Center for Internet Security Alert Level
GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.
There are 4 other levels. There’s Low, Elevated, High, and Severe. From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”
Data Breaches in Massachusetts
Fun fact: 1,909 data breaches in Massachusetts in 2019 and more than half a million people were affected. This far there have been 17 Data Breaches through the first week of May. It includes Rockland Trust and Santander Bank. If you are a customer of either it’s worthwhile to look up the Notification Letter on the Massachusetts Office of Consumer Affairs and Business Regulation. We will have the link for you in this article at https://cyberdefensecontractors.com
Facebook Bug Earns a $20,000 Bounty
This was essentially a zero-day vulnerability. What does that mean? It was an undiscovered vulnerability known to a single individual or a single group. The difference here is it was not weaponized meaning it otherwise not utilized for a malicious purpose.
Facebook Login SDK
Mitigated in the SDK.
No customer notification needed.
Microsoft Adds DNS over HTTPS
Lindsey O’Donnell of Threatpost reports that, in our words, the internet just got a little bit safer. On a technical level DNS is the last or one of the last protocols to encrypt their traffic. Yes, we still have unencrypted traffic with specific protocols. DNS over HTTPS has been touted as the solution for DNS. You will see it integrated into Windows 10 at some point in the near term. For some reason Lindsey’s articles suggests that folks should proceed with caution, but Cyber Defense Contractors is telling you to jump in with both feet. There is no downside to the alternative as DNS as a protocol generally remains in an encrypted state across the Internet.
All Windows Users who make use of the following three DNS servers. If you are not already on a DNS server that is not provided by your ISP we suggest that you move to one of these to get ahead of the game as they support DNS over HTTPS. Typically, internet service providers track your DNS queries. Cloudflare and Quad9 claim otherwise and that they are private. By private they mean they do not track you.
- Cloudflare at IPv4 126.96.36.199
- Quad9 at IPv4 188.8.131.52
- Google at IPv4 184.108.40.206
As for browsers, the two that support DNS over HTTPS are…
- Google Chrome
- Mozilla Firefox
We suggest you check out the article on Threatpost as it shows you how to enable DNS over HTTPS.