The IT Guys Support Blog

source: https://www.forbes.com/sites/daveywinder/2021/09/09/warning-microsoft-confirms-new-windows-10-attack-heres-the-fix/?ss=cybersecurity&sh=482b904c4267 “Microsoft has warned Windows 10 users that a previously unknown, and therefore unpatched, security vulnerability is being exploited by cybercriminals. The zero-day is a high-rated vulnerability (falling just short of critical) that could allow an attacker to remotely execute code on the target computer and potentially gain complete control.   Additionally, Microsoft has confirmed that cybercriminals are known to be already exploiting CVE-2021-40444 and advises users to take speedy mitigation action until an official patch […]

source: https://arstechnica.com/gadgets/2021/04/actively-exploited-mac-0-day-neutered-core-os-security-defenses/ Excerpt: When Apple released the latest version 11.3 for macOS on Monday, it didn’t just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms, some that were in place for more than a decade.   FURTHER READING iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever Together, the defenses provide a comprehensive […]

source: https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/ An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly. “Critically underestimated” NTFS vulnerability In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that […]

Excerpt: “Google’s Project Zero team known to discover security threats has disclosed a zero-day vulnerability in Windows that affects versions from Windows 7 all the way to Windows 10 version 1903. The company’s post says that it has evidence of active exploits, which could allow attackers to execute code with elevated permissions. What’s interesting is that the vulnerability that is tracked with the label CVE-2020-17087, coupled with another actively exploited Chrome zero-day vulnerability disclosed last week (CVE-2020-15999), performs what […]

Excerpt: News Release: DHS Awards $2M to University of Illinois-Led Consortium to Create National Network of Cybersecurity Institutes WASHINGTON, DC – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has awarded $2 million to the Critical Infrastructure Resilience Institute (CIRI), a DHS Center of Excellence (COE) led by the University of Illinois at Urbana-Champaign (UIUC), to develop a plan that CISA can execute to build a national network of […]

Contact The IT Guys to start a routine, periodic education program for employees/users of any business-not just our HIPAA-Specific Training… Phishing fears cause workers to reject genuine business communications excerpt: Centers for Disease Control and Prevention (CDC) activated its Emergency Operations Center to assist public health partners in responding to COVID-19. Notifications about the pandemic are one example of messaging that some recipients fear to be phishing scams. (CDC) COVID-19 contact tracers are reportedly having difficulties alerting […]

  Ten Technologies to Stop Grey Zone Attacks The report breaks grey zone attacks down into five categories: Deniable attacks: A cyber attack on utilities or drones attacking an airport Information attacks: Foreign election interference or false text message/email scams User of proxy force: Terrorist attacks on cities or infrastructure Economic coercion: An adversary purchasing and disabling a piece of infrastructure such as an oil refinery Territorial encroachment: Seizing a fishing lane or sovereign territory It also describes 10 […]

Imagine your company hires a new employee and then everyone just ignores them, day in and day out, while they sit alone at their desk getting paid to do nothing. This situation actually happens all the time — when companies invest millions of dollars in new tech tools only to have frustrated employees disregard them, says Nadjia Yousif. In this fun and practical talk, she offers advice on how to better collaborate with the technologies […]