Cisco drives that operate for 40k hours will cease to function

Cisco just announced a new Field notice regarding Defect ID CSCvt55829 which is an industry wide firmware index bug.

Under normal operation, after 40,000 power-on hours (4.5 years), the SSD will report that 0 GB of available storage space remains. The drive will go offline and become unusable.

These drives were used in the following C-Series products and there is a firmware upgrade to resolve the issue.  For more information you can go to the Field Notice FN – 70545.

 

UCS Manager based B and C-Series Software Release Software Downloads
Release 4.1(1c) and later

VMware code execution flaw CVE-2021-21972

There is a newly disclosed code-execution vulnerability in VMware vCenter.  VMware was quick to release a patch (within a day) and it can be found here.

The severity of this vulnerability as well as the fact that there are exploits available for both Windows and Linux servers, kicked off a flurry of mass scanning for vulnerable vCenter Servers.

Code execution, no authorization required

CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.

The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller

Ransomware and the impact to your business

Everyday, you read another story about how a company has been hit by a ransomware attack, which potentially can disrupt your business, services to your clients and livelihood of your employees.

Just last week it was announced another company, Forward Air, was hit by a ransomware attack, which disrupted services and impacted revenue.  This attack was attributed to a group “Hades”.  Forward Air, a trucking company from Tennessee, posted revenues of $1.4 billion in  2019 and employs more than 4300.

The ransomware note, resembles a similar note used by another ransomware group known as “REvil”, also known as “Sodin”.

Hades Tor site

 

This is a Sodinokibi variant that was first seen in early 2019.  Sodinokibi is what is known as ransomware-as-a-service, basically a software package which is catered by underground vendors to threat actors providing them a ransomware platform tool.

Companies are limited in their ability to defend against this type of exploitation, especially if they do not have full time IT staff or contracted Managed Service Providers that focus on security.  Your organization must follow the following guidelines to help mitigate your exposure:

  • Patch aggressively so vulnerabilities are eliminated and access routes are contained
  • Enable endpoints with tools that automatically detect and respond to infections before they become systemwide
  • Enable network threat intelligence tools to detect anomalies in your network traffic
  • Make sure emails are screened for malicious payloads and links
  • Minimize access levels by employees to perform their job functions

If you have been hit by ransomware, or just want to assess your company’s state of preparedness, reach out to us to discuss your needs.

LMJ is a full service Managed Service Provider, with offices in Alaska and California.

 

secure data center

Cyber-security Training can save the day!

So you have secured your business.

Firewall, VPN for work from home, radius authenticated WiFi or perhaps an RDS gateway for remote desktops.  Anti-virus is up to date, patching is top notch, SaaS applications locked up with two-factor authentication.

What about educating your workforce?  Although Phishing is only the 5th most common primary cause of security incidents (per the Verizon 2020 Data Breach Report), following Denial-of-Service (DoS), data loss, Command and Control, or misdelivery of email/data – when it comes to data breaches Phishing is still number one.

Without a solid training plan for your employees, your business is at greater risk to have data compromised.

Top areas to look out for:

  • Social Engineering
  • Stolen Credentials
  • Malware (usually delivered via email)

According to Verizon, Phishing is the first step in about 20% of security incidents and plays a role in another 30% of secondary steps to gain access to your information.

Highlights by Sector

Financial and Insurance:

  • 1,509 incidents, 448 with confirmed data disclosure
  • What did they target, Web Applications, Miscellaneous Errors and Everything Else
    represent 81% of breaches
  • External to company (64%), Internal (35%), Partner (2%), Multiple (1%) (breaches)
  • Financial motive (91%), Espionage (3%), Grudge (3%) (breaches)
  • What did they get- Personal data (77%), Other (35%), Credentials (35%), Bank (32%)
    (breaches)
  • How do they solve the problem -Implement a Security Awareness and Training Program (CSC 17),
    Boundary Defense (CSC 12), Secure Configurations (CSC 5, CSC 11)

Healthcare:

  • 798 incidents, 521 with confirmed data disclosure
  • Miscellaneous Errors, Web Applications and Everything Else
    represent 72% of breaches.
  • External (51%), Internal (48%), Partner (2%), Multiple (1%) (breaches)
  • Financial motive (88%), Fun (4%), Convenience (3%) (breaches)
  • What did they get – Personal data (77%), Medical (67%), Other (18%), Credentials (18%)
    (breaches)
  • How do they solve the problem – Implement a Security Awareness and Training Program (CSC 17),
    Boundary Defense (CSC 12), Data Protection (CSC 13)

But my company is too small for someone to try and get our data!

While differences between small and medium-sized businesses (SMBs) and large organizations remain, the movement toward the cloud and its myriad web-based tools, along with the continued rise of social attacks, has narrowed the dividing line between the two.

As SMBs have adjusted their business models, the criminals have
adapted their actions to keep in step and select the quickest and easiest path to their victims.

Contact us to get more information on our security practice and how you can have your team trained on cyber-security awareness.

 

Can your small business survive during the Covid crisis?

The management stresses that are pressed upon small business owners during this time of crisis are many fold.  How do you keep your business afloat during the crisis that diminishes your ability to react, with your staff either working from home, or limited in their ability to interact with each other and customers.

hypervisor image

Working from Home has expanded dramatically during the Covid crisis.

Companies need to rethink their operating model based on how their staff work best, including operations and IT.  I know this is old news, but the push to digital tech is accelerating and the skill sets necessary to maintain, plan and grow as well as maintain appropriate security are becoming more and more difficult for small companies that don’t have the resources to employee multiple IT staff and keep their skills up to date.

This provides a new opportunity to review the benefits of a managed IT provider – providing a bench of skilled technology staff as well as a standardized approach to hardware, software management and security for both the endpoints and the overall company.

If you are unfamiliar with the managed IT business model, here is a quick overview: Managed IT services is a subscription based model, usually scoped around the number of devices, with pricing driven by consumption, monitoring, backups and security.   This model helps in several ways, but primarily it aligns the cost structure to drive positive proactive maintenance of both infrastructure as well as planning for future growth and expansion to minimize risk.   Risk management is something that every business understands.  The Managed IT provider assumes and manages much of the risk for the company it serves by applying standardized methodologies to your infrastructure and software systems.

Some questions to ask yourself to determine if your company is ready for a managed IT solution:

  • Do you have sufficiently trained staff or time to formally deal with proper maintenance, updates and repairs/replacement?
  • Did your IT team achieve its goals last year, or were they hampered by lack of time, skills or support?
  • Did your organization have too many outages or downtime?
  • Did you lose data due to lack of a proper disaster recovery plan, malware or ransomware?
  • Were you able to quickly pivot to a remote workforce and have the tools necessary to maintain and support that workforce?

These are all areas that a managed IT solution provider can help your business cope with the stresses and changes happening in the IT requirements due to Covid.

I recommend you reach out to your local providers and get a better understanding on how managed IT can help your business survive and thrive during these trying times.

Why your company needs to have a network and infrastructure assessment

Many times, we have been contacted by companies that want us to ‘replace our hyper-visor infrastructure’ or ‘update our server infrastructure’ because of perceived issues in performance or user experience.  Unfortunately, by bypassing the critical step of a full network and infrastructure assessment, companies miss out on identifying the root cause of security issues and network performance.

Do you know all your infrastructure assets and what bandwidth they are using?

What are the critical infrastructure is not longer under warranty or service support?

How much traffic is traversing your branch office internet connection?

Network and infrastructure assessments are not a one time and done process.  Having fresh insight on your network and potential bottlenecks and security issues brings a piece of mind to any IT Manager, CIO and CSO.

Having our team identify and rank your organization’s pain points gives you the tools to apply budget appropriately and meet the growing demand of your companies IT needs.

Covid has changed the way we use the Internet at home

A recent article in the NY Times, highlighted the fact that we have moved away from our phones as the primary mode of interacting with content on the internet, as we sheltered at home.  In addition, there has been a huge increase in the use of video chat, including Zoom, Google Classroom and Microsoft Teams, as we look at ways to perform the face to face interactions that we took for granted, in our day to day lives and work environments.

Working from home has changed many company’s employee interactions with high reliance on the tools that allow them to do their jobs, while still being home to take care of children who are also remotely learning.   As a Managed Service Provider, we have been hard pressed to assist our clients in expanding the availability of remote access to critical software tools, stuck at their corporate offices and co-location facilities.   Companies that readily integrated cloud services, such as Office 365, Google Suite and Egnyte have fared better and been more easily able to transition to this difficult, distributed work force.

If your company has not thought about how they are going to support their home-workers, it is a good time to evaluate the services of a good Managed Service Provider that can help you create a strategic plan to provide services, maintain and support your remote teams.   The home environment adds other security issues as well, with unknown firewalls, wifi and IOT devices with potential access to your company’s data.

If your company is in search of good advice, we’re here to help in the San Francisco Bay Area as well as the Anchorage Metro.

secure data center

Zero-Day vulnerability in iTunes and iCloud Apps on Windows PCs allowed ransomware to be installed

A vulnerability in the Bonjour component in both iTunes and iCloud for Windows was exploited to install malicious applications.  Apple has released a patch update for iTunes 12.10.1 and iCloud 7.14, so PC users should check that they have both updates installed.

The worst part of this issue is that no anti-virus will catch it since the actions being done, were being done by a signed Apple application, and therefore flagged as ok.   In addition, uninstalling via the iTunes uninstaller doesn’t automatically remove Bonjour, leaving your PC vulnerable even if you have uninstalled the application.

The primary vehicle for the ransomware exploit is called BitPaymer.

This is a good reminder that updating third-party applications is a critical component of a broad based security posture.

 

 

Windows 7 end of support January 20th, 2020

Yes, another article on the end of support for Windows 7.

We’re now in June, and there is limited time to plan your workstation upgrades and work with your software vendors to upgrade your servers to 2016 or 2019 server.

Workstation Roll outs:  If your business is still running Windows 7, now, really, now is the time to start placing those orders for new equipment.

The old way was to have your own image, to write over the OEM image on the new desktop or laptop.

  • 10-30 users – just plan on manual deployment
  • 30-500 users, and an Office 365 Azure Active Directory Premium customer- you might benefit from Microsoft Autopilot.
    • Cloud based
    • Zero Touch
      • After profile configuration
    • Direct shipment from Manufacture (Acer, Dell, HP, Lenovo, Panasonic, Microsoft Surface and Toshiba)

What Microsoft has done, it really cool and helps companies simplify the roll-out of new devices, no matter what network they connect to.

You have granular control of what the end user sees when they first logon to the device.

  • End-user license agreement (EULA): (Windows 10, version 1709 or later) Choose if you want to show the EULA to users.
  • Privacy settings: Choose if you want to show privacy settings to users.
  • Hide change account options (requires Windows 10, version 1809 or later)
  • User account type: Choose the user’s account type (Administrator or Standard user).
  • Allow White Glove OOBE
  • Apply device name template: Choose Yes to create a template to use when naming a device during enrollment. Names must be 15 characters or less, and can have letters, numbers, and hyphens. Names can’t be all numbers. Use the %SERIAL% macro to add a hardware-specific serial number. Or, use the %RAND:x% macro to add a random string of numbers, where x equals the number of digits to add.
  • Language (Region)*: Choose the language to use for the device. This option is only available if you chose Self-deploying for Deployment mode.
  • Automatically configure keyboard*: If a Language (Region) is selected, choose Yes to skip the keyboard selection page. This option is only available if you chose Self-deploying for Deployment mode.

So, if you are a corporate customer, with Office 365  work with your solution provider to add Office 365 Azure Active Directory Premium services to simplify your Windows 10 deployment options.