Tucson: 520.888.9122 | Phoenix: 602.277.5757 | Client Portal

Author: leeshanok

LeeShanok News – Attackers Exploit Flaw in WordPress Plugin

LeeShanok IT News
Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

Description

Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform.


What You Can Do

The developer behind the plugin, which is called WP GDPR Compliance, has issued a patch fixing the critical flaw. Its users are, therefore, strongly advised to upgrade to version 1.4.3, or alternatively disable or remove the tool.


Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 330 | Phoenix | Arizona | 85014

IT News: Ransomware 2018

IT NEWS – Ransomware 2018

On May 31, 2018, Security Intelligence published a mid-year article “Are Ransomware Attacks Rising or Falling?” (https://securityintelligence.com/are-ransomware-attacks-rising-or-falling)

  • Ransomware is the top variety of malicious software, 76% of breaches were financially motivated, and 28% of attacks involved insiders (employees).
  • Ransom-related attacks are moving to more targeted methods, focusing on quality rather than quantity of targets according to F-Secure.
  • In 2017, Malwarebytes tracked a 90 percent increase in Ransomware over 2016, with monthly increases up to 10 times the rate observed the previous year.

Many of the following items are managed for you by LeeShanok. Please review the following checklist, and schedule a call with your LeeShanok Account Manager if there remains any uncertainty.

Monitor Activity – Be made aware of attacks that get through firewall.
Blacklist – Slenders, domains, and geographies that have sent malicious messages.
Backups – Back up servers and file shares regularly, and periodically validate effectiveness. Some backup strategies involve multiple sources and destinations, and may include software from more than one manufacturer. This adds to the complexity but the objective is the same, make sure you can recover from disasters.
User Profiles – If your user’s profile folders are on their local PCs, consider re-directing them to a common storage location that is included in backups.
Patches – Apply patches to Servers and end-user computers, Windows, devices, and software. It’s true that updates occasionally cause problems, but a lack of updates will certainly increase vulnerabilities. If your server has updates in queue, don’t wait too long to apply and reboot.
End-Point Protection – Protect PC’s with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven’t expired and that real-time protection is active. Central purchasing and administration allows for consistent protection, alert handling, license renewals
Windows Firewall – Protect end-user computers with active Windows Firewall, or use the firewall if present in your antivirus software.
Network Firewall – Periodically review your network firewall to make sure it receives software and firmware updates and is supported. Businesses providing internet access to customer’s through a business center or guest-wifi will benefit from content filtering and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower.

Network Segmentation – Segment your network into logical groupings, limiting access by an attacker.

Educate Users – Let us host a free workshop for employees and satellite offices on “IT Security for the Common Worker”, and we will even supply lunch for your team.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

Current Security Threat 8/6/2018

IT NEWS – CURRENT SECURITY THREAT – IoT (Internet of Things) ATTACKS

The FBI has posted a warning regarding non-secured IoT(Internet of Things), or “smart” devices.

According to Techopedia, the Internet of Things is “everyday physical objects being connected to the internet and being able to identify themselves to other devices.” This object no longer “just relates to its user, but is now connected to surrounding objects and database data.” These objects can be refrigerators, garage door openers, thermostats, DVR’s, healthcare appliances, vehicles, doorbells, door locks, fitness trackers and cellular phones to name a few. Even dog collars and hearing aids can be connected to the internet!

Hackers are searching for vulnerable devices to use “as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.” A malicious cyber actor may gain access to and utilize the compromised device to invade a local network, send spam emails and/or attack other networks outside of the original one. Because the IP address of a local device is in the U.S., many of the filters that would block this type of behavior from known suspicious countries could allow this traffic to pass.

How to protect yourself:

  • Always keep a product’s firmware and patches up to date. This includes routers and firewalls.
  • Reboot devices regularly.
  • Change any default passwords immediately. Never reuse a password on more than one device.
  • If possible, keep any IoT objects on a separate network or VLAN from the main network.
  • Install antivirus on any applicable devices and keep them up to date.

For further reading:
https://www.ic3.gov/media/2018/180802.aspx

If you are not sure if one of your devices is affected, we can evaluate for best practices and make recommendations. Contact us to schedule service.

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.

If you have any questions or need assistance with checking and updating your devices, please don’t hesitate to contact us.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

Office 2010 EOS

LeeShanok IT News: Office 2010

Microsoft is ending support (EOS) for Office 2010 in 14 months, on October 13, 2020. Following that date, technical support and fixes for bugs and security vulnerabilities will stop. Even though Office 2010 will continue working after EOS, but it will become less stable and more prone to exploits as time passes.

When you realize that many email phishing attacks send you an email message with an Office file or OLE object attached, hoping that you will click and open the file. Windows evaluates the file being opened and launches the default app for that file type. Say it’s a year later, and a Word file (.docx) is opened. Windows will launch Word 2010 and feed it the file. With an old un-supported Office, this user is asking for trouble if there are macros in the object or file.

There are two supported upgrade paths, and each has advantages:

  1. Office 2019 – perpetual license you own
  2. Office 365 – subscription you pay monthly, can install apps on multiple devices

Office 2019 is like buying a car. Maintenance may be covered but that eventually ends, after which you are fully responsible for handling any trouble. You can make any change to it and re-paint it a different color because your ownership is total and does not expire. After the warranty expires, deferring maintenance may save in the short term, but the repairs may compound and result it large bills to keep it running. Similarly, when Office support ends, consider upgrading to a current supported version to avoid expensive infections.

Office 365 is like leasing a car, where maintenance is covered and done regularly. All you own is your side of the lease contract, but that provides you rights of use and rights of support. Like a lease, you must pay the monthly bills or the subscription will end, and by paying, the Lessor must fulfill their part of the contract and keep it in good running order. You’ll also receive the latest versions when they are released, so you’ll always have the latest and greatest.

Office 365 Business Premium allows you to download the same apps you get with Office 2019, but also allows installation it on multiple devices that are used by the same person. Think of it as a subscription tied to the user, equipping all their devices with the same apps.

For laptop and mobile device users, the installed apps are superior to browser based “cloud” apps which require internet access to run. Both Office 2019 and some Office 365 subscriptions allow the apps to be downloaded and installed, which will work even without internet.

Another advantage of Office 365 is the availability of Exchange Online, Microsoft’s cloud hosted email service. Those with local Exchange Servers have invested heavily in hardware and software, but unfortunately both will become obsolete as they enter EOS. In contrast, Exchange Online is licensed per user through an Office 365 monthly subscription, bringing the cost down and the flexibility up without any hardware purchases.

Here are Microsoft’s Office 365 Offerings.

For a confidential discussion of your situation or a competitive quote, give your Technology Partner a call.

The LeeShanok Team

Tucson:   (520) 888-9122
Phoenix:  (602) 277-5757

August 2019 Patches Critical

IT Security Advisory:
August 2019 Patches Critical

Microsoft bundles patches for distribution on the 2nd Tuesday each month, and August 2019 is particularly important with 93 vulnerabilities fixed. Four vulnerabilities allow execution of code on remote computers, and two of those take control of a computer then spread to other computers entirely on their own (https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/). The patches below are critical according to Microsoft, and affect the following operating systems:

  • Windows 7 SP1
  • Windows 8.1
  • Windows 10 – all versions including Server
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2

Some of our client firms delay or screen patches and updates, but it is important to patch these critical vulnerabilities. Here are links where you can download just the security patch or the bundle for your specific operating system right from Microsoft.

In addition, enabling Network Level Authentication (NLA) prevents the worm-like behavior, by preventing initiation of remote desktop connections until the user is authenticated. But this does not prevent remote code execution. You’ll need the patches to prevent that.

For a confidential discussion of your situation or to get some help, give your Technology Partner a call.

The LeeShanok Team

Tucson:   (520) 888-9122
Phoenix:  (602) 277-5757