IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

WordPress Pressed into Service

    Researchers at Defiant Threat Intelligence Team have identified a brute force attack campaign on WordPress sites. There have been four command and control (C2) servers identified, over 14,000 proxy servers from best-proxies.ru, and over 20,000 infected WordPress sites. The attacks make XML-RPC authentication attempts against accounts. XML-RPC authentication is used for network services that require security but do not require callers to identify themselves.

Free Ebook Azure in a month of Lunches

To help developers build and run their applications, services and integrate upcoming technologies, Microsoft has released an eBook – Learn Azure in a Month of Lunches. The eBook offers great insights into entry into cloud administration. Besides, it also gives a high-level explanation of each concept and common implementations. It breaks down the most important Azure concepts into bite-sized lessons. Using this you will be able to learn how to:

Get Started with Azure

Phishing for 2FA

    Cybersecurity professionals have known for a long time that passwords alone are not secure enough. Two-factor Authentication (2FA) has become an increasingly common way to add another layer of security. But like anything else in the security world, it is not infallible. This week Amnesty International reported that hacker groups are targeting the email accounts of journalists and human rights activists from the Middle East and North Africa.

Lojax UEFI Rootkit

    Unified Extensible Firmware Interface (UEFI) rootkits gained quite a bit of attention in the security community over the years with a considerable amount of research going into the topic. However, there’s been limited practical use of this malware type in the wild until the discovery of LoJax. Researchers at ESET associate this new malware with the Sednit group, also known as Fancy Bear, and thoroughly discussed it at the 35C3 conference in Germany late last month.

CryptoMix Misdirection

    The group behind the CryptoMix malware have changed tactics once again. The bad actors in this case brute force a login through RDP, and then encrypt the data on your computer while attempting to identify and remove any local backups available. With a successful attack, there’s no way to regain your data without the decryption key or through an off-network backup of the system.

Hacker Exposes Another Zero-Day Exploit

    A hacker called SandboxEscaper disclosed an unpatched zero-day exploit affecting the Windows® operating system. This is the third zero-day exploit SandboxEscaper has disclosed in the last six months. The first exploit was a privilege escalation vulnerability taking advantage of the Advanced Local Procedure Call. SandboxEscaper also released a proof-of-concept (PoC) confirming that the first exploit worked on a fully-patched 64-bit version of Windows 10.

Gas and Oil Industry More Vulnerable to Malware then Ever Before

    Oil and gas companies within the Middle East and Russia have once again been targeted and attacked by various strains of malware. One of the strains appears to be the third version of the Shamoon worm that ran rampant in 2016, and the other one is known as Seedworm, named after the cyber espionage group that created it.

Logitech Leaves Keystroke Injection Flaw Unaddressed for Months.

    Three months ago, security researcher Travis Ormandy from Google Project Zero detailed a significant flaw of which Logitech has finally released a patch. In his September 18th meeting the engineers at Logitech gave the impression that they understood the problem and had a fix in mind and were ready to roll out a patch immediately.

Holiday Gift from Microsoft Introducing Windows Sandbox!

If you every attended any of my security talks i talk about the risks of surfacing the web or installing software you not sure of... Well Microsoft gave us a gift this week on the windows 10 Beta Build 18305 they have introduced an great new feature Windows Sandbox !

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

Pages

Subscribe to RSS - Jay Ferron's blog