Hello, welcome to the Friday, February 4, 2020 edition of the Sands and the Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

One issue that keeps coming up is exposed devices, whether this is cameras with weak telnet passwords or network storage devices or lately things like,

for example, your integrated lights out adapters.

But one question always comes up with this is how do I make sure that I'm not exposing

anything like this to the internet?

Essentially, how do I manage my attack

surface, how this is often described. Put together a quick blog today with some tools that

I like that I found helpful in order to get a hold of this particular problem, particular for

smaller organizations. Now, one little sub-problem

here is, of course, how do you deal with people working from home and their networks?

It would be interesting to hear what people are doing if you're sort of including, for example,

home networks in vulnerability scans,

or if you're more relying on securing the devices directly.

Let me have a couple of news items regarding multifactor authentication.

And first of all, Microsoft published its new quality cyber signals reports,

and according to that,

well, sadly, only about a fifth or 22% of Asia Active Directory users are taking advantage of multi-factor authentication, but multifactoredication does remain a very effective

measure to prevent attacks against these types of accounts.

Microsoft is seeing hundreds of password attacks per second, of course, no big surprise,

giving the scale of Microsoft's operation.

Also, Octa is reporting that they're seeing about 10 times more attacks

...