WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.

The campaign has been caught and reported by WordPress security experts at Wordfence and PatchStack, who published alerts on their sites to raise awareness.

Fake WordPress update

The emails pretend to be from WordPress, warning that a new critical remote code execution (RCE) flaw in the platform was detected on the admin’s site, urging them to download and install a plugin that allegedly addresses the security issue.

Phishing email impersonating a WordPress security advisory

Clicking on the email’s ‘Download Plugin’ button takes the victim to a fake landing page at ‘en-gb-wordpress[.]org’ that looks identical to the legitimate ‘wordpress.com’ site.

Fake WordPress landing page

The entry for the fake plugin shows a likely inflated download count of 500,000, along with multiple phony user reviews elaborating on how the patch restored their compromised site and helped them thwart hacker attacks.

The vast majority of the user reviews are five-star reviews, but four-, three-, and one-star reviews are thrown in to make it appear more realistic.

Fake user reviews

Upon installation, the plugin creates a hidden admin user named ‘wpsecuritypatch’ and sends information about the victim to the attackers’ command and control server (C2) at ‘wpgate[.]zip.’

Next, the plugin downloads a base64-encoded backdoor payload from the C2 and saves it as ‘wp-autoload.php’ in the website’s webroot.

The backdoor features file management capabilities, a SQL client, a PHP console, and a command line terminal and displays detailed information about the server environment to the attackers.

Backdoor functionality

The malicious plugin hides itself from the list of installed plugins, so a manual search on the site’s root directory is required to remove it.

Code to hide the admin user and the malicious plugin

At this time, the operational goal of the plugin remains unknown.

In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.

The cybercriminals paralyzed major corporations’ operations in attacks using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma.

“After remaining undetected in the compromised systems, sometimes for months, the criminals would deploy different types of ransomware, such as LockerGoga, MegaCortex, HIVE or Dharma,” Eurojust said.

“A ransom note was then presented to the victim to pay the attackers in bitcoin in exchange for decryption keys.”

Roles within this criminal network varied significantly: some members breached IT networks, while others reportedly helped launder the cryptocurrency payments made by victims to decrypt their files.

The attackers gained access to their targets’ networks by stealing user credentials in brute force and SQL injection attacks, as well as using phishing emails with malicious attachments.

Once in, they used tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to move laterally and compromise other systems before triggering previously deployed ransomware payloads.

The investigation unveiled that this organized group of ransomware affiliates encrypted more than 250 servers of major corporations, leading to losses exceeding several hundred million euros.

 

Ransomware gang arrests in Ukraine

On November 21st, coordinated raids at 30 locations in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted in the arrest of the group’s 32-year-old mastermind and the capture of four accomplices.

Over 20 investigators from Norway, France, Germany, and the United States helped the Ukrainian National Police with the investigation in Kyiv. Europol also set up a virtual command center in the Netherlands to process the data seized during the house searches.

“With the support of the TOR special unit, law enforcement officers conducted more than 30 authorized searches in the premises and cars of the suspects in Kyiv region, as well as in Cherkasy, Rivne, and Vinnytsia regions,” the National Police of Ukraine’ Department of Cyber Police said today [automated translation].

“Computer equipment, cars, bank and SIM cards, ‘draft’ records, as well as dozens of electronic media and other evidence of illegal activities were seized. In particular, almost 4 million hryvnias and cryptocurrency assets.”

This operation follows other arrests in 2021 as part of the same law enforcement action when police detained 12 more suspects part of the same ransomware group linked to attacks against 1,800 victims in 71 countries.

As the investigation revealed two years ago, the attackers deployed LockerGoga, MegaCortex, and Dharma ransomware. They also used malware like Trickbot and post-exploitation tools such as Cobalt Strike in their attacks.

Subsequent efforts at Europol and in Norway focused on analyzing data on devices seized in Ukraine in 2021 and helped identify additional suspects arrested one week ago in Kyiv.

 

Free LockerGoga and MegaCortex ransomware decrypters

The forensic analysis also allowed Swiss authorities to develop decryption tools for the LockerGoga and MegaCortex ransomware variants in collaboration with No More Ransom partners and Bitdefender.

This international police action was initiated by French authorities in September 2019 and focuses on locating threat actors in Ukraine and bringing them to justice with the help of a joint investigation team (JIT) comprising Norway, France, the United Kingdom, and Ukraine, with financial support from Eurojust and collaborating with Dutch, German, Swiss, and U.S. authorities.

The list of participating law enforcement agencies includes:

  • Norway: National Criminal Investigation Service (Kripos)
  • France: Public Prosecutor’s Office of Paris, National Police (Police Nationale – OCLCTIC)
  • Netherlands: National Police (Politie), National Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
  • Ukraine: Prosecutor General’s Office (Офіс Генерального прокурора), National Police of Ukraine (Національна поліція України)
  • Germany: Public Prosecutor’s Office of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
  • Switzerland: Swiss Federal Office of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor’s Office of the canton of Zurich, Zurich Cantonal Police
  • United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI)
  • Europol: European Cybercrime Centre (EC3)
  • Eurojust

“In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world,” Europol said.

“The operation comes at a critical time, as the country grapples with the challenges of Russia’s military aggression against its territory.”

 

Related Articles:

The Week in Ransomware – October 20th 2023 – Fighting Back

Qilin ransomware claims attack on automotive giant Yanfeng

Ransomware attack on indie game maker wiped all player accounts

Healthcare giant Henry Schein hit twice by BlackCat ransomware

Ukraine says it hacked Russian aviation agency, leaks data

 

Link to Source

Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts.

This confirms customer reports regarding crashing issues when using Outlook.com accounts shared on Microsoft’s community website and other social networks since last Monday, November 20.

According to online reports, restarting, repairing Outlook, reinstalling the application, and creating a fresh Outlook profile for the impacted email account fails to address the issue.

“I’ve tried everything (safe mode, new profile, repair pst, even up to and including a system restore to attempt to roll back a previous installation) to no avail,” one of the affected users said.

These problems only affect Outlook for Microsoft 365 users and those in the Current Channel (Preview) channel using Outlook build 17029.20028.

“The issue is fixed in future builds 17029.20052+. However, this build has not been released yet,” Microsoft said.

While a limited number of customers did report they had successfully worked around this known issue by reinstalling Office, Microsoft suggests reverting to an earlier version.

To do that, type Command Prompt in the Windows search box, right-click Command Prompt and click Run as administrator.

Next, paste the following commands into the Command Prompt window and hit Enter after each:

cd %programfiles%\Common Files\Microsoft Shared\ClickToRun

officec2rclient.exe /update user updatetoversion=16.0.16924.20124

Redmond also started rolling out fixes last week for some of the customers affected by another known Microsoft 365 issue behind ‘Something Went Wrong [1001]’ sign-in errors, rendering desktop Office apps unusable for many affected users.

These ongoing login issues impact customers using Excel, Word, Outlook, and PowerPoint for Microsoft 365, Microsoft 365 Apps for business, and Office apps for iOS and Android, as the company confirmed over a month ago.

Previously, it fixed another bug causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop to a network share.

Earlier this year, Microsoft tackled various other Outlook issues, including ones blocking Microsoft 365 customers from accessing emails and calendars and causing slow starts and freezes during cache re-priming.

 

Related Articles:

Microsoft fixes ‘Something Went Wrong’ Office sign-in errors

Microsoft 365 users get workaround for ‘Something Went Wrong’ errors

Microsoft fixes Outlook Desktop bug causing slow saving issues

Microsoft fixes known issue causing Outlook freezes, slow starts

Microsoft fixes Outlook prompts to reopen closed windows

 

Link to Source

Passwords have long been used as the primary gatekeepers of digital security, yet they can also be a weak link in the chain.

According to IBM’s 2023 Cost of a Breach report, phishing (16%) and stolen credentials (15%) are still the most common initial attack vectors for cyber-attacks. Stealing and selling credentials is a lucrative business for cybercriminals – it’s not something they’ll be given up on anytime soon.

An organization’s first step should be to tighten up their password policies and stop end-users from choosing the weak and vulnerable passwords, with common patterns and easily guessable phrases.

But as Specops research shows, 83% of compromised passwords actually satisfy the password length and complexity requirements of regulatory password standards.

IT teams also need a way to scan Active Directories for passwords that have become compromised – before they’re used by attackers.

Why check for breached passwords?

Enforcing strong, longer passwords is crucial to help protect end-users against brute force, dictionary, and hybrid attacks. However, strong passwords can still become compromised. For example, people can be targeted with phishing attacks that trick them into giving up their credentials.

From that point on, the password is compromised until it is changed, which can often be too late – especially if the end-user or organization has no idea the initial credential theft has even occurred.

This risk is exacerbated through password reuse. Organizations can guide their employees through training and control the kinds of passwords they make at work, but they can’t stop them reusing the passwords in their personal lives.

This is particularly problematic if the personal devices and applications they use have weak security or are accessed via unsecured networks. A Google survey found that 66% of Americans reuse their passwords across more than one online account.

Without a tool to check for compromised passwords, it can take organizations a long time to discover they have a problem. IBM estimate it takes nearly a year on average to detect a breach from stolen or compromised credentials.

It’s risky to wait for end-users’ passwords to expire or relying on being able to spot the early signs of an attack through other measures.

These factors all underscore the urgency of being able to discover compromised passwords within your Active Directory.

How to find compromised passwords

There are manual ways to export passwords from your Active Directory and cross-reference them against publicly available lists of breached passwords. However, using a third party tool is far quicker and easier.

And in the case of Specops Password Auditor, it’s free tool. Specops Password Auditor is a powerful tool that can help you quickly identify and mitigate password-related vulnerabilities within your Active Directory.

Using Specops Password Auditor is straightforward. Simply download your free tool and follow these steps:

  1. Run Specops Password Auditor: After installation, launch Specops Password Auditor and allow it to scan your Active Directory.
  2. Analyze the report: It generates comprehensive reports that highlight user and password policy information. Pay special attention to the section on accounts using compromised passwords.
  3. Act: Once you’ve identified compromised passwords, prompt users to change them immediately. This step is vital in preventing unauthorized access to your systems.

Beyond identifying compromised passwords, Specops Password Auditor equips you with knowledge about the overall state of your password policies and user accounts, identifying blank passwords, breached passwords, identical passwords, admin accounts, delegable admin accounts, stale admin accounts, stale user accounts, user accounts with the control flag for not requiring a password set/password never expires, expired or expiring passwords, password age, and when passwords were last changed.

Armed with this information, you can make informed decisions to enhance your organization’s access security.

Specops Password Auditor Report
Specops Password Auditor

Automating breached password checks

Specops Password Auditor offers a great initial health check of your Active Directory by cross-referencing against 950 million known compromised passwords. It helps to inform you where your password policy needs improving and where your password-related vulnerabilities lie.

The next step is building a stronger password policy and automating the process of checking for compromised passwords. This is where a more advanced tool such as Specops Password Policy comes in.

Once you’ve identified compromised credentials and vulnerabilities using Specops Password Auditor report, you can bolster your organization’s password security further using Specops Password Policy.

Specops Password Policy enforces password length and complexity while preventing the use of common character types at the beginning or end of passwords and consecutively repeated characters.

To facilitate the creation of stronger yet memorable passwords, it supports passphrases, a combination of words that may seem unrelated, making them both easier for users to remember and harder for hackers to decipher.

Specops Password Policy with Breached Password Protection feature, checks your Active Directory against a list of 3 billion unique weak and known compromised passwords – including those being used right now in attacks on Specops’ honeypot accounts.

On top of that, if continuous scan is activated, users will be alerted by SMS or email as soon as their password has been discovered to be compromised and forced to change it. Our research team’s attack monitoring data collection systems update the service daily to ensure your network is protected from real-world password attacks.

Secure your business against breached passwords today

Compromised credentials offer attackers an easy route into your organization – it’s too risky to not have visibility over whether your end-users have been involved in breaches.

Start on boosting your access security with a free audit of your Active Directory for password-related vulnerabilities.

And if you’re interested in automating the process and securing against a constantly updated list of over 3 billion unique weak and compromised passwords, give Specops Password Policy a trial.

Sponsored and written by Specops Software.

Source – https://www.bleepingcomputer.com/news/security/are-your-end-users-passwords-compromised-heres-how-to-check/

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.

Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke

When used correctly, Shared Access Signature (SAS) tokens offer a secure means of granting delegated access to resources within your storage account.

This includes precise control over the client’s data access, specifying the resources they can interact with, defining their permissions concerning these resources, and determining the duration of the SAS token’s validity.

“Due to a lack of monitoring and governance, SAS tokens pose a security risk, and their usage should be as limited as possible. These tokens are very hard to track, as Microsoft does not provide a centralized way to manage them within the Azure portal,” Wiz warned today.

“In addition, these tokens can be configured to last effectively forever, with no upper limit on their expiry time. Therefore, using Account SAS tokens for external sharing is unsafe and should be avoided.”

Microsoft Azure Storage leak tweet

38TB of private data exposed via Azure storage bucket

The Wiz Research Team found that besides the open-source models, the internal storage account also inadvertently allowed access to 38TB worth of additional private data.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for Microsoft services, secret keys, and an archive of over 30,000 internal Microsoft Teams messages originating from 359 Microsoft employees.

In an advisory on Monday by the Microsoft Security Response Center (MSRC) team, Microsoft said that no customer data was exposed, and no other internal services faced jeopardy due to this incident.

Wiz reported the incident to MSRC on June 22nd, 2023, which revoked the SAS token to block all external access to the Azure storage account, mitigating the issue on June 24th, 2023.

“AI unlocks huge potential for tech companies. However, as data scientists and engineers race to bring new AI solutions to production, the massive amounts of data they handle require additional security checks and safeguards,” Wiz CTO & Cofounder Ami Luttwak told BleepingComputer.

“This emerging technology requires large sets of data to train on. With many development teams needing to manipulate massive amounts of data, share it with their peers or collaborate on public open-source projects, cases like Microsoft’s are increasingly hard to monitor and avoid.”

BleepingComputer also reported one year ago that, in September 2022, threat intelligence firm SOCRadar spotted another misconfigured Azure Blob Storage bucket belonging to Microsoft, containing sensitive data stored in files dated from 2017 to August 2022 and linked to over 65,000 entities from 111 countries.

SOCRadar also created a data leak search portal named BlueBleed that enables companies to find out if their sensitive data was exposed online.

Microsoft later added that it believed SOCRadar “greatly exaggerated the scope of this issue” and “the numbers.”

 

Source – https://www.bleepingcomputer.com/news/microsoft/microsoft-leaks-38tb-of-private-data-via-unsecured-azure-storage/

Choosing colocation service providers means knowing the propensity of natural disasters where data centers are located. Fortunately for Utah Fibernet seekers, this state is ranked by WalletHub as the third safest in the nation. (For those interested, Utah is also the second safest state for “workplace safety” and fourth safest for “driving safety.”) Knowing how likely a natural disaster is can play a critical role in choosing your data center location. Data centers, including colocation data centers, are built with safeguarding akin to Fort Knox, but nothing is truly indestructible. Clients can find more security in a data center than they could manage on their own—unless you have a really big budget and safety know-how—which is why colocation data centers are so desirable.

In Utah, there are still possibilities for natural disasters just like there are anywhere else. You’ll find preparedness information on the State of Utah website, and it’s worth knowing what the most “common” natural disasters may be, starting with earthquakes. You might not think “earthquakes” when you hear Utah, but the state is located along a major fault line. This means the earth’s crust isn’t very strong in this area, and sometimes fault lines are caused by a geologic break after mountain blocks have been bolstered up naturally in comparison to dipping valleys—which pretty much sums up the landscape of many places in Utah.

Not All “Natural” Things are Good

Spanning from Malad City to Fayette, Utah County boasts a big fault line that runs below a number of residential and business areas. Currently, geologists say that it’s feasible for a 7.5 earthquake to hit this area. The good news is that there are many things businesses can do to prepare for an earthquake, and a good colocation data center will be built to withstand such a disaster. However, earthquakes don’t “just” cause structural damage. They also often leak during power outages, which is why colocation data centers should feature redundant power with generators.

Another possible natural disaster in the state is floods. Flash floods are a potential problem in every single state, but they’re relatively more common in Utah than in some other states. Obviously, the areas with the biggest vulnerabilities are at the bottom of steep slopes, close to stream valleys, and near any natural water source. Hopefully, your colocation service provider built a data center that’s not in a high-risk flood zone (feel free to ask them). It’s best to physically visit the data center if possible to see just what kind of preparation work has been made in case of a flood.

Where the Wild Things Are: Utah

Floods and landslides go hand in hand. Again, landslides are most common near steep slopes. You don’t want a data center nestled at the base of the Wasatch Mountains, for example. Similar precautions should be made for landslides, including avenues for guiding water away from the data center. There are also wildfires to contend with. A state rich in natural beauty and known for sometimes sizzling summers of course can be vulnerable to wildfires. Data centers should be “fireproof” and located in an area far from “kindling” (even if it means the outside landscaping is rather boring).

Finally, there is the risk of an avalanche. A state beloved for skiing, snowboarding, and other winter sports is going to come with an avalanche risk. These can be particularly troublesome during a quick spring thaw, but shouldn’t impact your data center unless it’s located in a mountainous region. There are avalanche zones in Utah, and of course, your data center should not be located in one of these.

Compared to most other states, Utah doesn’t face many natural disasters. There are also regions of the state more prone to natural disasters than others. When shopping around for a colocation provider, make sure to ask the actual address of the data center, if there have been any natural disasters in recent history, and do your due diligence to make sure the likelihood of a natural disaster is slim. There are never any guarantees, but it’s not very wise to choose a colocation provider with a data center in the middle of the woods (wildfires), in a ski resort town (avalanches), or at the bottom of a slope (floods and landslides). Common sense can go a long way—as can researching geographic locations.

 

 

 

Do you think your business might need colocation services, but you’re not quite sure? Do you want to make sure this is the right move for you right now before you start researching local providers and data centers? Maybe you’re not even sure what colocation providers do, but in your quest for a better web host you’ve been inundated with the term. Cloud hosting targets small businesses, and colocation services are an alternative for small to mid-sized companies who want to snag scalability while maintaining the best security. It’s for businesses that want a budget-friendly option and who expect (or hope!) for growth, so they want a service provider who can “grow” with them.

However, for the non-techie, coming across terms like dedicated hosting, hybrid options, and colocation service providers can be frustrating and read like mumbo jumbo. First things first: What exactly is colocation? Basically, it’s when you house a server you own in a data center managed by pros. You’re not leasing or renting hardware—you own it. However, you don’t have to manage it. You rent “rack space” in a colocation environment, but you still provide all of the servers and hardware that goes along with it. It’s almost like having an in-house server, but you avoid risks and enjoy scalability that’s otherwise impossible.

Isn’t Colocation an Obvious Choice?

Now that you know what colocation is, how do you know if it’s for you? It sounds like a great approach where you enjoy all the rewards of having your own server with none of the risks. Plus, if you’re a small business with big growth dreams, you’d better make sure scalability is on the agenda. However, bear in mind that timing is everything. You might be overdue for making the switch, or you might not be there yet. Answer these key questions and you’ll find out if “colo” is for you right now:

  • Are you an early-stage startup on a budget? Sometimes there’s a thin line between “startup” and small business. The vast majority of startups fail, and sometimes poor financial decisions exacerbate an already delicate situation. If you’re strapped for cash and your current web presence includes just a smattering of static pages, you probably don’t need a more advanced infrastructure right now. In fact, with static pages, you may never need colocation. It’s when you start adding more dynamic pages that colocation can help. There are many financial investments you can make to bolster your startup’s odds for success, but going with a colocation center isn’t one of them. Wait until you make it to “small business size” and then reconsider.
  • Do you have an in-house server already? If so, then going with a colocation provider might be a great way to get more protection and up your redundancy. After all, you’ve already made the “big purchase.” Servers can be incredibly expensive, to the tune of $200,000 in some cases. If you haven’t already purchased a server, make sure you really need one first. Otherwise, you could easily bankrupt your business before it has a fighting chance.
  • Are you all about physical infrastructure? Web hosting is a complex issue and it’s a lot more than owning servers and related equipment. You also need to focus on connectivity, cooling strategies, and redundant power just to get started. Having everything you need in-house is a lot of work and very expensive. Businesses that already own servers and are after an improved infrastructure can benefit from colocation services.
  • Are you “certified”? Some industries require certification, particularly if you store sensitive information. Surprisingly, a lot of businesses go colocation because it’s the best, easiest way to abide by certification requirements like the SOC I Type II or the HIPAA standards. Some of these certifications are incredibly complex, and you can spend a lot of time and money trying to play by the rules. A colocation provider takes care of a lot of the leg work for you, freeing you up to actually run your business.
  • Do you need high-performing hardware for your applications? Some applications use a bevy of resources, and it can be expensive to find the best solutions from web hosts. “High-performance servers” may be offered from a slew of web hosts, but there will come a time when you might need to just buy your own. Leasing hardware is kind of like renting an apartment instead of buying: It works well for a while, but most people eventually outgrow that kind of situation.

Colocation isn’t for everyone, but it’s a fantastic solution for many growing companies. Go with a local provider for optimal customer service and peace of mind knowing that professionals and your data center are relatively close—yet far enough away that you can sit back and let the experts take care of much of the busy work.

 

 

 

 

Colocation provider data centers have to achieve compliance in some instances to “keep things legal.” If you own or manage a company that requires such certifications, you already know which ones are necessary—but are you sure your colocation provider has actually achieved these security levels? From HIPAA to SSAE 16, it’s up to the client to make sure they (and their colocation provider) have the requisite paperwork in place. The major industry standards and certifications include HIPAA, PCI DSS 3.0, SSAE 16 SOC 1 Type 2, SOC 2 Type 2, and ISAE 3402. There are over 1,000 <a href=”http://www.fiber.net/colocation_suites.php”>colocation data centers</a> in North America, and you shouldn’t assume that all are fully compliant. Some don’t have clients that require these certifications, while other, smaller providers might not think it’s worth the time and money to pursue them. In order to be fully compliant, an unbiased, third-party auditing firm must confirm that a data center has successfully reached the right industry standards that are rigorous at best.

After a full audit, compliance reports are given to the data centers and can then be shared with appropriate clients. These certifications guarantee that there’s a certain level of <a href=”http://www.fiber.net/content/data-center-security”>data privacy, security</a>, control, and availability at the data center. This is, unsurprisingly, a very challenging and expensive process for the <a href=”http://www.fiber.net/data_center_santa_clara.php”>data center provider</a>. Each of the certifications boasts intensive and lengthy requirements. For example, HIPAA outlines physical and administrative rules, organizational safety rules, documentation procedures for policies, and an overall outline of procedures. In order to get HIPAA certified, a data center must meet the Health Information Technology for Economic and Clinical Health Act (HITECH) prerequisites.

<strong>Keeping Clients Secure</strong>

Another popular certification is the PCI DSS or the Payment Card Industry Data Security Standard. This is a must for organizations that deal with credit card transactions—which includes many e-businesses. In order to safely process payments online, an auditing company must also confirm that a data center followed the SSAE 16 SOC 1 Type 2/SOC 2 Type 2 standards, or the Statement on Standards for Attestation Engagements. All systems and controls related to availability and security must pass muster. Plus, getting compliant with the International Standards for Assurance Engagements (ISAE) is a much-needed accessory, and is designed to safeguard the public and shareholders from potential accounting problems or mistakes in other related materials.

Specifically, SSAE 16 was created for certified public accountants (CPAs), so they could better oversee controls and keep businesses, shareholders, and clients safe. Few colocation data centers in North America boast all available certifications, but that’s not important to clients who rent rack space. What’s important as a colocation client is that your data center features certifications for your specific needs (if any). Most businesses don’t have such certification requirements, since only the most vulnerable and involved in finances or data privacy have such restrictions.

<strong>Security Measures for Every Data Center</strong>

While certification isn’t always a requirement, keeping close, accurate documentation on procedures, records and systems is a must. The data center shouldn’t be leaving any gray areas or unnecessary requirements for their clients. According to a CPA who’s involved with auditing data centers, Scott Price of A-Lign, “Certifying compliance across all facilities is a significant accomplishment and an uncommon feat these days.” However, he points out that keeping the bar high and protecting a data center’s clients is something that should be standard, not an exception. For data centers that specialize in serving clients in these niche industries, it’s a fantastic way to optimize protection.

<strong>Choosing the Right Data Center</strong>

Any data center that does have a certification is required to share audit reports with anyone who requests them. The detailed reports outline exactly how the data center abides by updated rules and standards. Every year, these regulations may change, so getting re-certified is an annual task for data centers that are committed to added security. Additionally, as more data centers seek to serve niche industries (and those with higher demands), it’s likely that certification will become more common across the board.

However, certification is just one aspect to consider when shopping for a colo provider (albeit a very necessary one for those who need it). Also <a href=”http://www.networkworld.com/article/2910014/cisco-subnet/lessons-from-altoona-what-facebooks-newest-data-center-can-teach-us.html”>consider geographic location</a> and propensity for natural disasters, the 24/7 availability of customer support, connectivity, and the general safety levels of a data center. If possible, tour the facility and build a relationship with the data center provider. This is the business that’s keeping your server(s) and online presence secure, so shopping shouldn’t be taken lightly.

&nbsp;

As 2020 closed, so did the era of Adobe’s Flash. Adobe will no longer support Flash and has advised its users to uninstall the software entirely. Some say good riddance as Flash had many issues including bugs and security vulnerabilities. Others are concerned about what will happen to the millions of websites that still rely on Flash. Whichever side you are on, it really doesn’t matter as we are all in the same boat, Flash is no more.

The Golden Years

During Flash’s golden age, it had the responsibility of running a lot of the internet.  With the growth of Flash’s popularity, it also became a target for hackers. In terms of security risk, it quickly ranked among browser plugins like ActiveX and Java. In 2017, Adobe finally decided they couldn’t fix Flash so they announced Flash’s end of life (EOL).  

Here’s the official EOL announcement from Adobe back in 2020:   

Adobe will not issue Flash Player updates or security patches after the EOL Date. We recommend that all users uninstall Flash Player before the EOL date (see manual uninstall instructions for Windows and Mac users). Users will be prompted by Adobe to uninstall Flash Player on their machines later this year and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.

Flash is Out, Why are you surprised?

It doesn’t come as too big of a surprise that Flash is now no more. Steve Jobs hated Flash so much he banned its use on some Apple devices. Jobs felt like Flash was cumbersome to use on a touch screen, unreliable, a security threat, and a drain on battery life. Furthermore, Flash didn’t update right away with smartphone technology. By the time it did get updated, the smartphone world had moved on to better technologies like HTML5.  About 80% of Google Chrome users in 2014 visited a site with flash.  That number dropped to just 17% by 2017.

Doomed Websites

According to rough estimates, there will be millions of sites still running Flash.  However, Adobe has created some tools that help web developers migrate their Flash content to HTML5 or other web technologies.  Also, BlueMaxima’s Flashpoint offers a “web game preservation project” to help archive tens of thousands of Flash-based browser games.  This project disseminates its own, open-source and “secure” player software, allowing Flash cronies to access their games despite the shutdown.  

How to Uninstall Flash

 Protect your system by uninstalling Flash.  Adobe has posted uninstall instructions for both Windows and Mac users. Here’s how it works:

  • Download an uninstaller application for Flash Player.  Make sure to choose the Adobe uninstaller. (There is a different one for each operating system; and if you’re on Mac, pay attention to which OS version you’re using.)
  • Run the uninstaller. (On Windows, you’ll first need to close out all browsers and programs that use Flash. On iOS, you’ll do that as part of the process.)
  • Then, you can verify that the uninstallation was successful by restarting your computer and then checking the status of Flash Player on your computer from the Adobe website.

 

Xchanging, a subsidiary of DXC based in the UK,  was attacked with ransomware on July 4th, 2020.  Mark Hughes, senior vice president of offerings and strategic partners at DXC Technology, wrote an article in the Harvard Business Review titled “5 Lessons We Learned From Our Ransomware Attack”. Hughes explains that a message was received from the attacker with a cartoon character making an obscene hand gesture and the note:  “We have your data.  We’ve encrypted your files. If you want to negotiate, we can talk on a secure tool or chat session.”

You might think Hughes’s first move would be to strike up the negotiations with the attacker. Instead, Hughes pinpointed the systems that were accessed and quickly isolated and neutralized the threat. The average ransomware attack takes 16 days to restore back to operational functioning. On July 5th, just one day after the attack, Hughes’s team had already cleaned and restored the impacted environment, and by Monday, July 6th Xchanging was processing insurance policies again.  

Hughes’s experience can provide many valuable lessons on how to deal with ransomware but we will just review his top 5 from the article. 

Know Your Infrastructure

First, know your infrastructure.  You need to regularly apply basic software patching hygiene. Also, make sure all networks and firewalls have enterprise security tools in place as they will alert you to malicious activity. In Hughes’s ransomware attack, the hackers used “grayware” to exploit Microsoft Windows and launch malware. While the attack was not prevented, Hughes’s team was quickly alerted that something wasn’t right and they were able to identify where the network was compromised. 

Include Senior Management

Hughes’s second point is to include senior leadership from the start. The reason why you want to include senior management is that they can make critical decisions quickly. For example, in Hughes’s crisis, senior management made the decision to sever all connectivity with Xchanging systems. This involved action from IT teams in the UK and India, and as Hughes puts it “engaging leadership from those teams allowed the shutoff to happen quickly and efficiently.”

Contact Your Authorities

Step three is to engage authorities and experts early. Law enforcement and security experts have experience dealing with ransomware cases and can give ideas on how to manage the attack and get legal support. In Hughes’s case he notified law enforcement in the United States that the ransomware was programmed to send Xchanging data to website domains in the U.S. By the end of the day, he had already received a court order to take control of the attacker’s internet domains.

Don’t Pay the Ransom

Step four is to gain as much leverage as you can and don’t pay the ransom. The experts agree – don’t pay the ransom. In the U.S. and UK measures are being taken to legally enforce against paying ransoms in a cyberattack. Hughes suggests that if you do decide to negotiate a ransom with cybercriminals, bring an experienced ransom broker on board.  

 Be Transparent

And finally, be transparent. Sharing information can help keep others safe and mobilizes a whole bunch of help from those you are in contact with including colleagues, authorities, and the security community. Hughes notified the public with a news release on Sunday, July 5th, and a few weeks later to inform the public that the ransomware was contained.

Ransomware attacks can be a messy business. There is much to be learned from Hughes’s experience on how to overcome ransomware. The writer concludes that Hughes is a hero because he not only saved his company but also passed on that saving information to us.