A quick Saturday digest of cybersecurity news articles from other sources.
FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure
09/05/2024 03:30 PM EDT
Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their deployment of the WhisperGate malware against Ukraine.
These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. The authoring agencies encourage organizations to review this advisory for recommended mitigations against such malicious activity.
For additional information on Russian state-sponsored malicious cyber activity and related indictments, see the recent U.S. Department of Justice (DOJ) press release for June 26, 2024, and Sept. 5, 2024, FBI’s Cyber Crime webpage, and CISA’s Russia Cyber Threat Overview and Advisories webpage.
Email Delivery Issues
From Lisa Hendrickson, CallThatGirl.biz
612-865-4475
Lisa@callthatgirl.biz
Hi folks, this week I will be discussing email delivery issues that you might be experiencing in the past few months or might experience in the future. A longer newsletter this time but if you enjoy reading, it’s worth a read.
Email is not the same as it was years ago, so simple. We didn’t have to worry so much about spoofing, phishing emails, getting hacked, having perfect email delivery records (DNS; SPF, DKIM, DMARC). It’s becoming a lot for a small business to figure out on their own.
Not everyone has the same settings, email hosts, etc. It’s a bit of a game to figure out for me sometimes as I don’t manage these records for you. Most of my clients are “Do-it-yourself” types who buy their own domains and don’t have someone managing their accounts on a daily/yearly basis. That’s when I come in and help as needed.
Lately I have been taking on the strangest requests. Everything from email not delivering to the recipient inbox (junk only) to they can’t email Yahoo/Gmail or worse…. They are in a deep blacklist on a Microsoft email server. This was a recent issue that took two months to get figured out. While frustrating for the client, they are now “out of jail” and the only thing I can recommend is to be careful when sending email. This client just happened to send out an email to 10 people. While legitimate, Microsoft somehow flagged his account and that’s how this two-month issue started for them.
Microsoft, Google, Yahoo are all making changes to their security due to internet requirements and Microsoft especially is making things more difficult to navigate for an end user (you). The main issue I am seeing with clients I’m helping is that they don’t have security setup, so I have to help with that during the appt. That’s not a big deal to set up but it does add on time for me to help with the original issue. This is also one reason why Outlook is not set up; security isn’t turned on. Microsoft is sending out an error alerting you to set up security, so people have no idea what is wrong. And finally, cleverly written phishing emails are also still an issue.
All companies are making changes that not everyone knows about or how to fix, google search or understand the technology. I was with you years ago on this, I didn’t need to know either but now it’s part of my day-to-day work.
I’ll start with the email delivery issues and what is the most probable cause:
1. Your email goes to others junk or spam (SPF records)
2. You’re not receiving some emails (in your quarantine)
3. You can’t send email (your email is restricted)
4. You can’t email Yahoo, AOL or Google/Gmail (DMARC)
5. Your emails bouncing (could be a variety of issues)
6. Your email marketing messages are not getting delivered to the inbox
If you are having issues, feel free to reach out and I can help.
Microsoft 365 Advanced
Sometimes folks have issues that require someone with higher-level Microsoft 365 experience. These requests are in the enterprise level controls of the admin portal. Usually, smaller businesses don’t require advanced 365 support, but you might if you have requirements by law. Email me if you need help with the following and I can discuss your issues and see if I can help or send you a referral.
· License Review
· Authentication Configuration
· General Tenant Configurations
· Conditional Access Configuration and Policies
· Inbound and Outbound Spam and Threat Policies (Defender)
· Intune Setup and Policies
· Alerts and Monitoring
· Defender Management (limited to email side)
· Multifactor Authentication Configuration
ShareSEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com