Seated side by side at the year's first SMB TechFest event, your hosts Erick Simpson and Rich Freeman discuss Continuum buying BrightGauge, building a brand for your business, and the latest truck accident resulting in a giant spill of liquid chocolate.
Erick and Rich dive into why Chargifi's alliance with Belkin spells opportunity for channel pros, joining the board of a local non-profit is time well spent, and asparagus may be even better than crystal balls and tarot cards at predicting the future.
With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.
Researchers at Defiant Threat Intelligence Team have identified a brute force attack campaign on WordPress sites. There have been four command and control (C2) servers identified, over 14,000 proxy servers from best-proxies.ru, and over 20,000 infected WordPress sites. The attacks make XML-RPC authentication attempts against accounts. XML-RPC authentication is used for network services that require security but do not require callers to identify themselves.
To help developers build and run their applications, services and integrate upcoming technologies, Microsoft has released an eBook – Learn Azure in a Month of Lunches. The eBook offers great insights into entry into cloud administration. Besides, it also gives a high-level explanation of each concept and common implementations. It breaks down the most important Azure concepts into bite-sized lessons. Using this you will be able to learn how to:
Cybersecurity professionals have known for a long time that passwords alone are not secure enough. Two-factor Authentication (2FA) has become an increasingly common way to add another layer of security. But like anything else in the security world, it is not infallible. This week Amnesty International reported that hacker groups are targeting the email accounts of journalists and human rights activists from the Middle East and North Africa.
Unified Extensible Firmware Interface (UEFI) rootkits gained quite a bit of attention in the security community over the years with a considerable amount of research going into the topic. However, there’s been limited practical use of this malware type in the wild until the discovery of LoJax. Researchers at ESET associate this new malware with the Sednit group, also known as Fancy Bear, and thoroughly discussed it at the 35C3 conference in Germany late last month.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve.
The group behind the CryptoMix malware have changed tactics once again. The bad actors in this case brute force a login through RDP, and then encrypt the data on your computer while attempting to identify and remove any local backups available. With a successful attack, there’s no way to regain your data without the decryption key or through an off-network backup of the system.
A hacker called SandboxEscaper disclosed an unpatched zero-day exploit affecting the Windows® operating system. This is the third zero-day exploit SandboxEscaper has disclosed in the last six months. The first exploit was a privilege escalation vulnerability taking advantage of the Advanced Local Procedure Call. SandboxEscaper also released a proof-of-concept (PoC) confirming that the first exploit worked on a fully-patched 64-bit version of Windows 10.
Oil and gas companies within the Middle East and Russia have once again been targeted and attacked by various strains of malware. One of the strains appears to be the third version of the Shamoon worm that ran rampant in 2016, and the other one is known as Seedworm, named after the cyber espionage group that created it.
Three months ago, security researcher Travis Ormandy from Google Project Zero detailed a significant flaw of which Logitech has finally released a patch. In his September 18th meeting the engineers at Logitech gave the impression that they understood the problem and had a fix in mind and were ready to roll out a patch immediately.
If you every attended any of my security talks i talk about the risks of surfacing the web or installing software you not sure of... Well Microsoft gave us a gift this week on the windows 10 Beta Build 18305they have introduced an great new feature Windows Sandbox !
Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.