ANCHOR CYBER FEED

                                   FOR IMMEDIATE RELEASE: JUNE 28, 2017 Contact: Anchor Technologies, Inc. Peter Dietrich (410) 295-7601 Anchor Technologies, Inc. Launches a Cyber Academy Delivering real-world cyber education from seasoned experts providing a quick and affordable path for IT professionals. COLUMBIA, MD,   June 28, 2017 – Anchor Technologies, Inc. (Anchor), a cybersecurity consulting firm headquartered in Columbia, Maryland, announced today that it is expanding its services offerings to include cybersecurity education and training.   With over fifteen years focused on cybersecurity, Anchor has leveraged that experience to launch a cyber academy, the Anchor Center for Cyber Skill (ACCS) designed to fill a gap in the market for real-world cyber education and skillsets. “This is not your typical training program”, said Anchor President and CEO, Peter Dietrich.   “The classes will be led b

Microsoft Patch Tuesday Fixes Massive Batch of Vulnerabilities, Including One Being Actively Exploited Microsoft's "Patch Tuesday" this month fixes 94 vulnerabilities, 27 of which involve potential remote code execution (generally the worst type of vulnerability). The most concerning vulnerability is CVE-2017-8543, a vulnerability in the Windows Search service that Microsoft says is already being actively exploited by malicious parties in the wild. The Search service is remotely accessed via Server Message Block (SMB), the same service that the ETERNALBLUE exploit (abused by WannaCry) abused -- organizations should ensure that the SMB protocol is not exposed outside their firewall. https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/ https://blog.qualys.com/laws-of-vulnerabilities/2017/06/13/microsoft-fixes-94-security-issues-in-massive-june-update https://www.scmagazine.com/microsoft-releases-patch-tuesday-fixes-including-wannacry

OneLogin Breach -- Attackers May Be Able to Decrypt Data A consistent recommendation of most security professionals has been for users and organizations to adopt single sign-on and secure password management programs. These programs, many of them cloud-based, reduce the need for users to remember a host of different passwords, thus making it easier for them to choose strong, unique passwords. While this is generally good advice, it is crucial to choose a provider with a strong security track record of their own. OneLogin, a single sign-on provider popular with corporate users, was compromised two weeks ago, and revealed last week that the attackers also obtained keys that may allow them to decrypt the stolen data. In the past, major breaches of password managers (such as LastPass) have apparently led to no true data loss, because the stolen data was strongly encrypted, and the keys were securely stored separately from the data. OneLogin users are advised to update their master pa