footprint.

Continue reading →