Category: Uncategorized

The year 2020 looks to be interesting and exciting in a variety of ways, but it also will usher in a tremendous amount of change. If you’re an IT manager, be aware that this year a number of Hallmark Microsoft products will reach their End of Support. That means the company won’t be issuing any further security patches for newly discovered vulnerabilities or additional bug fixes. Technical support beyond a product’s end of life is also off the table.

Some of the products losing support in 2020 include:

• Windows Server 2008 and 2008 R2 (ending 1/14/2020)
• Exchange Server 2010 (ending 1/14/2020)
• Windows 7 (ending 1/14/2020)
• Windows 7 Professional for Embedded Systems (ending 1/14/2020)
• Office 2020 Client (ending 10/13/2020)
• SharePoint Server 2010 (ending 10/13/2020)
• Project Server 2010 (ending 10/13/2020)
• Windows Embedded Standard 7 (ending 10/13/2020)

In addition to those, a number of Windows 10 versions will reach end of support status, including versions 1709, 1809, and 1903.

On the company’s support page, they say that “For customers requiring more time to move to the latest product, the Extended Security Update (ESU) program is available for certain legacy products as a last resort option. The ESU program provides security updates only for up to 3 years, after the End of Support date. Contact your account manager, partner or device manufacturer for more information.”

On top of all that, Microsoft has a number of products on their Fixed Lifecycle Policy, which applies to many products currently available through retail purchase or volume licensing. Several of these will be reaching end of support during 2020 as well.

If you’re using any of the products mentioned above, it’s time to start thinking seriously about upgrading, if you haven’t already begun to do so. A failure to act could cost your company dearly.

Used with permission from Article Aggregator

Researchers at Trustwave have observed a notable increase in the use of .ISO files to deliver malware. Hackers have relied on poisoned disk image files for years to deliver malware to their targets.

It makes sense in a Windows environment because it allows attackers to disguise their payloads as an innocent, standard file type.

In terms of scope and scale, the Trustwave researchers have noted a 6 percent increase in 2019 of this particular attack vector. It is noteworthy enough to be of genuine concern, especially given the fact that .ISO files are often overlooked by antivirus software. That makes it more likely that attackers can deliver their payload undetected.

In one particular campaign unearthed by the researchers, the attackers sent an email that appeared to come from FedEx and offered package tracking information. This was in an attempt to trick recipients into clicking on a file to gain additional information about an incoming package. Of course, the package didn’t actually exist, and clicking on the (.ISO) file installed a malicious payload on the victim’s computer.

It should be noted that .ISO files are not the only image file used in this way. Trustwave also reports a modest uptick in the use of Direct Access Archive (DAA) files. Use of DAA files for the purpose of delivering malware is seen as being somewhat less efficient and effective than using the .ISO format. That’s because specialized software is required to open a .DAA file.

Nonetheless, if a hacking group has done their due diligence and knows the software is installed on a target computer, the DAA file represents another possible inroad that’s likely to go undetected.

Hackers are becoming increasingly inventive, using old tricks mixed with new to infect target systems, making it more difficult than ever for harried IT managers to keep their networks safe. Stay on high alert. The threat landscape is more unpredictable than ever.

Used with permission from Article Aggregator

For a while now, Microsoft Outlook users have enjoyed a highly popular addition to their email service. In a nutshell, it allows them to recall messages that have been sent using Outlook, which is an Exchange Online hosted cloud email service for business.

They can un-send the emails, provided that the recipient is using Outlook and the messages haven’t been opened yet.

It’s a good, well-implemented feature. Recently, Microsoft announced that it will be expanding its availability, adding it for all Office 365 environments during the fourth quarter of 2020.

The company had this to say on a recent blog post on the subject:

“The Outlook for Windows Message Recall feature is extremely popular with users, yet it doesn’t always work so well. Part of the problem is that the recall is client-based and the recall can only happen if the recipient also uses Outlook.

With millions of users with mailboxes in Office 365, we’re now able to improve upon that feature by performing the recall directly in the cloud in Office 365 mailboxes, so it doesn’t matter which email client the recipient uses, the recall takes place in their Office 365 mailbox, and when their client syncs their mail, the message is gone.”

As part of the Office 365 implementation of this feature, users will also have an aggregate message recall status report available to them that they’ll be able to use to tell at a glance which messages were successfully recalled and which ones were not.

If you want more, you should know that Microsoft has recently announced it will be adding protections against Reply-All email storms. They have not-so-affectionately been referred to as ‘Reply-allpocalypses’ that are set off when people send emails with a large email distribution list. They can easily lead to accidental denial of service that can bring even the most robust email servers to their knees.

Both are welcome additions indeed. Kudos to Microsoft for the coming improvements.

Used with permission from Article Aggregator

If you have children that own Apple devices, be aware that the latest update for iOS 13.3 included a feature called Communications Limits.

It is designed to allow parents to set up parental controls to keep their kids from speaking to, texting with, or Facetiming with anyone who’s not already in their contacts list.

It’s a small but important feature addition. Hackers, scammers, bullies, or strangers can easily get phone numbers belonging to children. Even worse, they can then harass or threaten them in a variety of ways.

Unfortunately, there were problems with the implementation of the feature. For one thing, a bug in the code allowed kids to add a new number to the address book contacts list and use that as a springboard for bypassing the restrictions imposed by the software.

The bug was discovered by staffers at CNBC who were able to show that the feature worked fine on devices backed by iCloud, but not other services like Google’s Gmail.

Todd Haselton of CNBC had this to say about the discovery:

“A child should not be able to add the contact to the iPhone’s address book without their parent entering their PIN first if the feature is working properly.”

That’s a succinct description of both the problem and its solution. Right now, Apple is scrambling to generate a fix. Although the company hasn’t said as much, there’s a very good chance that by the next patching cycle, the company will have a fix in hand.

If you were counting on the feature, one thing you can do until the fix is ready is to make use of the Downtime feature. That allows users to restrict access to apps according to a predefined schedule. It’s not perfect, but it will get the job done in the short term.

Used with permission from Article Aggregator

Have you already installed Windows 10, build 1909? If so, then you’ve probably noticed that the latest build update introduced a few bugs to Windows File Explorer.

After installing the latest build, users began reporting issues with the search field that caused it to become unresponsive and the search box to become blurry.

Other users reported that after the latest update was installed, they lost the ability to right click in the search field and access the menu options normally available there.

Testing has revealed that these are not sporadic issues but are impacting every Windows 10 user who has installed build 1909. The company didn’t seem to understand this initially, indicating that they were taking a holiday break and would address it sometime after the new year.

This caused a minor uproar on the web with users insisting that it is a pressing issue. It is important, given that it’s impacting a core feature of Windows and is impacting literally every Windows user who has installed the latest offering from the company.

Based on the rapid, angered response from legions of users, the company certainly now understands that it is a pressing issue. Unfortunately, we do not yet have a time frame on when the fix will be in for the issues surrounding Windows Explorer.

Kudos to the user community for calling loud and insistent attention to the latest problem. Here’s hoping the Microsoft doesn’t keep us waiting too long into the new year for a fix. The company had promised to change the way they handled their QA/QC approach to new builds. However, given the latest issues with the most recent build, either the changes they have made haven’t borne the expected fruit or they haven’t quite gotten around to making them. Either way, it’s a pity.

Used with permission from Article Aggregator

Researchers at Positive Technologies recently discovered a serious vulnerability in Citrix Enterprise products that threatens the security of more than 80,000 companies in 158 countries around the world.

The issue is being tracked as CVE-2019-19781. If it is left unpatched, it puts companies using either product at risk of phishing attacks, malware, cryptojacking attacks ,and DDoS attacks. That is to name just a few.

According to the researchers, the vulnerability impacts all of the company’s enterprise products, including:

• Citrix ADC and Citrix Gateway 13.0
• Citrix ADC and NetScaler Gateway 12.1
• Citrix ADC and Netscaler Gateway 12.0
• Citrix ADC and Netscaler Gateway 11.1
• Citrix NetScaler ADC and NetScaler Gateway 10.5

Positive Technologies reported the issue to Citrix earlier in December 2019). The company responded quickly and has already issued a patch. The company urges all users of the software mentioned above to apply the patch immediately, because the issue “could allow an unauthenticated attacker to perform arbitrary code execution.”

Citrix also recommends making configuration changes in the stand-alone system and running commands from the command line interface. That is, according to a recent blog post on the company’s website.

Unfortunately, this vulnerability has been lurking in the shadows since at least 2014, which means that hackers have had plenty of time to exploit the vulnerability. If you’re unable to patch your software in the near future, it’s important to look for any existing exploitations that may already be compromising your system.

This is a serious, globe-spanning threat. Patching it to keep away from danger should be given highest priority. Kudos to Citrix for their rapid response, but given how long this vulnerability has been waiting to be discovered, the fear that there may be others is there. Stay vigilant and apply the patch as soon as you’re able.

Used with permission from Article Aggregator

According to a recent FBI alert marked “TLP: AMBER,” businesses should be on high alert for ransomware attacks.

 

The alert reads, in part, as follows:

 

“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.

 

The actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections and stolen login credentials.”

 

The alert also states that the attackers behind these two ransomware strains often wield Cobalt Strike tools, including Cobalt beacons to gain remote access.

 

Once the attackers gain a toehold inside a target network, they’ll carefully explore and map the target network, seeking out the most sensitive information including proprietary company data, payment card information and other customer details and the like.

 

The goal here is to identify the highest value information that can be exfiltrated to the command and control server for sale on the black market. Finally, when all of the most valuable information has been siphoned from the network, the hackers will trigger the ransomware itself, which they’ll use to gain an additional payment, extorting the affected organization.

 

The FBI also reports that hacking operations carried out by nation-states often deploy ransomware to make it appear that the attack is the work of traditional cybercriminals, throwing forensic investigators off of their trail.

 

The process of network mapping and exfiltrating valuable data can take weeks or even months, depending on the size of the network. So, organizations may be infected long before the visible signs of the attack become evident. Given that, it’s more important than ever to have robust security system in place. You should have remote backups taken at regular intervals and a rapid response plan in place in the event of a breach.

As 2019 draws to a close, we can say definitively that the year has been another record-breaking one where data breaches are concerned. Hackers around the world have been busy in recent weeks, with a trio of high-profile breaches making headlines.

 

In late November, one of China’s largest manufacturers of smartphones (OnePlus) reported that an unauthorized third-party accessed their user data.

 

According to a company spokesman, “only a limited number” of customers were impacted and no payment information was accessed. Although the hackers did make off with customer names, addresses, phone numbers and physical addresses.

 

To this point, OnePlus has not released the exact number of compromised records. Their best estimates put it as a breach comparably sized to the one that the company suffered in January, which impacted some 40,000 users.

 

On November 28th 2019, Palo Alto Networks suffered a breach. It included personal information belonging to both current and former employees, and happened when an unnamed third-party gained unauthorized access to their network. In this case, the compromised data included employee names, dates of birth, and social security numbers. It gave the hackers more than enough information to steal the identities of the employees whose information was compromised.

 

Also in November of this year, Desjardins Group, which is Canada’s largest federation of credit unions, announced that they had been breached. It resulted in the compromise of personal data belonging to some 4.2 million of its members, which included social insurance numbers, physical addresses and the banking habits of compromised members.

 

These, of course, are just the latest in an unending stream of breaches in 2019. If things remain on their current trajectory, we can expect that 2020 will be yet another record breaking year. Buckle up, it’s going to be a bumpy ride.

For decades, futurists have been promising a cashless society and all the convenience that comes with it. So far though, the technology we have available hasn’t lived up to the promise.

 

Sure, we’re moving inexorably in the direction of a cashless society, but we’re doing so at a snail’s pace. We’re moving in such tiny increments that it sometimes seems that the day will never arrive.

 

Fortunately, that’s changing, at least if Amazon has anything to say about it. Recently, the US Patent and Trademark Office published a patent application from Amazon detailing a touchless scanning system. If the company moves forward with the development of the technology described in the patent application, the future could see Amazon customers to pay at the checkout counter simply by swiping their hand.

 

In the here and now, visitors to ‘Amazon Go Cashierless Stores’ need to scan an app to get in and check out, but that could change markedly in the years ahead.

 

Granted, filing a patent application and actually creating a viable technology around it are two very different things. However, if this technology makes it into the real world, it stands to change the face of shopping forever.

 

According to the application filed, Amazon’s vision for the technology would be the development of “a scanner device that is used to obtain raw images of a user’s palm that is within a field of view of the scanner…the first set of images depict external characteristics, such as lines and creases in the user’s palm while the second set of images depict internal anatomical structures, such as veins, bones, soft tissue, or other structures beneath the epidermis of the skin.”

 

Based on the early read, the technology sounds as ambitious as it is amazing. However, Amazon has pulled off larger miracles than this. We admire the vision and look forward to seeing how things develop from here.