Hello, welcome to the Tuesday, May 18, 2021 edition of the Sandcent Storm Center's Stormcast. My name is

Johannes Ulrich, and I'm recording from Jacksonville, Florida. In Diaries today, we have a plea by

Daniel about two-factor of occasion for webmail or email in general, which is in particular

important as email still remains to be one of the preferred attack factors and, well,

ransomware, of course, being the goal these days that attackers are going for.

And there's nothing better to craft a plausible email if it's possible to compromise an email

of an insider or a trusted external source.

So as Daniel puts it, don't be the company that emails the ransomware to the victim

implement two-factor authentication, in particular with everybody moving to web-based email systems.

Well, it's just a matter of time until your users will get fished and two-factor authentication is probably the simplest defense that actually works in this particular case.

And talking about ransomware, you better check your cyber security insurance. Axa, one of the biggest insurance

companies out there, just announced that they will no longer cover ransom payments. Interestingly,

they made that move after becoming a victim themselves. Haven't seen anything from other insurances, but of course, as so often, I would expect

other insurances to pull along as a big player like AXA is making this move.

And one of the war on abilities highlighted in last week's Microsoft Patch Tuesday was CVE 2021-31-166.

This was the remote code execution vulnerability in HEP.Sys.

This is not yet a full remote code execution exploit.

It just triggers a blue screen of death and, well, it only works against specific versions

of Windows in particular, the latest version of Windows server core, so the version without

GUI.

But this certainly highlights the need to start patching these affected machines.

Again, only the most recent versions of Windows server, and again, only the core versions,

...