Update Exchange Server Patches: Microsoft released additional security patches for servers running Exchange Server versions NOT supported by last week’s patches. Per Bleeping Computer
Apple Patches Against Code Execution per ZD Net
Keeping with our patching theme. This fix applies to iPhones, iPads and MacBooks. The bug affects WebKit, the browser engine for Safari, so that an unpatched user could become the victim of maliciously crafted content on a website leading to “arbitrary code execution”. And we don’t want that. While Apple products do offer more security that wall is getting steadily pulled down by attackers and vulnerabilities. The onus is increasingly on end users to become more security aware and follow best practices because attacks are bypassing standard detection and prevention. “Gotta catch ‘em all” only works with Pokemons.
Food for Thought: Access and Sensitive Data
2021 has ushered in a year of massive supply chain attacks – SolarWinds, Accellion et al. This was following on the heels of a solid year of extortionist ransomware attacks – essentially “your money AND your data” because once that data has been accessed without authorization it has been breached. We can’t predict the next attack or block or the holes. We can, however, better protect the data we have by labeling and limiting access. An article in HelpNet Security cites 76% of employees had inappropriate access to data. The pandemic created a virtual workforce almost overnight. As we move forward and build new policies, look at how to implement new frameworks like zero-trust for wider reach and mobility, to leave less to chance when it comes to data and access.