As cybersecurity is an evolving business challenge with new threats emerging all the time, we are focused on helping our audience stay up-to-date on current threats.
This newsletter summarises some of the recent risks threatening businesses today.
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
Microsoft has advised of a critical vulnerability, related to Microsoft Server Message Block 3.1.1 (SMBv3) protocol. Due to the nature of this exploit and likeliness to spread it is considered as dangerous as 2017’s WannaCry.
An attacker who successfully exploits the vulnerability could gain the ability to execute code on the target server or client. This vulnerability affects 32- and 64-bit Windows 10 version 1903 and 1909 for desktops and servers.
A working proof of concept (PoC) has already been released in the market for this exploit, hence it has been rated of CRITICAL severity. The PoC includes using this flaw to create a denial of service condition and local privilege escalation.
Urgent Actions Required
To mitigate the vulnerability, Microsoft has urged users to install the latest windows update as soon as possible, on both servers and PCs.
For systems where the patch is not applicable, it's advised to block port 445 to prevent lateral movement and remote exploitation.
Microsoft's security guidance addressing this vulnerability in Windows 10 version 1909 and 1903 and Server Core for the same versions can be found here.
For more information, click here.
Managing Personal and Business Passwords
Password breaches are becoming increasingly common and learning how to protect online accounts is more important than ever. We strongly recommend communicating with all of your users to ensure they comply with effective password management practices.
Many people use weak or repeat passwords, making them very easy for a hacker to guess.
These passwords should be strong, long, and unpredictable and contain numbers and symbols. The problem is the average person now has multiple accounts to keep track of. Remembering strong passwords is almost impossible without writing them down somewhere. This is where a password manager may be a good solution.
Password Managers can generate strong, secure, and random passwords then remember and securely store them for you.
Read our latest blog post for more information on what to look for when selecting a Password Manager solution for your business.
If you would like more information about Huon IT's Cybersecurity services, please click here. If you need any help addressing these issues within your business, please don’t hesitate to contact us or call 1300 HUON SD.