In this issue:
- Building Powerful Cybersecurity Habits
- Cybersecurity shorts
- Software updates
Welcome to your July Savvy Cybersecurity newsletter. Read on to learn more about:
- An Apple update you must install
- A data breach at one of the nation's largest school districts
- And much more
Building Powerful Cybersecurity Habits
Trying to overhaul every aspect of your cybersecurity system at one time can be overwhelming. For that reason, the Savvy Cybersecurity Quick Reference Guide asks you to commit to just three actions to take in the upcoming 30 days to improve your cybersecurity. But how do you ensure you keep improving your security? By building good cybersecurity habits. Click here for the Savvy Cybersecurity Quick Reference Guide.
Habit building has become increasingly popular with best-selling books such as Atomic Habits and Tiny Habits. How can we apply habit-building techniques to cybersecurity?
Habit 1: Create strong passwords
Updating all of your existing passwords at once could be time-consuming and challenging. If that seems like too much to do right now, make a habit of building strong passwords going forward. Any time you are prompted to make a new account, create a strong and unique password. Use this time to enter your new password into a password manager as well.
Habit 2: Turn on two-factor authentication
When making any new account, choose the most secure two-factor authentication option during setup. Two-factor authentication adds an extra layer of security with a one-time code you must enter after your passwords. This one-time code is sent to your phone via text message or authenticator app. Most security experts now recommend choosing an authenticator app over text message codes.
Habit 3: Update your software immediately
If you typically ignore the software update notifications for your devices and applications, make a habit of updating software as soon as possible. Software updates close known security vulnerabilities in different programs such as your operating system, browser, and other applications. As a new cybersecurity habit, begin updating these programs when you are first notified. Better yet, set up automatic updates where possible!
Starting to build these cybersecurity habits will ensure you continue improving your cyber defenses without becoming overwhelmed.
US government agencies see emails compromised by Chinese hackers according to Microsoft report. The hackers gained access to 25 different organizations with the goal of accessing U.S. intelligence. Companies across multiple sectors such as communications, utility, government, education, and more. Microsoft has contacted impacted customers.
NYC Comptroller warned officials about cybersecurity attack. Weeks before a global cyberattack that breached thousands of NYC children's personal information, the New York State Comptroller warned education officials to get serious about protecting student data. An audit released in May found that local school districts did not receive "sufficient oversight" as cybersecurity incidents across the state have more than tripled over the last few years. Read more about the incident and how these school districts were affected here.
Canada and US agencies join forces to warn citizens about "Truebot" malware. Earlier this month, the Canadian Centre for Cyber Security issued a joint advisory with the FBI and other US agencies about increasing attacks from "Truebot" malware. The advisory stated that hackers are using a vulnerability in a security software to access computer networks in the US and Canada to steal sensitive data for financial gain.
Microsoft warns RomCom is using Word documents in new phishing campaign. Microsoft is now warning its users about a phishing campaign from a threat actor known as RomCom that is targeting the defense industry and government entities in Europe and North America. In addition to targeting the defense industry, attacks have also targeted the telecom and financial sectors. Furthermore, RomCom is abusing zero-day vulnerability, involving specially crafted Microsoft Word documents.
Biden administration tackles smart devices with a new cybersecurity label. The label, US Cyber Trust Mark, will help signify that devices bearing it meet security standards based on those that were established in a report by the National Institute of Standards and Technology (NIST). Additionally, the program is meant to cover connected devices commonly found in the home, like smart appliances. This voluntary program is expected to take place in 2024. Learn more about the program and what it will entail here.
Apple: Apple released a "Rapid Security Response" update to fix a zero-day vulnerability on July 10. But, Apple immediately pulled the update as it caused issues with certain websites. The new version was released on July 12. Be sure to update your iOS devices as soon as possible.
Microsoft: Over 100 security issues are addressed in this month's Microsoft update—five of which are currently being exploited. One critical vulnerability affecting Outlook allows attackers to bypass security features. Your devices should prompt you to update automatically. You can learn more here.