Simple Cyber Defense Weekly Update Week 3: Show notes

Simple Cyber Defense security updates for 1/16/2020.

Welcome back to Simple Cyber Defense in this week’s episode we’re gonna be talking about 3 major critical vulnerabilities in Ubiquiti devices, windows devices, and Firefox and chrome. So Ubiquiti users have gotten the following email it says:

Dear customers,
We recently became aware of unauthorized access to certain parts of our information technology systems hosted by a third party cloud provider we have no indications that there has been an authorized activities with respect to any user’s account. We are not currently aware of evidence access to any data bases that host user data but we cannot be certain that users data has not been exposed this data may include names email addresses and one way encrypted passwords to your account in technical terms the passwords are hashed and salted. The data may include your address and phone number yes you have not provided if you pride to us. As a precaution we encourage you to change your passwords we recommend that you also change your password on any websites where you’re you know we use the same user ID and password. Finally we recommend that you enable 2 factor authentication on your Ubiquiti accounts if you have not done so already.

Ubiquiti is a network equipment and I. O. T. devices they Range from routers to wireless protocols and even I O. T. devices; which is called internet of things. Devices like doorbells and surveillance cameras that will connect to the internet so that people can use their cell phones to. Just update things and see what was going on in their devices. With this email that was sent out is very concerning because a lot of user data is now exposed. If you had these devices like it says I would urge you to just change passwords and put on 2 factor authentications. And hopefully you’re not using the same password to other devices to other accounts. If you are please please use password managers. As I said in my Password video earlier you should never use the same password on multiple counts. But this here is an interesting development because even though Ubiquiti says that there hasn’t had any knowledge of unauthorized access doesn’t mean that that may not happen in the future. So definitely secure your devices by making sure that any patches or updates are applied and changing passwords and. Even if it’s just wifi passwords change every single password on your accounts and all your devices that you can. This will limit your exposure for the hackers so that the data that they do have they can’t used to get access to your network and access your computers and steal your files or whatever. Ubiquiti is not really sure how this data breach occurred but they are doing an investigation and another thing that kind of. What is interesting to say yes home addresses and phone numbers may have been exposed but only if the user is decided to configure the information into the portal. So this will question whether you should put in personal information into your devices and. That’s up to you. Personally I would try to limit how much personal information each company has because data breaches are very susceptible and will happen too far into the future so in my opinion is. If they’re not requirement do not park in the personal information give them as little as possible. And that way the less information they have, the less information will be exposed. Other than that there’s not much that could been done to prevent this from the user end. So just remember to change passwords put on 2 factor authentication and make sure everything’s up to date and that should prevent you from becoming a victim from this attacks being used from this data breach.

Next up is Microsoft and in their patch Tuesday they have released patches that will mitigate 83 vulnerabilities across a wide range of products. A lot of these bugs will give users remote access to your computers. And is pretty nasty of how much power that these bugs will give the attackers sauce said that despite expectations being detected in the wild the technique is not functional in all situations and is still considered to be a proof of concept level however the code could could evolve for more reliable attacks to counter future attacks Microsoft has released patches for Microsoft malware protection engine which wouldn’t require any user interaction and will be installed automatically unless specified specifically blocked by the system administrators. So. Just make sure that you keep your Microsoft. Windows machines up to date because these are very powerful box that has been mitigated. All these bugs are Microsoft Windows operating system bugs some of these are also Microsoft Office and looks like some of the web developers tools also. And some emulations and printer drivers. The take away here is to just make sure your windows machines and software are up to date. Because obviously Microsoft Windows products are going to be filled with many many vulnerabilities. Luckily they are keeping up to date with their patches and just make sure that you keep your machines up to date also.

Finally now we’re talk about web browsers. Firefox, chrome and basically anything that is not safari. As severe bugs that will allow hackers remote system hijacking which means that they will have complete control of your system now this is not limited to just just computers also for mobiles and tablets so every any web browser that you have please update your browser immediately because these bugs are severe and will allow attackers to complete have complete control over your system through these bugs. Luckily the patches are out there so all you have to do is to seek them out and apply them to your PC machine and your browser will be safe.

This concludes this week security updates it seems like this week has a common theme in most of these bugs will  be resolved by updating and keeping up to date with patches. So if you haven’t done already please update your devices immediately. And we’ll see you in the next episode.

Links:
Ubiquiti
https://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/

Microsoft
https://www.zdnet.com/article/microsoft-fixes-defender-zero-day-in-january-2021-patch-tuesday/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

Firefox and Chromium CRITICAL updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/