Jan 14, 2019 | General
Many companies are using internet devices as part of their daily operations. But as with everything connected to the internet, there are privacy and security risks that need to be taken into consideration. The average cost of a data breach in Canada is $6.11 million. When it comes to protecting devices, using a virtual private network (VPN) and endpoint security can make a big difference.
Source: Payments Cards & Mobile
What is a VPN?
VPNs are secure tunnels that encrypt and protect your internet connections across public and private networks. For corporate users, VPNs allow remote employees to connect to their workplace networks.
VPNs are easy to use. It’s as simple as launching an app and logging in to connect to the VPN server. Some firewalls, like our Secure IT – Firewall, can include VPN capabilities.
How Do VPNs Protect Me?
Protect your connection: Without a VPN, your internet connection remains open and insecure. This can be especially dangerous for those using public WiFi networks, where most hotspots are not secured. Using a VPN will reduce your risk of having your data stolen or being attacked. Even if cyber criminals intercept your data, they won’t be able to access it easily because it’s encrypted.
Protect your privacy: When you access a website online, your internet service provider receives the requests and directs you to the web page. When this happens, your computer transmits data such as your IP address and your browsing history. This information can be transferred to advertisers or bad actors who can gain information about your internet behaviour and where you are located. With a VPN, your data is encrypted before you are connected to the desired web page. As a result, your data is protected from prying eyes.
Protect your productivity: Using a VPN will help your employees feel more secure and help your clients feel more confident when keeping their data. As mentioned earlier, employees traveling or working remotely can still have access to the workplace network via VPN. This makes it easier for employees to continue their work without interruptions even if they’re out of office.
What is Endpoint Security?
Endpoint security typically consists of using security software, such as anti virus and desktop firewalls, to secure devices and servers accessing the enterprise network. Managed endpoint security, like our Secure IT – Endpoint, also includes security experts that monitor for and respond to threats within your endpoints.
How Does Endpoint Security Protect Me?
Protect your devices: Every device or server you use to connect to the internet is an endpoint. Endpoints also serve as entry points that are targeted by bad actors trying to access your network. With endpoint security, your devices are protected even when you’re not connected to the internet.
Protect your data: Without the added layers of endpoint security, your endpoints remain vulnerable to threats and bad actors. Endpoints help block access attempts to help hack your data. Furthermore, some endpoint security solutions include data loss prevention to protect sensitive files from leaving your environment.
Protect against threats: Endpoint protection features many security capabilities in one suite. These security technologies help secure it against a wide variety of threats. For example, our Secure IT – Endpoint features SIEM integration that uses behavioural analytics to determine if a threat is taking place at your endpoints. These added features layer more security within your endpoints to protect against sophisticated malware and zero-day threats.
Jan 14, 2019 | General
GandCrab Ransomware
Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files.
Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to spread a relatively new infostealer called Vidar, which doubled as a downloader for GandCrab.
Using a rogue advertising domain, the threat actor triaged by geolocation the visitors of the compromised websites and redirected them to an exploit kit (EK).
Source: BleepingComputer
How do you protect yourself?
Proper security measures must be in place to defend against GandCrab ransomware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2018-19718
Adobe has released a security update for Adobe Connect. This update resolves an important session token exposure vulnerability. This update affects Adobe Connect versions 9.8.1 and earlier.
Source: Adobe
How do you protect yourself?
Adobe recommends users update their software installation to the newest version.
CryptoMix Ransomware
An old family of ransomware has returned with a new campaign which uses information about children stolen from crowdfunding websites and claims that payments made in exchange for unlocking encrypted files will be donated to good causes.
However, researchers at cyber security firm Coveware have uncovered a new CryptoMix campaign that looks to make up for its lack of notoriety with this unpleasant new trick.
This ransomware attack begins, like many others, with brute force attacks targeting weak passwords on RDP ports. Once inside the network, the attackers harvest the admin credentials required to move across the network before encrypting servers and wiping back-ups.
Victims are then presented with a ransom note that tells them to send an email to the ransomware distributors, who also warn victims not to use any security software against CryptoMix, with the attackers claiming that this could permanently damage the system (a common tactic used by attackers to dissuade victims from using security software to restore their computer).
Source: ZDNet
How do you protect yourself?
Proper security measures must be in place to defend against CryptoMix ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Jan 7, 2019 | Press Release
Toronto, January 7, 2019 – Jolera Inc., a leading multi-national technology hybrid aggregate service provider (HASP), is pleased to announce the appointment of Chris Black to the role of Chief Revenue Officer (CRO). As the former president of Graycon I.T. and VP of I.T. Services at Ricoh, Black brings extensive knowledge and experience as a leader in sales and technology. In his new role as CRO, Black will work to continue driving growth and development for Jolera in local and international markets.
“To continue our mission of disrupting the traditional technology landscape and supply chain, Jolera needs the best people and leaders we can find,” said Alex Shan, CEO of Jolera Inc. “Chris will add a dynamic to the team that we have been lacking. I look forward to working closely with Chris to usher in the next evolution of the Jolera HASP revolution.”
Throughout his more than 10 years with Graycon I.T. and Ricoh, Black has been instrumental in advancing their sales and leading their growth and acquisition initiatives. He has built and led national go-to-market sales organization consisting of inside sales, business development and account management.
“As a HASP, Jolera has been able to bring innovative solutions to the market. But it’s not just about what they do, it’s how they do it that gets me jazzed,” said Chris. “This is an exciting time to join the company. I look forward to working with Jolera and taking the message of HASP to the masses.”
—
Jolera Inc. is a multinational technology hybrid aggregate service provider (HASP) focused on delivering IT solutions for its customers and channel partners. Jolera’s core services include customized technology solutions, IT assessments and strategic plans, IT device & infrastructure management, data backup and recovery solutions, cloud and on-premise migrations, enterprise-grade security services and 24/7/365 quad-lingual end-user support services. With a growing staff of over 200 technical service delivery people, Jolera’s team designs and delivers technology systems encompassing the following traits – effectiveness, competitiveness, scalability and value.
Jan 7, 2019 | Blog, General, Security Bulletin
Password security is important but not everyone has good password habits. In a global survey, 75% of employees admitted to reusing passwords across their personal and work accounts. This is problematic and can put organizations at risk. One of the ways people solve this problem is by using password managers. But are password managers safe?
Source: Ovum
What is a Password Manager?
Password managers are programs that store and manage your passwords across all your accounts. Password managers store your passwords in an encrypted database that can only be accessed through a master password.
What are the benefits?
Convenience: Password managers make accessing your accounts easier because you only need to remember the master password. This eliminates the headache of having to remember several different passwords for each of your accounts.
Secure passwords: Password managers can generate random, unique passwords for each of your accounts, removing the effort needed to come up with a different password each time. This is done through encryption algorithms that use a combination of symbols, numbers and upper and lowercase letters. As a result, your passwords are harder to guess, which makes them more secure.
Easy to use: Password managers can lead to a seamless user experience. Some managers can autofill your credentials, meaning they can recognize the URL of a website and enter the corresponding credentials automatically. This can help prevent you from entering your credentials into a fake website.
What Are the Risks?
They’re targets: Although password manager databases are encrypted, they are still vulnerable. Due to the important information they house, they are prime targets for hackers. Password manager Blur recently disclosed a breach that exposed information of 2.4 million users, including their encrypted Blur passwords.
Putting your eggs in one basket: When you use a password manager, you are relying on one program to house access to all your accounts. This means that if your password manager gets hacked, all your passwords are exposed. Similarly, forgetting your master password means losing access to all your passwords.
Autofill: Most password managers use autofill to make it easier for users to log in. The downside of autofill is that it remains a big security risk. Research has found that saved information can be accessed through invisible log in forms that trick your browser into filling your personal information.
Do I Need a Password Manager?
Overall, password managers are considered to be more secure than storing your passwords in a computer file or writing them down. Unlike browser-based password storage, password managers are encrypted, making it harder for outside parties to view your credentials. If you decide to use a password manager, you need to make sure you understand the pros and the cons.
Make sure you do your research when deciding on using a password manager. Some highly recommended password managers are KeePass, 1Password, and Dashlane.
When it comes to security, you should not just be relying on a password manager to keep your accounts safe. It’s still important to use multi-factor authentication and a blend of threat defence techniques (such as email and firewall security solutions) to protect against malware.
Jan 7, 2019 | Blog, General, Security Threats
Mirai Malware
Trend Micro noted that the threat, which was first identified in early December, takes advantage of an exploit in the ThinkPHP programming framework. The remote code execution (RCE) vulnerability allows threat actors to infect machines based on the Linux operating system and execute Miori, which then generates a notification on the victim’s console.
Once attackers verify that a system has been infected through their command-and-control (C&C) server, they utilize the Telnet protocol and take advantage of weak or commonly used passwords to conduct brute-force attacks on other IP addresses.
Source: SecurityIntelligence
How do you protect yourself?
Proper security measures must be in place to defend against Mirai malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2018-16011
Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Source: Adobe
How do you protect yourself?
Adobe recommends users update their software installations to the latest versions.
EternalBlue Exploit
The latest version of NRSMiner has been spotted in recent attacks across Asia which are compromising systems which have not been patched against the well-known EternalBlue exploit.
According to cybersecurity researchers from F-Secure, unpatched machines in Asia — centered in Vietnam — are being infected with the latest version of NRSMiner, malware designed to steal computing resources in order to mine for cryptocurrency.
The new version of the malware relies on the EternalBlue exploit to spread through local networks.
EternalBlue is an SMBv1 (Server Message Block 1.0) exploit which is able to trigger remote code execution (RCE) attacks via vulnerable Windows Server Message Block (SMB) file-sharing services. The security flaw responsible for the attack, CVE-2017-0144, was patched by Microsoft in March 2017 and yet many systems have still not been updated and remain vulnerable to attack.
Source: ZDNet
How do you protect yourself?
Proper security measures must be in place to defend against EternalBlue exploit and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Dec 31, 2018 | Blog, General, Security Bulletin
2018 was a big year in security. New privacy laws were implemented (GDPR in Europe and PIPEDA in Canada) and 2018 had the second greatest number of reported data breaches in a year since 2005. Some of the major data breaches that happened this year include those that affected airline Cathay Pacific, Marriott hotels and Facebook.
With 2019 coming up, many organizations will be looking to see how they can take their security to the next level. To help your organization get cyber ready for the new year, here are 7 security resolutions for 2019.
Source: Cisco
7 Security New Year’s Resolutions
1. Manage local admin passwords: Local administrative accounts are privileged accounts that allow access across your network. These accounts often have easy-to-guess, default passwords that are the same across all the machines in your network This means that if a hacker is able to get hold of your local admin account, they can move freely across your network. In order to protect yourself, you need to either disable these accounts or make each local admin password unique. If you haven’t already done this, now’s a good time to start.
2. Adjust your social media privacy settings: Social media has become an integral for businesses to market themselves and reach out to their customers. However, social media can lead to great security risks. It’s important for businesses to adjust their security settings on their social media accounts. Limit access to your accounts and disable auto location tracking. You should be in control of your social media accounts, not the other way around.
3. Secure remote devices: Working remotely helps business productivity but it is also a security risk. Research has found that a third of cyber attacks are a result of unsecure remote working. Businesses need to ensure that employees are taking the proper precautions when they are working remotely. All remote devices should include endpoint security with anti-virus and firewalls. The new year might be a good time to re-evaluate your BYOD and remote working policies.
4. Implement Zero Trust security model: “Never trust; always verify” is the motto of a Zero Trust model. This means that nothing in your network (including users, devices, servers, etc.) should be trusted until you can verify its identity. Implementing Zero Trust requires a shift in how your organization thinks about security. Start by assessing your devices and data and adjust your security controls appropriately.
5. Limit privilege access: According to Forrester, 80% of security breaches involve privileged credentials. Limiting your local admin privileges is important, and one way to do this is to use least privilege access. Least privilege is the practice of restricting access rights for users and accounts. Make sure that you are limiting access to only those who need it.
6. Use a comprehensive prevention system: Hackers will be looking for any weak spots to exploit your vulnerabilities. It’s important to be one step ahead by protecting every layer of your organization. This includes using advanced security technology, like a SIEM system, to monitor your environment for threats.
7. Boost your security culture: 95% of organizations say their current cybersecurity environments are far from the ones that they would like to have. The new year is often a time for fresh starts, so why not improve your cybersecurity culture? Start the new year by educating your employees with cyber awareness training or with a cybersecurity assessment from our Consult IT team. It’s never too late to start protecting your organization.
Dec 31, 2018 | Blog, General, Security Threats
Siren Bot
Researchers identified a new DoS bot family named Siren that uses 10 different DoS methods to carry out attacks.
The bot is capable of carrying out HTTP, HTTPS, and UDP flooding on any web server location as instructed by the command-and-control (C&C) server, according to a Dec. 21 blog post.
Siren is also capable of downloading and executing a payload from the URL given by the C&C server, updating, deleting itself using the cmd process, and uninstalling itself using the same process.
Source: SC Media
How do you protect yourself?
Proper security measures must be in place to defend against Siren bot and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2018-7800
Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system. Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier).
Source: ThreatPost
How do you protect yourself?
The vulnerability is fixed in the latest EVlink Charging Station software updates.
JungleSec Ransomware
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.
When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.
IPMI is a management interface built into server motherboards or installed as an add-on card that allow administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives you remote console access.
This is extremely useful for managing servers, especially when renting servers from another company at a remote collocation center. If the IPMI interface is not properly configured, though, it could allow attackers to remotely connect to and take control of your servers using default credentials.
Source: BleepingComputer
How do you protect yourself?
Proper security measures must be in place to defend against JungleSec ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Dec 27, 2018 | Blog, General, Security Bulletin
According to a new report, nearly one in four employees are unaware of common cyber threats like ransomware and phishing. This is alarming, as these types of cyber threats affect businesses of all sizes everyday.
Take the recent BEC scam that hit American non-profit Save the Children as an example. A hacker managed to compromise an employee account and use it to send fake invoices that scammed the charity of almost $1 million.
Stories like this highlight the importance of cyber awareness training. If employees are not equipped with the knowledge to operate safely online, how can your business stay protected? Technology alone cannot prevent your employees from falling for social engineering tactics. Your employees need to fill the security gaps within your organization and act as a human firewall.
Source: ISACA
Avoid These 5 Security Awareness Mistakes
Cyber awareness training is important for your organization and can help protect you in the long run. But if training is not implemented properly, your organization won’t see any change. When considering cyber awareness training, consider the following pitfalls.
1. Training is only a one-time event: So, you’ve already implemented cybersecurity awareness training. But just because you did it once, doesn’t mean that you automatically have cyber aware staff. Employees can forget what they’ve learned, or new information can be released that you’re missing out on. You should consider training your employees at least once every quarter. It’s important to keep the information fresh in their minds so that they can apply it to their everyday work.
2. Failing to include security training during onboarding: Onboarding a new employee often focuses on acquainting your new hire with their role and about the company. While all of this is important, so is educating them about security. Include a review of your company’s security and BYOD policy when you train your new employees. This will show new hires that security is important to your organization and get them to think mindfully about security from the start.
3. Training doesn’t align with your objectives/goals: It’s hard to encourage your employees to get behind awareness training if there is no clear objective. Think about why you are implementing this training. What are the weak points within your organization? How will training address these issues to your employees? Security awareness training should compliment your IT/security goals. Be upfront with your employees about the training and explain what you expect from them.
4. Employees are not tested: You can’t measure the impact of your training if you are not testing your employees. You should test your employees before and after training to see if there are any improvements. The objective of training your employees is to change their behaviour towards security and your tests should reflect that. Having your employees apply what they’ve learned by using a phishing test will give you a better idea on their improvement than simply testing their knowledge.
5. Failing to remind employees of their learning: Security awareness should be a continuous learning process. This change cannot happen overnight. In order for your employees to retain what they’ve learned, they need to be refreshed with the content. Send out weekly newsletters on the latest threats to keep your employees informed of the threat landscape. Remind them of your security policies and best practices.
At Jolera, we offer a comprehensive cyber awareness training course for employees. We cover a wider variety of topics related to the threat landscape and provide posters and a training portal for your organization to access. Contact us today to learn more about Secure IT – Training.
Dec 27, 2018 | Blog, General, Security Threats
ThreadKit Malware
In the recently released report, Fidelis threat research analysts found that despite reported arrests, Cobalt Group continues to remain active, using a new version of ThreadKit, a macro delivery framework sold and used by numerous actors and groups. In addition, researchers identified CobInt, a loader and backdoor framework utilized in profiling systems.
The threat group had largely been targeting banks in Eastern Europe using phishing emails with malicious PDF attachments that allowed the group to steal more than $32,000 from multiple ATMs in an overnight attack.
Prior to Interpol reportedly arresting the group’s leader in March 2018, it was estimated that the threat actors had pilfered as much as $1.2 billion from banks across 40 different countries.
Source: Infosecurity Magazine
How do you protect yourself?
Proper security measures must be in place to defend against ThreadKit malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2018-20299
A recently discovered security vulnerability affects both the Bosch Smart Home 360° indoor as well as the Eyes outdoor cameras. It potentially allows the unauthorized execution of code on the device via the network interface.
The vulnerability can be used to remotely execute code on the device (RCE). This would enable a potential attacker, for example, to bypass access restrictions (e.g. username / password) or to reactivate disabled features (e.g. telnet). A necessary prerequisite for this attack is the network access to the webserver (HTTP / HTTPS) of the device. Despite its high rating, possible attacks are considered incapable of accessing private keys if they are stored on the devices’ Trusted Platform Module (TPM). An affected camera can be restored to its original state by the factory reset button.
Source: Bosch
How do you protect yourself?
The recommended approach is to update the firmware of all Bosch Smart Home cameras to a fixed version, that is, 6.52.4 or higher. Updated firmware files are available and offered to all customers via the existing update mechanism in the Bosch Smart Home camera app.
Zebrocy Trojan
The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language.
The similarities between the new payload and previous Zebrocy variants start with the fact that the versions share the same command-and-control (C2) URL, according to an analysis from Palo Alto’s Unit 42 group. Beyond that, additional overlaps include the fact that it does initial data collection on the compromised system, exfiltrates this information to the C2 server and attempts to download, install and execute an additional payload from the C2.
Source: Threatpost
How do you protect yourself?
Proper security measures must be in place to defend against Zebrocy Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Dec 21, 2018 | General
Thank You
We wish you a wonderful holiday season and happy new year. Thank you for partnering with us in 2018. As the year comes to an end, we want to take a moment to appreciate the past year. We had some incredible moments and can’t wait to see what 2019 will bring. Here are a few of our highlights this year.
This certification indicates that the controls and procedures we use in our operations meet industry best practices.
We created more ways to secure and backup your business operations. Featuring WiFi, Office 365, mail archiving and cloud and hybrid backups.
Read our articles in Financial Post’s online innovation section and spot us in newspaper copies of the National Post.
As part of our commitment to the channel, Paolo Del Nibletto oversees our channel partner development programs and strategy in this new role.
We want to ensure you have the necessary information on our products to make the right IT decisions for your business.
We updated our website with a fresh clean look. We also launched our training portal with courses about cybersecurity, information technology and more.
Our 2018 Support Statistics
Looking Forward
Thanks for being with us in 2018. We have a lot of exciting things planned for next year. Here are some of the things we have in store for the coming year in 2019.
We are proud to employ and serve Canadians, which is why we are excited to announce that we will be opening a new office out west.
This enhanced support bundle includes 24/7/365 professional software and hardware support, a fully managed infrastructure and a secure backup solution.
Secure IT – WiFi is a secure wireless solution with 24/7 security event management. Look out for new advancements to our WiFi offering.
To further improve our reports, we will be providing our clients with more information to help them gain better insights into their environment.
Secure IT – Mail is our comprehensive suite of security, backup, management and marketing solutions for Office 365. New features will be added soon.
We will be debuting a new video series where we will discuss various topics in security, technology and corporate culture. Stay tuned for more information.
