Critical Security Update: June 12, 2024 (Microsoft Update, Microsoft DirectAccess, Warmcookie Spyware, Cylance Breach)
Critical Security Update
Microsoft Update, Microsoft DirectAccess, Warmcookie Spyware, Cylance Breach
Risk 1: Medium
Issue: A recent Microsoft Update has deprecated a legacy security protocol named DirectAccess. This will reduce security and connectivity for remote access ot enterprise solutions.
Resolution: Microsoft has introduced a new feature, “Always on VPN” that should be rolled out immediately for those using self-managed or hosted Windows environments previously using DirectAccess.
Risk 2: High
Issue: Microsoft, late yesterday, released approximately 118 (yes you read that correctly) new security updates for both Windows Desktop and Windows Server.
Resolution: Anybody with a Windows-based machine should apply these patches as soon as possible. These mostly correct crash-increasing issues rather than reduce security-related concerns.
Risk 3: High
Issue: New spyware named Warmcookie exploits a backdoor in Windows allowing remote access to systems. This exploit is tied to e-mail and web-based job offers.
Resolution: Users should maintain the highest guard for online protection as always. More so, please be on extra guard against job and work-wanted ads.
Risk 4: High
Issue: Cylance, a new AI-based cybersecurity platform has had a very large data breach impacting all of their clients. Earlier this morning, data from the breach has already ben located and available for purchase on the Dark Web.
Resolution: Cylance users should look for a recent e-mail from Cylance about how to respond and handle the breach-response. (If anybody received this, I would love to obtain a copy.)
Announced Data Breaches
FortiGate
Purge Storage
arm
Cylance
UK Hospitals (Continued)
23andMe (again)
New York Times
Christie’s
Frontier Communication
Los Angeles United School District
PandaBuy
Ariane Systems
Disney Confluence