by Scott Muniz | Jul 1, 2021 | Security
This article was originally posted by the FTC. See the original article here.
July is Military Consumer Month! This annual initiative highlights the FTC’s collaboration with the Department of Defense’s Office of Financial Readiness, the Consumer Financial Protection Bureau’s Office of Servicemember Affairs, and our many other partners in federal and state agencies, consumer advocacy groups, and industry associations. Servicemembers and military families risk their lives and livelihoods to defend our country, yet far too many are targeted with sophisticated frauds and predatory practices.
This year, we’ll focus on frauds proliferating online. Many families rely on social media to stay connected, but scammers weaponize these platforms to target servicemembers and their families. Working with our partners, we shine a light on how these scams can spread, and how families can stay safe online.
Sign up for email updates and learn about the latest scams all year round. Engage with your military and veteran communities and share advice from the FTC, DoD, CFPB, and all the other military consumer partners. Visit MilitaryConsumer.gov to learn more.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jun 30, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does not address the public exploits that also identify as CVE-2021-1675.” An attacker can exploit this vulnerability—nicknamed PrintNightmare—to take control of an affected system.
CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, administrators should employ the following best practice from Microsoft’s how-to guides, published January 11, 2021: “Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.”
by Scott Muniz | Jun 30, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.
The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:
- Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
- Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
- Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.
CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.
by Scott Muniz | Jun 30, 2021 | Security
This article was originally posted by the FTC. See the original article here.
COVID opened the door for scammers to double down on their worst practices, while preying on consumers during an unprecedented global pandemic. That includes some bad actors who have been taking advantage of online shoppers in search of hard-to-find items like face masks and other personal protective equipment (PPE).
Today, the Federal Trade Commission filed a complaint against one of those bad actors. The Commission alleged that Frank Romero (doing business as Trend Deploy) failed to deliver advertised PPE on time — if at all. What’s more, Romero didn’t tell customers about shipping delays, offer order cancellations, or give refunds. And even worse, although consumers thought Romero was selling them N95 masks, in reality Romero sent them cloth masks that did not have the protective qualities he promised. This case is part of the FTC’s continuing effort to address “online shopping” fraud that seeks to exploit high demand for PPE and other COVID-related products.
When you shop online, sellers are supposed to ship your order within the time stated in their ads, or within 30 days if the ads don’t give a time. If a seller can’t ship within the promised time, it has to give you a revised shipping date, with the chance to either cancel your order for a full refund or accept the new shipping date.
So before you shop online, especially from an unfamiliar retailer, remember these three things:
1. Check out the company or product. Search online for the name plus terms like “review,” “complaint,” or “scam.” See what other people say about it. Read the seller’s description of the product carefully. If the seller has name-brand goods at steeply discounted prices, they might be fakes.
2. Look at the terms of the sale. Make note of the total price, including taxes, shipping, and handling; the expected delivery date; and policies for refunds, including who pays for return shipping and if there is a restocking fee.
3. Pay by credit card. You’ll get protections under federal law, so you don’t have to pay for things you ordered but didn’t get.
Remember, if you see a scam, or want to report a problem about online shopping, tell the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jun 29, 2021 | Security, Technology
This article is contributed. See the original author and article here.
In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.
While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.
CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.
Recent Comments