The Lighthouse IT Podcast - September 24th, 2021
This week, Matt & Griff discuss Taco Bell's subscription service, Microsoft's work hour study, a universal decryptor for old versions of REvil/Sodinokibi, Microsoft accounts going passwordless, and National Cybersecurity Awareness Month is here!
Taco bell subscription
It's the tech that powers the tech. Taco Bell is launching a subscription called the "Taco Lover's Pass" which gives subscribers a taco a day for 30 days. Are restaurants the next streaming service?
are we working more? microsoft thinks we are
Microsoft has completed a remote work study by examining technology utilization has 2 interesting things to note. The first is that cross-company communication has decreased, but that the average workweek has increased 10%. It's not fully known if this is because of reduced overall productivity felt by employees, or if employees are simply using what used to be their commute times to squeeze a few extra minutes of work in.
omigod it's a bug!
The latest acronymed exploit comes from Microsoft... for Linux. It's in their Open Management Interface package and affected a number of Linux-based machines running the software: Including Azure. The fix has been around about a month or more ago, but not before the exploit got a logo and sweet name.
researchers compile list of vulnerabilities abused by ransomware gangs
Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks. The list comes in the form of a diagram providing defenders with a starting point for shielding their network infrastructure from incoming ransomware attacks. Check out CERT NZ's guide to ransomware attacks!
Two new vulnerabilities with macOS and iOS devices were fixed, but of course in classic Apple fashion, we didn't learn about it until they were fixed. Apple denied the bugs until the updates came out, so we are just learning that they effected Webkit and a PDF-handling bug.
bitdefender releases universal decryptor for revil/sodinokibi victims hit before july 13
Bitdefender said it created the tool with "a trusted law enforcement partner" in an effort to help the many victims who had been infected with the ransomware. There are multiple REvil victims who either refused to pay a ransom or paid a ransom but did not get working decryption keys before the ransomware group went dark on July 13. The group has since resurfaced and leaked information about multiple victims, even announcing a new victim on Thursday as Bitdefender rolled out its decryptor.
microsoft accounts can now go fully passwordless
Starting today, consumers can sign into Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key, or an SMS / email verification code instead of a password.
We have are launching Harmony Cloud (good time to explain it), we have a Cybersecurity self-assessment that if you turn into us, we can help you audit and fix the holes in your network, and finally, we have a Cybersecurity Essentials booklet for business owners that helps you understand the current climate of cybersecurity and how to keep your company safe moving forward.