April 2022 News & Tips | Russia/Ukraine, Microsoft & Chrome Patches

Welcome back to the TCE Strategy monthly technology and cybersecurity?newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

You can have this newsletter delivered straight to your inbox each month by?subscribing here.

This Month's News in Review

Russia / Ukraine update:

Lots of interesting developments in the Russia / Ukraine war:

1. Ukraine is using Apple AirTags to track items stolen by the Russian army, and to track the movements of the Russian army in general.
2. Ukraine is claiming that they thwarted a cyberattack against their power grid that was scheduled to start on April 8th. Given the successful attacks against their power grid in 2015 and 2016, good for them detecting and preventing this attack.
3. A botnet of Watchguard firewalls took part in a distributed attack against Ukraine targets. Patch your firewalls, Watchguard or otherwise. Regrettably, TCE Strategy had a client caught in this. When the FBI calls your organization, it’s generally not good news.
4. It is not speculation that the USA is part of the Russia/Ukraine cyberwar -- it is a fact, as #3 above so blatantly demonstrates. I would strongly encourage anyone reading this to double-down on cybersecurity basics.

Microsoft’s “Patch Tuesday” needs attention

Tuesday the 12th was Microsoft’s monthly patch release. Yes, there were critical vulnerabilities in the patch, which is not unusual. Yes, some of those critical vulnerabilities are already being exploited in the wild, which is unusual but not unheard of. However, what is very unusual is that Microsoft released a security advisory the same day, and CISA sent out an alert about it on Wednesday the 13th to everyone on their mailing list. Specifics on how widespread the exploits of this issue are is not being released, which is frustrating but common. There are two takeaways from this: 1), check your external firewall rules, and ensure that port 445 is NOT allowed inbound into your network. 2), Patch your Microsoft computers ASAP. 3), if you can’t patch your Microsoft computers ASAP, follow Microsoft’s recommended mitigation steps.

Google Chrome updates

Google has been pushing out updates for its Chrome browser faster than Will Smith’s right hand. Apparently there have been three successful exploits of Chrome in 2022. The easiest way to keep Chrome up to date is to make sure you use it regularly (or uninstall it), and to reboot your PC often. If you are fastidious enough to close and reopen Chrome, that will accomplish the same thing, but rebooting computers increases their performance and stability in general.

Until next month, stay safe!

Cybersecurity Tip of the Month

Passwords

A barrage of data breaches has left millions of usernames and passwords available for cybercriminals to take advantage of. In addition to this, poor password security practices can leave you vulnerable to being hacked. Put these suggestions into effect to help protect yourself and your data.

1) Start with a strong password.?Make them long and complex, using lower and uppercase letters, numbers, and punctuation marks. Don’t use easily guessed information, and do not use any of these?most commonly used passwords. You can also consider using a passphrase and substituting characters to make it more complex. For example, “My dog ate my homework” could be used as Myd0gat3myh0m3woRk!.

2) Use a different password for each account.?If one of your passwords is stolen, hackers will try that password on multiple sites.

3) Use a password keeper.?Password keepers such as Dashlane, LastPass, and 1Password are great tools to help keep with password security. They can generate strong passwords, safely store them, evaluate the security of your existing passwords, and can alert you if your password has potentially been compromised. An added bonus is that you only have to remember one password!

4) Check “Have I Been Pwned” to see if any of your accounts have been exposed in a data breach.?If so, change any passwords that may have been affected.