Tag Archives: Technology

Posted on Author Atlantic Computer Services Categories Blog

Staying Up To Date On Software Patches Is Critical

Google’s Project Zero security team has an impressive track record when it comes to chasing down and addressing the most critical security flaws found. They’re tireless in their work, which has saved untold billions of dollars and hampered the efforts of hackers all over the world.

The team has gathered some rather shocking statistics, however, including this eye-opener:

Based on their research, fully one fourth of the Zero-day exploits being discovered in use in the wild could have been avoided entirely if vendors and IT admins had properly patched their products.

Over the course of 2020, the team detected a total of 24 zero-day exploits. Six of these were variations on a theme; vulnerabilities disclosed in prior years, where hackers had access to older bug reports and had plenty of time to study older issues, making a few simple tweaks and winding up with a brand new zero-day exploit.

For instance, CVE-2020-0674, which is a Zero-Day Internet Explorer flaw is a variant that combines elements of CVE-2018-8653, CVE-2019-1367, and CVE-20191429.

In a similar vein, the devastating Google Chrome flaw tracked as CVE-2020-6572 is a variant that combines elements of CVE-2019-5870 and CVE-2019-13695. The Apple Safari zero-day issue tracked as CVE-2020-27930 is virtually identical to the one discovered back in 2015 and tracked as CVE-2015-0093.

On the one hand, this news is rather depressing as it seems that many in the IT security profession seem to be making things harder on themselves than they need to be. On the other hand, as Maddie Stone, a member of the Project Zero team observed, these kinds of insights are the exact reason the team was formed to begin with.

By studiously identifying and shutting down the most glaring and serious flaws and gathering statistics and data on them, the hope is to make them increasingly harder for hackers around the world to take advantage of in years to come. So far, that approach seems to be working. Kudos to Google and the Zero Day team.

0
Posted on Author Atlantic Computer Services Categories Blog

Companies Spending More On Tech Services Due To Remote Work

The Coupa Business Spend Index (BSI) has been volatile over the past several months as the pandemic shredded business confidence and sent budgets into a downward spiral. Some business spending has barely been touched at all, and has even increased.

It’s true that the nature of the spending has changed. Spending on travel has pretty well dried up.

However, companies all across the nation have made a significant investment in technology to allow employees to work from home, and make their working from home faster and more efficient. This has caused tech spending to be surprisingly robust, and as tracked by Coupa, now stands at 82.8, which is slightly higher than it was last quarter.

The biggest declining sectors according to the company’s data have been hospitality, office supplies, telecommunications, maintenance, and consultancy. The spending sectors seeing the biggest increases are technology and shipping and freight.

The company noted the following in the report that accompanied their most recently released data:

Going forward, the greatest risk to the US economy is a resurgence of coronavirus cases impacting operations, employment, and demand. As demand falters, many large companies will/are running out of cash. Twenty-one major retail brands have already filed for bankruptcy. Companies in other hard-hit sectors such as travel may not be far behind. Finally, other factors negatively impacting the US economy include falling oil prices as well as the reduced international trade.”

At this point, it’s simply too soon to say which way the proverbial wind is blowing. It may prove to be the case that the areas where spending growth is increasing are enough to offset the other areas where spending is in sharp decline. If that is the case, then we may yet escape the pandemic without too much economic damage. If the reverse holds true though, all bets are off.

0
Posted on Author Atlantic Computer Services Categories Blog

Major University In California Pays Large Ransom After Ransomware Attack

The University of San Francisco (UCSF) is the latest organization to fall victim to hackers, running afoul of a group utilizing the Netwalker ransomware strain.

UCSF is a research university whose recent efforts have been focused on health sciences generally and COVID-19-related research specifically. On June 3rd, 2020, Netwalker published a notice on a site they use for data leaks.

It stated they had successfully breached the UCSF network, publishing a sample of the files stolen during their attack. The sample included a number of student applications, complete with social security numbers, and screen shots of folder listings that appeared to contain financial information, medical studies, university employee information and the like. Later the same day that the post and samples appeared on the Netwalker leak site, UCSF confirmed the attack.

Their formal statement on the matter reads in part, as follows:

“As we disclosed on June 3, UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment on June 1.

We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work.

The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

It’s a staggering sum that underscores just how serious these kinds of attacks can be. Worse, over the last several months, UCSF is the third university to be successfully attacked. With months to go in 2020, they will almost certainly not be the last.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Changing Their Physical Retail Stores And Flagship Locations

Eleven years ago, Microsoft embarked on a bold experiment to emulate Apple. They opened a number of brick and mortar retail stores. Unfortunately, their stores never caught on quite the same way that the Apple Store did, and the rise of the global pandemic only made matters worse for the tech giant. In light of these facts, on June 26, 2020, the company announced that they would be closing the vast majority of their physical stores.

They’re only keeping a handful, such as their flagship locations in London, New York, Sydney and Redmond. Those few that remain will be “re-imagined” per the company’s announcement as ‘experience centers.’ The company provided no additional details about exactly what that meant.

In tandem with the announcement, the company said that they will continue to employ retail salespeople. However, those that remain will be focused on sales, training and support for consumers, small business and enterprise customers. This builds on a move that the company had already begun making in response to the threat of Covid-19, which saw them deploy their existing retail sales force to provide remote training.

In terms of how this move impacts the company’s bottom line, Microsoft says that the closing of the bulk of their physical locations will result in a pre-tax charge of approximately $450 million, which works out to about $0.05 per share. This charge will be recorded in the current quarter which ends on June 30th, 2020.

In a recent update to the initial announcement, the company added that all employees will have the opportunity to stay with Microsoft in one capacity or another. So the company is not expecting to announce any layoffs as a consequence of this decision.

Given that Microsoft’s stores never had the effect the company wanted or expected out of them, combined with the ongoing difficulties presented by the pandemic, this move can’t be seen as much of a surprise. Kudos to Microsoft for keeping their staff employed and transitioning them to other roles.

0
Posted on Author Atlantic Computer Services Categories Blog

Internet Based Devices May Have Issues Following SSL Certificate Expiration

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku’s support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company’s website and following the instructions posted there.

Since Roku’s announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researcher Scott Helme had this to say about the issue:

This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that I’ve been expecting for some time.”

We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted web really started up and that’s the lifetime of a Root CA certificate. This will catch some organizations off guard in a bit way.”

Heme notes that the next potentially significant date will be 20th September, 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

0
1 5 6 7 8 9 10