Cybersecurity News You Can Use

 In Dispatch

The Dispatch highlights cybersecurity news you can use. I share what I think is informative, relevant, interesting, and actionable. Look for //My take: for context and actionable information.

RDP brute-force attacks on the risk

In the U.S. for example, the number of brute-force attacks against Internet-facing RDP servers has increased from 200,000 per day in early-March to over 1,200,000 during mid-April.

//My take: Don’t expose RDP externally. Period. Use a VPN with MFA, then allow RDP. An alternative would be to use a RD Gateway. Make sure to monitor login activity and limit connections to geographic regions where your users connect from.

Full Article from Bleeping Computer: RDP brute-force attacks are skyrocketing due to remote working

Web Conferencing Guides

The NSA has published a guide that includes 9 key criteria for evaluating telework / web conferencing solutions. Then they compared common solutions against those criteria in a handy chart.

In addtiion, Mozilla has published a guide to privacy for "Video Call Apps". They cover business and consumer apps. Hats off to Mozilla for engaging with Zoom as part of helping to encourage encryption and privacy.

//My take: Use the 9 criteria from the NSA and guides as a part of your risk assessment. Especially if you had a hasty roll-out. Personally, I’ve stuck with Zoom. They have been responsive to concerns and version 5 addressed the encryption issues.

Links to Reports

Credit to ZDNet: NSA security guide: How to choose safe conferencing and collaboration tools

of Assessments against Criteria
NSA Assessment Table

US-CERT Microsoft Office 365 Security Recommendations

US-CERT published this alert for organizations that are rushing to the the Microsoft 365 cloud due to COVID-19. When speed dictates deployment often security is an after-thought. 365 is a fantastic platform but its also the largest attack surface in the world.

  • Enable MFA for Admins
  • Limit Admin Roles (RBAC)
  • Enable Unified Audit Log
  • Enable MFA for All Users
  • Disable Legacy Protocol Authentication (IMAP / POP3)
  • Enable alerts

//My take: I cannot emphasize enough how absolutely necessary each of these recommendations are to secure your 365 tenant. I listed the critical 6 above but the greatest of these is ENABLE MFA FOR ALL USERS. Kudos to US-CERT for clear, accurate, and actionable recommendations.

Read these 2 Microsoft articles on 365 Security. They are geared for SMBs and give very clear guidance.

Full Alert from US-CERT:Microsoft Office 365 Security Recommendations

Recent Posts

Leave a Reply

Start typing and press Enter to search

Subscribe

Get the //security Dispatch to receive news and analysis in your inbox.