The US Department of Homeland Security CISA covered the impending end of support for Windows 7 support today.
What date will support end for Windows 7? It’s January 14,
2020. With enterprise refresh plans taking a long time, it’s now that
obsolescence planning needs to start, to avoid the risks of unpatched
After this date, Windows 7 will no longer receive technical support,
software updates, or security updates or fixes.
An interesting article by ProofPoint. This has been a weakness in many MFA architectures particularly email for a long time now, where application specific passwords have been used to mitigate the threat.
Hopefully we will see some innovation in authentication schemes for legacy protocols, but it might not be easy due to inherent protocol limitations.
This underlines the importance of:
MFA access to external non-VPN email (e.g. OWA) through controlled access routes
Removing Internet facing legacy email services such as POP3 and IMAP
SANS Security Awareness regularly produce useful information that can be used by SMEs and enterprises to improve awareness among users about cyber security topics. It’s all good stuff, but this recent update caught my attention as it’s very easily done in modern desktop software packages for email:
“Control Your Own Destiny or Someone Else Will” is perhaps one of the most relevant quotes for cyber security, of course from celebrated GE CEO Jack Welch. It’s never been more true than with the PDF file format.
There has been some further coverage this week about the vulnerabilities affecting Adobe DC and Reader DC. A whopping 44 vulnerabilities were addressed in the February updates from Adobe, of which 43 are critical. Some of the vulnerabilities allow code execution, while others bypass security controls, and yet other facilitate the theft of password hashes.