With growing numbers of organizations, companies and individuals being affected by ransomware we need to take precautions before we are affected so that if the worse should happen we can recover.
For the second time this month I wish to provide a respectful shout-out to the following blog post that provides further tips on preventing ransomware that were not present in previous posts.
For example, using the principle of least privilege (not using a privileged user account on your device when you don’t have to e.g. for everyday general use), security awareness (being aware/having knowledge of current computer security trends and knowing what to avoid/which warning signs to look out for) as well as a new security feature developed by Microsoft for Office 2016 in an effort to prevent the spread of ransomware. I hope that you will find the post linked to below useful:
8 tips for preventing ransomware by John Zorabedian (Sophos Security)
Further practical advice on preventing ransomware is provided in a previous blog post.
In a similar manner to an update published by Oracle in February they have again released a further out of band security update to address a critical security issue that was incorrectly patched/not fully resolved in 2013. Updated versions of Java 7 and Java 8 are now available.
Further highlights of this update are provided here and here. Further background info on this issue is available in this Qualys blog post.
A set of suggested practices for using Java on your computer are provided here. Please install the recommended update for your version of Java as soon as possible to protect against this re-patched security issue.
Update: 13th April 2016:
Further details as well as updates to resolve the Badlock issue are discussed in a more recent blog post.
Earlier this week an announcement was made by SerNet (a Samba consulting company who set up the Badlock website) that a critical security update would be made available on the 12th of April to address a vulnerability in the SMB/CIFs protocol (defined below) that is the basis of the open source Samba project. The 12th of April is the well-known second Tuesday of the month known as Update Tuesday (or Patch Tuesday) when Adobe, Microsoft and others commonly make available security updates on a scheduled basis.
Some advice that you can follow to better prepare for this update being made available is described in this SANS blog post as well as this very informative and practical InfoWorld article. Further background on this announcement can be found here.
I will publish another blog post on or very soon after the 12th of April to provide the appropriate information for you to address this vulnerability in a timely manner.
What is the SMB/CIFS protocol?
The Server Message Block (SMB) protocol is also referred to as the Common Internet File System (CIFS) is an application layer (layer 7 of the OSI model) protocol that allows the sharing of printers but mainly provides file access/transfer in a Microsoft network using mapped network drives. Further features of SMB/CIFS are detailed in this Sophos blog post.
Samba is an open source (the source code (human readable code) is free to view and edit by the wider IT community) application that provides the above mentioned network services across Linux/Unix and Microsoft servers/clients.