Covid-related social engineering attacks continue to make headlines, as most businesses shift work to a stay-at-home model for continued operations. There are numerous articles about attack types and vectors, so make sure your users are aware and informed.

A new zero-day vulnerability has been announced that impacts all supported versions of the Windows operation system. Both vulnerabilities reside in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the ‘Preview Pane’ or ‘Details Pane’ without having users to open it. No patch is yet available, but there are some workarounds that have been published.

Covid-19 still dominates the news and continues to add to the security woes of companies. Of interest is a new study that states that 3 in 4 CFOs plan to shift at least 5% of newly remote workers permanently post-pandemic. I think this is the first of several major shifts in how business will operate moving forward.

A new report finds that there is a 47 percent jump in insider threats in the past two years. To make things worse, the average cost has increased 31% as well. With the rush to expand operations to a work from home posture, many companies may have left security gaps open, allowing for a surge in insider threat incidents. Ensure that your organization is not left exposed.

And finally, the Emotet botnet is back – “New and Improved.” It was the most dangerous malware botnet of 2019, and its new feature lets it spread inside the network once it’s infected a system. It’s dangerous because it delivers malware of a variety of types. Be patched. Be vigilant.

~Stay Secure