loader from loading.io

Welcome! Why You Have to be Applying ALL Patches Not Just the OS ones plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Release Date: 09/11/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Why Most Businesses Don't Take Security Seriously and Why they Should? show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Why Most Businesses Don't Take Security Seriously and Why they Should?

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Steve Fourni who was sitting in for the vacationing Jim Polito.  He had a few questions about computer security especially in light of the 129 Microsoft Vulnerabilities that were addressed on Patch Tuesday, I did get up on my soapbox for a bit, but Here we go with Steve. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Hey, it's political season. I had to get on my soapbox. Okay. Little stump, speech, going on here, Craig Peterson. Of course this...

info_outline
AS HEARD ON NH Today with Jack Heath WGIR-AM 610: Critical Patches and Some Good Economic News show art AS HEARD ON NH Today with Jack Heath WGIR-AM 610: Critical Patches and Some Good Economic News

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. I was on with Jack Heath and we discussed a critical patch that was announced on Friday and is so dangerous that the Fed's gave their system administrators until today to get their servers patched up.  Also, Microsoft announced 129 Critical patches on Tuesday -- Patch, Patch, Patch!  Then we talked about some good economic news. Here we go with Jack.  These and more tech tips, news, and updates visit -  ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Hey, had a quick hit with...

info_outline
Welcome! Why Hackers Like Outsourced MSPs plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Why Hackers Like Outsourced MSPs plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains why Hackers have found a new target that they love and why it might put you in jeopardy. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Welcome everybody. Hey, if you think that your IT being outsourced is going to somehow protect you from the bad guys. Unless they are a security service provider, I've got some news for you. Hello everybody. Craig Peterson here. A welcome and glad you joined us here on news radio 98.5 And AM 560. I also want to remind...

info_outline
Welcome! Cybersecurity Spending - The numbers plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Cybersecurity Spending - The numbers plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig puts into perspective cybersecurity spending and how much you should be looking to spend based on certain criteria. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] This talk of MSP outsourced IT providers.  Brings up a really great question. How much should you be spending on security in a business or at home? Hey, you're listening to Craig Peterson here on WGAN 98.5 FM and AM 560. You can also hear me every Wednesday morning with Mr. Matt Gagnon and, he and I...

info_outline
Welcome! China and An EMP - Could it happen plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! China and An EMP - Could it happen plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig discusses Electromagnetic Pulse as it relates to the DHS warning that China might be planning something around our election. What would it mean? How would we deal with it?  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you're not familiar with the Carrington event, stick around because the odds are great we're going to have to live through another one of these. Even though it's been more than a hundred years, we're going to talk about EMP attacks and a real...

info_outline
Welcome! Nation-State Election Interference is about Chaos plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Nation-State Election Interference is about Chaos plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Nation-state Election interference and what is more likely just spreading Chaos and distrust. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Of course, we talk a lot about Russian hackers, Chinese. Iranian, and it goes on and on North Korean, we're going to talk right now about our elections. 2020 a very big year. What's Russia up to, and what's the US doing about it. You're listening to Craig Peterson here on News Radio 98.5FM and AM 560. You can also listen...

info_outline
Welcome! Your Privacy and Security Concerns of Tele-Health plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Your Privacy and Security Concerns of Tele-Health plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Why you should be concerned about your private health information when using a Telehealth application.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Coming up in this hour, we're going to be talking about some of these cyber risks that are really exploded because of the telehealth services. We'll tell you about that. And online voting. Price gouging and defective products rampant on Amazon. Hey, listening to Craig Peterson on news radio 98.5 FM and AM...

info_outline
Welcome! Voting technology and why We Won't have Online voting for some time plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Voting technology and why We Won't have Online voting for some time plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Voting secrecy and privacy and why online-voting is not ready for prime time and how Mail-in voting is ripe for fraud.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're about to talk about online voting. I know you've heard a lot about the Mail-in voting, right? Both sides of that, as well as the regular voting booths and stuff. But we're going to talk about on-line. Hey, of course, you're listening to Craig Peterson here on news radio 98.5 AM and AM...

info_outline
Welcome! Amazon Marketplace and third-party sellers plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Amazon Marketplace and third-party sellers plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains third-party sellers on Amazon and why it is not all it is being made up to be and why? For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You've probably been shopping online and some of these retailers include some of the biggest ones out there have been price, gouging, us, and shipping defective products. We'll talk about who and why and what you can do. Hey, welcome back everybody. Craig Peterson here, he listening to news radio 98.5 FM and AM 560 thanks for...

info_outline
Welcome! Professional Ransomware is Here plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Professional Ransomware is Here plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains the new Corporate face of Ransomware called Ransomware-as-a-Service or RaaS.  How it works and what it means for you the small business owner. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Odds are pretty good, actually that you've already been hit with ransomware. Raise your arm if it's happened to you, put your hand up. Yep. Yep. I see you. it has gotten a lot worse lately. You're listening to Craig Peterson right here on news radio 98.5 FM, AM 560,...

info_outline
 
More Episodes

Welcome!

Craig Explains Why companies believe that they are Completely Patched up and Why it means more than your Operating System.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

iOS 13.7 launched today with a new system for battling the pandemic

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

The accidental notary: Apple approves notorious malware to run on Macs

Most IoT Hardware Dangerously Easy to Crack

55% of Cybersquatted Domains are Malicious or Potentially Fraudulent

Feds Can’t Ask Google for Every Phone in a 100-meter Radius, Court Says

The Hidden Cost of Losing Security Talent

 

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, do you have a 99% patch rate? Gonna talk right now about why that is a load of UMHUM in every case that I've ever seen?

Craig Peterson here and here we go.

Hey everybody. Thanks for joining me today. this is something that I don't know if I can ever repeat enough, but I want to take a little bit of a different angle on this than I have before. Most of us know that we're supposed to patch. What do we patch? What are we using? You might turn on automatic updates on windows. You might have those turned on MacOS, of course, on your iOS devices. Maybe you've got an Android device it's less than two years old and still gets updates so you have that turned on. Here's the problem. I have yet to walk into a business that doesn't say that they have just a phenomenal patch rate.

You know, so for instance, you'll walk in there and you say, how good are you guys at keeping up on patches?  Almost every last one of them says, yeah, almost a hundred. We're probably 99, 98% of the patches are up to date and we're just phenomenal. We're safe. Yeah, we're safe. don't worry about us. Yeah, we're safe. Don't worry about it.

 I've been in a couple of businesses and said that and then, they got nailed something awful and they were too embarrassed to call me back. When I talked to them later on, I found out what had really happened with them.

Many people and many businesses are focused on that patch rate and that kind of makes sense. We have to make sure the patches are done, particularly the critical patches. But why is it that I go into a business and every business says, yeah, we're patched up. it might not be a hundred percent, but we're patched up. Every business says that.

Yet I always find critical vulnerabilities when I poke around. When I do a scan. When we do these paid assessments to come up with an action plan for businesses. We scan their systems, which means their workstations, it also of course means there are servers and maybe other devices that are out there. I have never scanned a device that did not contain a critical vulnerability.

Where's the disconnect? Why are businesses and people saying, yeah, we have this 99% patch rate? Yet I am continually finding major problems. It has to do with what's being patched. People are not patching the right thing. So let's look at a couple of different things here.

First of all. When we're talking about workstations, desktops, laptops. Here are the four types of software that are attacked the most. Number one internet browser add-ins. How many of us have extensions on our browsers? Some of those extensions are in fact, malicious themselves. Internet browsers.

Another big attack vector is operating systems. Of course, all of our office applications, all of our productivity stuff, software like I'm using right now for the radio show. All of this stuff gets attacked. But when we're talking about a 99% patch rate yeah. We're pretty much all patched up. What they're almost all always thinking about and talking about is patching the operating system and that's where things end.

Now on the server-side, when we go into businesses, we're finding the webserver software, the database server, the operating systems on those servers, the remote server management stuff, like RDP, the active directory. Those are what is always being attacked. So why the disconnect? It's because it's difficult to patch everything.

Microsoft, I already mentioned has the ability to automatically install updates. In fact, if you don't have the business versions, the enterprise versions of Windows, professional, you're forced to do updates. You don't even get to say when you want those updates to happen. If you're running iOS, on your iPhone, on your iPad, again, updates just happen automatically.

But how about all of those apps? If you're getting those apps on your mobile devices, from the stores, like the Google play store or the Apple store, you were probably getting updates for your applications. If you're not getting them from there, you're probably not getting updates.

So not patching the right thing is a very big deal.  I wanted to talk right now about one specific thing that people are not patching. Frankly, that is our web server. You've got a website, right? If you're a business, any size business, you've got a website. You have to have a website. You have to get the message out.

Now, of course, you can have some emails from other things too, but we're going to focus on one thing right now, the website. Hackers are actively exploiting right now, a vulnerability in a WordPress plugin. Now, I mentioned our browser plugins are the extensions for our browsers and how those can be hacked in many cases.

It's another vector, obviously for the bad guys to get on to our computers and really start messing around. in this case, we're talking about WordPress web server, which is the number one most popular web server out there, WordPress and there are more than 700,000 active installations of this. We are using it for our own little websites for our families, We're using it for our businesses. We're using it for our associations or organizations. This particular file manager plugin, which extends features for WordPress allows bad guys to run command and malicious software things, like scripts whenever they want to. Now, how many people are keeping their WordPress installation up to date.

Are you keeping your flash UpToDate? Are you keeping your other Adobe software up to date? How about all of the other software you're running on your computers? I look at this computer and it's just astounding how much software I have installed here on my Mac that I use all the time.

So the attackers are using this exploit to upload files that have these shell scripts in them that are hidden in an image. Makes it even harder for you to find.

So we have to be very careful. We don't know the impact of all of this yet. It's probably pretty bad. There are some companies that are blocking it. We block it as well, but we're talking about millions of exploit attempts.

Over the course of the last couple of weeks, that is pretty bad. And we're only seen about half of the sites out there. The WordPress sites actually patched up. So make sure you do the update. You have to inventory everything you have. Everything your enterprise uses. What software do you have? What is it installed on? Is it up to date?

Don't just Willy nilly, allow people to install software on their computers, and don't do it yourself either. Every time you install software, you open up another potential way for bad guys to get in. Its something else you have to track. It's something else you have to inventory. It's something else you have to update. You have to upgrade.

People are just downloading stuff, Willy nilly. And remember what was the very first thing I said, that's attacked frequently internet browser, add-ins. That means internet browser add-ins means that those wonderful little bars that people install on their browsers are, yeah, those are malicious much of the time. At the very least, they are providing something called adware that's tracking, where you're going. Sometimes it replaces the ads on the website shows you stuff. It clicks through to these not clickbait sites, but click through to make them money on ads that they're running.

It's bad. We can't do it now. I wish we had more time. All right.

Your listening to Craig Peterson.

Stick around because when we get back, we're going to talk about an Apple problem with security this time.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553