IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Social Media Phishing Attack

    Social media has changed how the world interacts with each other in so many ways, such as closer interaction between businesses and their customers, law enforcement alerts, and more.  Creators of public content that want any real degree of reach involves social media in their business and marketing plan somehow, including many requiring logging in through social media to view content.

    There are many methods to ensure that a login prompt is legit, but a new phishing technique

Vulnerability So Old it Could Vote

     This past week, a vulnerability has been found in the WinRAR archive extraction software that has existed for almost 19 years. It was discovered by researchers at Check Point Software Technologies. The exploit allows for a path traversal which leads to remote code execution anywhere on the system. This issue stems from a third party dll, unacev2.dll, that is used to handle the .ace archive type.

Container Escape

    Over the years there has been a fundamental shift in evolving software development practices. In the past it was typical to build and maintain large monolithic code bases and run it on large servers, individual virtual machines, or even bare metal. Now, like many of us know already, many applications are being packaged as small services, loosely coupled together into what is called microservices architecture across a smaller group of distributed commodity hardware.

"Catastrophic” hack on VFEmail destroys almost two decades of data

!!!ALERT!!!! Update Feb 11 2019
www.vfemail.net and mail.vfemail.net are currently unavailable in their prior form.
We have suffered catastrophic destruction at the hands of a hacker, last seen as [email protected]
This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.


Main points:

More about Windows Sandbox

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

Ransomware Attack Via MSP Locks Customers Out of Systems

Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.

An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP.

Googlle Store Has Vanity Apps Opens Users Up To Attack

    Some people like to look their best and sometimes reality just isn’t enough. With the addition of an altered reality landscape we can add and modify our worlds and ourselves through the lens of our phones. There are apps that can access your phone’s camera, detect your facial position, add features, correct color imbalances, enhance traits that we find desirable, and can remove elements that aren't so desirable. 

Shortcut to Fear

     Siri sets alarms, calls your mother, and finds you that piece of trivia that’s been itching in your brain for the past week. Siri helps people manage their electronic fears and control their digital world in a human way. So when Siri Shortcuts came along with iOS 12, I’m sure many people were elated at the thought of automating their daily ritual and streamlining repeated complex tasks. 

Pages

Subscribe to RSS - Jay Ferron's blog