Lmst

All #sysadmins should review this article and the #CVE reports. Ensure ALL of your #domaincontrollers (at a minimum) and #WindowsServers are fully patched to prevent this vulnerability from being exploited. No one wants an #LDAP #DoS situation. What a nightmare that would be.

#StayCyberAware #BeCyberSafe

https://www.darkreading.com/vulnerabilities-threats/active-directory-flaw-can-crash-any-microsoft-server-connected-to-the-internet

Never heard of #Honey personally, but this #scam is very real. I am skeptical of any coupon sites generally, because they have NEVER worked for me in the past (before they were doing quasi-criminal activity). Also, NEVER install a browser extension you aren't 100% sure of its legitimacy AND how it works.

#Honey is actively stealing from affiliates, which, while not illegal, is highly unethical and simply not fair.

If you don't know about this scam, I recommend you watch this video so you understand how it works (clearnet): https://youtu.be/vc4yL3YTwWk?feature=shared

#BeCyberSafe #StayCyberAware

So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless

:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education.

#BeCyberSafe #StayCyberAware

Let's talk about #CyberHygiene:
You have to develop a certain level of "Spidey sense", and it can be as simple as realizing that you need a second opinion before clicking a link. You don't have to be subject matter experts; just have to know enough to recognize when you should ask someone else. #StopAndThink

People sometimes have the mistaken notion that they aren't targets for bad actors because they aren't famous and don't have a high net worth. But that's simply not the case today. Anyone with any online presence is a potential target to attackers. That means everyone needs to know their #cyberhygiene

Basic cyber hygiene is essential and easy. Steps include:

:finger_point: Be more stringent about the info you share online
:finger_point: Review and adjust privacy settings
:finger_point: Use strong and unique passwords (I recommend using diceware passphrases)
:finger_point: Enable two-factor authentication
:finger_point: Monitor online presence
:finger_point: Learn about data brokers
:finger_point: Secure all devices
:finger_point: Be skeptical of unsolicited requests
:finger_point: Regularly audit third-party apps
:finger_point: Monitor credit reports
:finger_point: Separate personal and professional identities

With #CyberSecurity, a little can go a long way to protecting yourself, your family/friends, and even your employer. Again, you don't need to be an expert, you just need to slow down and think. Be a human lol. And in the #CyberWorld, trust nothing, question everything.

#BeCyberSafe #StayCyberAware :C_H:

Don't let a scammer ruin your holiday spirit. Stay safe by reading up on holiday shopping scams to avoid.

#HolidayScams #BeCyberSafe
https://www.idwatchdog.com/holiday-shopping-scams

#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!