United Technology Group https://www.utgsolutions.com Atlanta IT Consulting, Augusta IT Consulting Thu, 22 Jun 2017 03:11:17 +0000 en-US hourly 1 https://wordpress.org/?v=4.8 [Webinar June 28th] Cisco Meraki: Make Your Technology Rock with the Meraki Full Stack https://www.utgsolutions.com/cisco-cce https://www.utgsolutions.com/cisco-cce#respond Wed, 21 Jun 2017 22:00:08 +0000 https://www.utgsolutions.com/?p=3682 The speed and reliability of your network is MISSION-CRITICAL to your business. And your network is the core to everything you do. If your network doesn’t work, NOTHING WORKS.

The post [Webinar June 28th] Cisco Meraki: Make Your Technology Rock with the Meraki Full Stack appeared first on United Technology Group.

]]>

The speed and reliability of your network is MISSION-CRITICAL to your business. And your network is the core to everything you do. If your network doesn’t work, NOTHING WORKS.

Today’s networks are no longer just wired switching. They include wireless access, remote access, mobility, security and collaboration. Yet most companies still try to operate each component as a standalone system.

Cisco Meraki is the industry's only 100% cloud managed networking solution that offers customers a unique and tightly integrated set of wired, wireless, security, mobility products (and more) all managed in the Cloud.

Cisco Meraki gives you a true single interface to manage your ENTIRE network from anywhere via the cloud – management, visibility and control – BUT without the cost and complexity of controller appliances or overlay management software.  Join us for a WebEx session to learn more and see a LIVE DEMONSTRATION.

Cisco Meraki will truly make your network ROCK!

Register

Wednesday, June 28th 2017, 1:30 p.m. ET

Live Via WebEx from Your Office (or tablet or smartphone)

Register for this and other sessions!

View Webinar Replays

When registering, please be sure to enter “UTG” when asked, “I was invited by” Thanks!

About Cisco CCE

You are cordially invited to attend free educational sessions sponsored by UTG and Cisco.

The CCE series is NOT a sales pitch!

It is a chance for you to learn more about the features and benefits of various Cisco technologies or architectures from the comfort of your desk or mobile device.

UTG and Cisco offer industry-leading technologies designed to help our customers get the most out of their technology investments.

We have solutions for customers of all sizes in the following technology areas:

  • Core Switching and Routing Infrastructure
  • Wireless and Mobility
  • Next Generation Network Security
  • Collaboration – Voice, Video, Mobility
  • Datacenter Server, Storage and Networking
  • Cloud, Hybrid and Application Centric Infrastructure

Join us for a weekly CCE customer briefing and learn the what, how and why of Cisco technologies to help you evaluate whether UTG and Cisco can help you in your business.

CCE sessions occur every Wednesday at 1:30 p.m. ET.

We hope you will join us!

Upcoming Topics

Cisco Services Update – Harness the Power of Smart Services

Jul/12/17 Bring Your Datacenter into the 21st Century with Cisco
Jul/19/17 Technology as a Business Enabler and Revenue Generator with Cisco
Jul/26/17 You've Already Been Hacked.  Now What?  Cisco Next-Gen Security Can Help
Aug/02/17 Do You  Even BYOD? Capitalize on the Mobile Revolution with Cisco

The post [Webinar June 28th] Cisco Meraki: Make Your Technology Rock with the Meraki Full Stack appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/cisco-cce/feed/ 0
15 Important Facts About the WannaCry Ransomware Virus [Infographic] https://www.utgsolutions.com/15-important-facts-about-wannacry-ransomware-virus-infographic https://www.utgsolutions.com/15-important-facts-about-wannacry-ransomware-virus-infographic#respond Wed, 07 Jun 2017 01:21:56 +0000 https://www.utgsolutions.com/?p=6281 The WannaCry outbreak is the largest ransomware attack on record so far with the majority of devices infected within a single day. With all the different news stories out there, we thought we'd put together this infographic to highlight the main points. Enjoy!

The post 15 Important Facts About the WannaCry Ransomware Virus [Infographic] appeared first on United Technology Group.

]]>

The WannaCry outbreak is the largest ransomware attack on record so far with the majority of devices infected within a single day. With all the different news stories out there, we thought we'd put together this infographic to highlight the main points. Enjoy!

15 Important Facts About WannaCry

1. The virus infected some 200,000 computer systems in 150 countries in a single weekend.

2. WannaCry is a ransomware virus.

The primary objective of this viral infection is to encrypt all of the data on targeted systems, rendering the data inaccessible until the owner pays a ransom to the hackers.

3. The hackers reportedly only made about $50,000 from plunging the world into panic.

The ransom demanded from WannaCry victims reportedly ranged from $300 to $600, with a threat that higher payments would be demanded if victims did not pay up quickly.

4. Victims often pay the ransom demanded.

Security analysts say that over 200 of the WannaCry victims who promptly paid the ransom have gotten their data back.

5. A vulnerability in Microsoft Windows allowed the WannaCry hackers to strike.

The WannaCry virus exploits a bug in Windows networking protocol, which Microsoft patched in March, possibly after receiving a heads-up from the U.S. intelligence community.

6. Britain’s National Health System was among the biggest victims.

The NHS still runs Windows XP on many of its computers, so it became one of the biggest ransomware victims.

7. Microsoft blames the National Security Agency and other intel services for hoarding exploits.

“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency [NSA] in the United States” —Microsoft’s chief legal officer and president, Brad Smith.

8. The “Shadow Brokers” disclosed the NSA code used in WannaCry.

Several weeks ago, a hacker group called the Shadow Brokers published a set of powerful malware tools purportedly stolen from the NSA.

9. The stolen NSA code appears to be the reason WannaCry spread so quickly.

The recent ransomware attack was “souped up” or “turbocharged” with the NSA’s tools.

10. A British IT expert temporarily halted the spread of the virus.

Quick action from a British computer tech, called “MalwareTech” stopped the spreading of the virus by finding its “kill switch”.

11. New versions of WannaCry appeared soon after the kill switch was thrown.

It did not take long for new instances of the virus to appear with the kill switch code removed and now, we’re in a “second wave”.

12. The Department of Homeland Security is involved in the U.S. response.

The DHS released a statement acknowledging reports of WannaCry infections “affecting multiple global entities.”

13. The next wave of WannaCry attacks does not seem as bad as experts feared.

There was great anticipation that a new wave of attacks would hit on the following Monday, but it didn’t end up as badly as expected.

14. The WannaCry perpetrators were sloppy.

One reason the attack is tapering off quickly after a terrifying weekend is that the perpetrators were “sloppy” cybercriminals who made “amateur mistakes at practically every turn”

15. Defending against WannaCry and other ransomware.

Keep up-to-date with Windows (and all) patching! Consider a Managed IT Provider, like www.UTGsolutions.com.

Share this Image On Your Site

The post 15 Important Facts About the WannaCry Ransomware Virus [Infographic] appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/15-important-facts-about-wannacry-ransomware-virus-infographic/feed/ 0
Sharing Smiles Day—Free Dental Care for Kids in Need (May 21) https://www.utgsolutions.com/sharing-smiles-day-free-dental-care-kids-need-may-21/ https://www.utgsolutions.com/sharing-smiles-day-free-dental-care-kids-need-may-21/#respond Wed, 17 May 2017 17:36:35 +0000 https://www.utgsolutions.com/?p=6085 We are proud to help spread the word that our friend and client, Kool Smiles, is holding their annual “Sharing Smiles” free care day on Sunday, May 21.

The post Sharing Smiles Day—Free Dental Care for Kids in Need (May 21) appeared first on United Technology Group.

]]>

Sharing Smiles Day - May 21, 2017We are proud to help spread the word that our friend and client, Kool Smiles, is holding their annual “Sharing Smiles” free care day on Sunday, May 21.

Click here to learn more and register

Participating Kool Smiles locations in Georgia:

Lilburn
4030 Lawrenceville Hwy.
Lilburn, GA 30047
(678) 252-5665
Hours: 9 am – 12 pm

Decatur
1756 Candler Rd.
Decatur, GA 30032
(404) 591-5665
Hours: 11am – 3pm

Atlanta
5495 Old National Hwy.
Atlanta, GA 30349
(404) 223-5665
Hours: 9am – 12pm

About Sharing Smiles Day

Children will be able to receive needed dental care at no cost during the Kool Smiles annual “Sharing Smiles” free care day on Sunday, May 21.

Each patient will be examined to determine treatment needs. Available treatments will include dental exams, limited emergency care, extractions, and restorative care.

Treatments will be provided on a first-come, first-served basis, and treatment offerings will be determined by the dentist.

If your child is insured through Medicaid or has other insurance, please call us at 844-630-6828 to make an appointment that is convenient for you.

The post Sharing Smiles Day—Free Dental Care for Kids in Need (May 21) appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/sharing-smiles-day-free-dental-care-kids-need-may-21/feed/ 0
Facebook and Google are Swindled for more than $100 Million—Here’s the Lesson https://www.utgsolutions.com/facebook-google-swindled-for-100m-heres-the-lesson https://www.utgsolutions.com/facebook-google-swindled-for-100m-heres-the-lesson#respond Fri, 12 May 2017 15:26:56 +0000 https://www.utgsolutions.com/?p=6162 Basically, this was an elaborate Phishing attack. While some companies are taking steps for preventing such attacks, here's what they're doing wrong.

The post Facebook and Google are Swindled for more than $100 Million—Here’s the Lesson appeared first on United Technology Group.

]]>
Have you read about this yet?

The tech companies that fell victim to a $100 million “fraudulent email compromise scheme” against two unnamed “multinational internet companies” have been identified last month as Facebook and Google, thanks to Fortune.com.

Basically, here's what happened: In 2013, a 40-something Lithuanian named Evaldas Rimasauskas allegedly hatched an elaborate scheme to impersonate a large Asian-based manufacturer (Quanta Computer) with whom both Facebook and Google did business with regularly.

According to the Justice Department, he forged email addresses, invoices, and corporate stamps in order to redirect payments into his own bank accounts.

I've said it before and I'll say it again: Email is Still the Number 1 Threat Vector

Luckily, this didn't end up too bad for Facebook and Google

“Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation,” a company spokesperson told Fortune.

“We detected this fraud against our vendor management team and promptly alerted the authorities,” a Google spokesperson told Fortune. “We recouped the funds and we're pleased this matter is resolved.”

What's the lesson here? And how to protect your company?

Everyone is a target and everyone can be had. That is the bottom line.

We get phishing emails at UTG quite frequently because hackers know that MSP’s have a treasure trove of information about many customers. Facebook and Google both have large security teams (and I am sure training programs) but it will ultimately always come back to what a user will click on.

I'm seeing more and more that companies have their training and testing programs upside down (if they even have one). Meaning, they are testing regular employees all the time, but not “bothering” executives with the testing and training campaigns.

The problem with that logic is that “Susie” receptionist cannot transfer millions out of the company but “Bob” the CFO can, and he is only being tested or trained once a year, on the high end. Most companies don’t like to hear that they have it backwards but we don't mind helping them right the ship!

Employee (and executive) training improves retention, productivity and cyber security

Most groups will try to leave key decision makers off the training list as their schedules are “too hectic” or “we don’t want to create more work for them”. However, they are the primary people that need the training because it is frequently executives/C-Levels that have the authority to access funds, as well as vendor management, accounting and a few other roles.

This creates a gap in security awareness. You ultimately will never have a silver bullet for human error, but knowledge is power—so give EVERYONE in your organization the power!

While we're working to add details to our website very soon, ask us now about our Security Awareness Company Trainings.

The post Facebook and Google are Swindled for more than $100 Million—Here’s the Lesson appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/facebook-google-swindled-for-100m-heres-the-lesson/feed/ 0
Employee Training Improves Retention, Productivity and Cyber Security https://www.utgsolutions.com/employee-training-improves-retention-productivity-cyber-security/ https://www.utgsolutions.com/employee-training-improves-retention-productivity-cyber-security/#respond Fri, 21 Apr 2017 21:14:53 +0000 https://www.utgsolutions.com/?p=6071 I bet that last one, Cyber Security, caught you off-guard. More on that in a minute!

We are all busy people. For many of us, fitting all our work into any given day feels like a massive challenge. Against this backdrop, the notion of taking time away from our "jobs" for training seems completely impossible.

The post Employee Training Improves Retention, Productivity and Cyber Security appeared first on United Technology Group.

]]>
I bet that last one, Cyber Security, caught you off-guard. More on that in a minute!

We are all busy people. For many of us, fitting all our work into any given day feels like a massive challenge. Against this backdrop, the notion of taking time away from our “jobs” for training seems completely impossible.

I put “jobs” in quotes because to consider training as something apart from our job equates to deciding to work less effectively. Among other things, the right training program helps to replace reactiveness with proactiveness by helping staff understand the what's and why's behind their work. Let's examine some of the ways training benefits your organization.

Training shortens the learning curve for new technology

Perhaps it's a new CRM, a migration to Office 365, or a Surface Pro – training leverages the experience of someone who's familiar with the features, shortcuts, limitations, and workarounds necessary to most effectively take advantage of the new product and brings your team up to speed quickly.

Thirty minutes figuring out how to attach an email to a contact in your CRM (without training) becomes something a user knows how to do instantly. Multiply that 30 minutes by 200 users within the organization and that equals over two weeks of lost productivity, which could have been saved by three minutes of an hour long training, for example. Think of what the remaining 57 minutes of training will save!

Training protects your workforce and company property

VISA Phishing email

From VISA website. Example of typical phishing scam email.

While the new technology scenario provides an obvious context for training, protection training offers a value that could be in the hundreds of thousands—even millions of dollars.

Last week, I visited a client to deliver an end-user security training lunch-and-learn. One of the things we discussed was email phishing threats and how to recognize them. Just a week later, I received an email from one of their users who had received an email allegedly from their President asking her to process a wire transfer. The style of the email didn't seem right, though, and hovering over the reply-to address showed a slightly different domain than theirs.

The training the week before saved them from a potentially costly mistake. Investing in training that helps avert such mistakes/exploits and heightens awareness around data protection, security, and file sharing best practices will pay for itself a hundred times over.

Training develops well-rounded, effective employees

On one hand, training saves money by protecting your business; on the other hand, it saves money and results in happier customers by creating employees who not only complete their jobs but excel at them.

A robust training program increases the number of tools in employees' metaphorical toolboxes and their ability to use them. Over time, a training program nurtures employees to be comfortable approaching their jobs from a number of different angles and are better equipped to approach their tasks strategically.

Furthermore, employee training creates stickiness for your workforce. They know that you value and invest in them. They have confidence in their ability to do their jobs, and know that as the world changes, you will continue to support their learning.

What value do you place on developing solid employees loyal to you and your mission?

These 3 reasons just scratch the surface of the importance of training to organizations seeking to more proactively manage their businesses. Avoiding costly mistakes, savings accrued by knowing how to accomplish tasks, and increased employee retention all stem from just a small monthly investment in training.

UTG offers a number of training options from standalone training sessions to managed partnerships with webinars and monthly or quarterly on-site customized sessions. Contact us and let us help you develop a training plan for your business.

The post Employee Training Improves Retention, Productivity and Cyber Security appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/employee-training-improves-retention-productivity-cyber-security/feed/ 0
7 Must-Knows About Security Spending in 2017 [SlideShare] https://www.utgsolutions.com/7-must-knows-security-spending-2017/ https://www.utgsolutions.com/7-must-knows-security-spending-2017/#respond Fri, 31 Mar 2017 14:17:45 +0000 https://www.utgsolutions.com/?p=6029 Worldwide spending on security-related hardware, software and services is expected to reach $90 billion in 2018, up from $73.7 billion in 2016, according to research by IDC. Check out the slides..

The post 7 Must-Knows About Security Spending in 2017 [SlideShare] appeared first on United Technology Group.

]]>

 

1 – Security Spending on the Rise
Worldwide spending on security- related hardware, software and services is expected to reach $90 billion in 2018, up from $73.7 billion in 2016, according to research by IDC. Photo: Sapience.net

2 – Compliance, Best Practices Drive Security Investment
Security spending to implement security best practices was the second most popular driver for increased spending,

3 – Heavily-Regulated Industries Spend Big
Seventy-six percent of organizations in healthcare services are planning to increase security spending while 78 percent of financial services organizations said the same

4 – Network Security, Endpoint Security See Increased Spending
So not only do network and endpoint security still dominate spending plans, they also appear to be widening the gap with other security categories – despite being ranked least effective, at least in the case of endpoint security.

5 – Barriers to Security Spending Remain
Complexity continues to be the top barrier to more aggressive adoption of data security solutions, according to more than half of respondents (50.4 percent).

6 – Most Security Spending Happening Outside U.S.
Security spending in Brazil and Germany are set to rise the most. Eighty-five percent of respondents from Brazil said their organizations would increase security spending next year, up from 73 percent last year, and in Germany, 80 percent compared to 63 percent last year.

7 – Encryption, CASB Planned Security Solutions
Respondents said that in terms of the security techniques and solutions they are planning to implement next year, encryption and bring your own encryption key topped the list, with cloud access security broker in second place

Credit: http://talkincloud.com/cloud-computing-security/7-must-knows-about-security-spending-2017

The post 7 Must-Knows About Security Spending in 2017 [SlideShare] appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/7-must-knows-security-spending-2017/feed/ 0
Is Your Data Safe in the Cloud? A Reflection of the AWS Outage https://www.utgsolutions.com/aws-outage-are-cloud-services-safe/ https://www.utgsolutions.com/aws-outage-are-cloud-services-safe/#respond Fri, 10 Mar 2017 21:19:19 +0000 https://www.utgsolutions.com/?p=5889 Cloud computing has given the technological world a much-needed gift in the form of easy storage and access. Whether you are an app developer, app user or binge-watcher of shows, the cloud provides you with the flexibility to operate from everywhere without losing any of your data.

The post Is Your Data Safe in the Cloud? A Reflection of the AWS Outage appeared first on United Technology Group.

]]>
Cloud computing has given the technological world a much-needed gift in the form of easy storage and access. Whether you are an app developer, app user or binge-watcher of shows, the cloud provides you with the flexibility to operate from everywhere without losing any of your data.

It provides data on demand, wherever asked, and the whole system works on a pay-as-you-go basis. Cloud storage is, of course, internet-based and when you upload a piece of information to it, you can consider it stored safely.

Small business owners and large enterprises alike rely on cloud-based storage. Sometimes, it's cheaper (depending on your cost and accounting model), but it's always more convenient. With a cloud subscription, there is no need for buying expensive hardware—or software to manage backups, archival, security and so on. And, your cloud data is typically safe from theft, loss and natural disasters.

Instead, you buy space on the internet to help your next big idea bloom into something great, with a very manageable pricing structure.

Cloud services are very simple to use. The cloud provider owns and maintains all the hardware, software (and data centers, Internet, people, etc.) needed to provide your services. And, as long you're connected to the internet you can access all your files, security and without incident.

About Amazon Web Services (AWS) / Cloud Computing Services

Amazon AWS is a huge player in cloud. AWS offers up services like computing, storage, analytics, database, applications and deployment services.and more. When you leverage Amazon Web Services, you can consider your work done.

Thousands of companies trust Amazon Web Services for their cloud needs and have found growth potential accompanied with an economical deal. It's cost-effective, time-saving and very scalable for businesses of all sizes.

Then Comes a Major AWS Outage

On March 2nd, starting at 12:30pm ET, S3, a component of Amazon Web Services, stopped working for thousands of people globally and lasted for a solid five hours.  Many large websites were down for several hours, resulting in lost service and more importantly, profits.

“This is a pretty big outage,” said Dave Bartoletti, a cloud analyst with Forrester. “AWS had not had a lot of outages and when they happen, they're famous. People still talk about the one in September of 2015 that lasted five hours,” he said.

The S3 system is used by 148,213 sites according to market research firm SimilarTech. It has “north of three to four trillion pieces of data stored in it,” Bartoletti said.

Among the websites affected include Expedia, Medium (makers of WordPress) and the U.S. Securities and Health Commission. The health services of Amazon cloud services as a whole was also found to be degraded within the same timeframe.

Here's What Caused It

Amazon explained in a post that the outage was caused by ‘human error' when some employees were trying to fix some billing issues in the system. According to the post, “an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended.”

Amazon had to restart all these systems and check all services again, which took several more hours. The S3 system had not been rebooted for several years, and had grown exponentially after the last reboot. This is what further delayed the restoration process. It all comes down to one wrong command. The post concluded with this apology:

Finally, we want to apologize for the impact this event caused for our customers. While we are proud of our long track record of availability with Amazon S3, we know how critical this service is to our customers, their applications and end users, and their businesses. We will do everything we can to learn from this event and use it to improve our availability even further.

This led to some concerns over the whole cloud computing structure. If a 12 billion dollar company faced outage caused by a wrong command, what does this mean for the industry?

Is Cloud Safe for Your Businesses?

This question and concern make perfect sense in a post-AWS outage world. There are typically two major concerns with your cloud data:

  1. Availability and recovery of your data
  2. Security of your data

The biggest risk with cloud services is to hand over your precious data to a company for storage. The fact that only 10% of the world's data is stored in the cloud speaks to this point.

You might be hesitant to adopt cloud storage for fear of loss. Handing over all your files and data to a storage company can be a scary prospect.  This is Amazon's second major outage in two and a half years. Service has been interrupted, but I haven't heard any reports of permanent data loss.

The other major cloud concern is security. Just because your storage is backed up and archived does NOT mean your data is secure. 

12 cloud security threats

So how do cloud providers keep your data secure?

The most obvious way is through encryption, both while the data is in transit and while it is “at rest” on the cloud servers, explains Ian Massingham, Amazon Web Services' (AWS) chief evangelist for Europe, Middle East and Africa.

AWS, by far the biggest public cloud platform provider with more than a million active customers a month, has more than 1,800 security controls governing its services, says Mr Massingham.

Customers can choose to control their own encryption keys if they wish, he says, as well as set the rules for who can and can't access the data or applications.

“Most of our security innovation comes from customer demand,” he says, “so the bar for security gets ratcheted up every time.”

“But we're not the owners or custodians of the data – we just supply the resources,” he says. “We don't control how the data is protected, customers do.”

WOW! Read that again! It's so very important. It implies you are still responsible for your cloud data and I agree 100%.

Here are two high-level tips for leveraging the cloud safely:

  1. Calculate your project's cloud risk/reward—do the pros outweigh the cons? Holders of 10% of the world's data says YES. Awareness is the key here. Go into it with both eyes wide open.
  2. Never forget that YOU are the owner of your data, YOU are responsible. Sure, you'll leverage a cloud platform, but you OWN it, YOU'LL ensure its security.

Let's Wrap It Up

Cloud is still “maturing” and as businesses we have to realize that we cannot ever put all of our “eggs” in one basket regardless of the sales pitch or the amount of market share any provider is able to capture.  AWS like many others seems too big to fail.  Any technologist would imagine the levels of redundancy and fault tolerance available would be on an epic scale yet there was still an outage.  This was a fairly significant outage as it affected many applications in a wide range of markets. 

For example, UTG practices a combination of “hybrid cloud” and “multi-cloud” to build in the resiliency that mitigate these issues even further. Although there are no 100% failsafe mechanisms by incorporating multiple cloud vendors and/or an on premise component to your cloud strategy, it'll go a long way.

The fact that a human error could halt normal functioning of the world's biggest cloud provider speaks of uncertainty which lies in any system of the world. Nobody can escape human error. It can occur anytime, just like an earthquake or a tsunami. You can try to prevent it by every means and maybe even achieve 99.9% resiliency, but the rest, nobody can escape.

In scientific terms:

“No machine can operate at 100 percent efficiency because some of the energy input will always be used to overcome the force of gravity and the effects of friction and air resistance. Even an optimally tuned engine heats up eventually.”

This isn't just the law of physics, but also of every machine or system which runs in the world. While major cloud providers can also fall prey to errors and outages, backups and restoration will usually save your businesses from destruction. Just never forget to own your data, wherever it may live.

 

The post Is Your Data Safe in the Cloud? A Reflection of the AWS Outage appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/aws-outage-are-cloud-services-safe/feed/ 0
Recent WordPress Vulnerability Hacks 1.5 Million Pages—Here’s the Lesson https://www.utgsolutions.com/recent-wordpress-vulnerability-hacks-millions-of-pages/ https://www.utgsolutions.com/recent-wordpress-vulnerability-hacks-millions-of-pages/#respond Fri, 24 Feb 2017 17:42:48 +0000 https://www.utgsolutions.com/?p=5851 Vulnerabilities within third-party software might be your greatest risk, because you can’t control or influence the code. And once the the fix is out, the cat's out of the bag. It becomes a "known vulnerability". Known to the manufacturer/developer, known to its customers and most significantly, known to attackers.

The post Recent WordPress Vulnerability Hacks 1.5 Million Pages—Here’s the Lesson appeared first on United Technology Group.

]]>
Vulnerabilities within third-party software might be your greatest risk, because you can’t control or influence the code. And once the the fix is out, the cat's out of the bag. It becomes a “known vulnerability”. Known to the manufacturer/developer, known to its customers and most significantly, known to attackers.

The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.

“This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites,” Mark Maunder, the CEO of Feedjit, said in a blog post Thursday. “During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor.”

There is one obvious reason WordPress sites were vulnerable: the WordPress core code itself contained the vulnerability.

But there is another, less obvious reason for the vulnerability: in this case, the vulnerability was within the REST API, which is a new WP module and not in use / not needed by the vast majority of self-hosted WordPress sites.

Two simple principles that would have protected you from this vulnerability

1. KEEP UP-TO-DATE WITH PATCHING—it's such a simple thing, but falling behind on patching is one of the leading causes of exposure to vulnerabilities.

If keeping up with patching is overwhelming, consider hiring a managed IT partner that will monitor for vulnerabilities (as well as performance, availability and more) and patch your systems as well as be ready to act upon any issues that may arise from patching or otherwise.

2. DISABLE UNUSED/UNNEEDED FUNCTIONALITY—this is a critical best practice.

FOR EXAMPLE, If you need to fire up an IIS web server, turn off every service/module you don't need. You can always turn them on as needed.

In the case of the WordPress REST API, which is mostly for communicating with EXTERNAL sites and services, you should leave this disabled until which time it is needed. By then, most of the kinks and vulnerabilities should be worked out, which is a good general rule of thumb; that is, as a product/feature becomes more mature, it becomes better, more secure.

Read more about this vulnerability

The post Recent WordPress Vulnerability Hacks 1.5 Million Pages—Here’s the Lesson appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/recent-wordpress-vulnerability-hacks-millions-of-pages/feed/ 0
FTC sues D-Link for Gross Lack of Security—Are You Protected? https://www.utgsolutions.com/ftc-sues-d-link-gross-lack-of-security/ https://www.utgsolutions.com/ftc-sues-d-link-gross-lack-of-security/#respond Tue, 07 Feb 2017 15:45:30 +0000 https://www.utgsolutions.com/?p=5741 The lawsuit comes after major distributed denial of service (DDoS) attack in October last year affected a number of prominent websites and services, driven by […]

The post FTC sues D-Link for Gross Lack of Security—Are You Protected? appeared first on United Technology Group.

]]>

The lawsuit comes after major distributed denial of service (DDoS) attack in October last year affected a number of prominent websites and services, driven by a botnet that took advantage of insecure IoT devices.

Hardware that used unchanged default administration login information was targeted, with malware installed to allow it to be remotely controlled and used for the attack.

D-Link Router Security

Image Source: Book – Protect Your Windows Network from Perimeter to Data

The FTC, in its complaint, asserts that D-Link included “well-known and easily preventable software security flaws,” and had repeatedly failed to test and repair its software to prevent them from being abused. The alleged issues include software that uses “hard-coded” user credentials, is vulnerable to command injection flaws, and other backdoors.

When I think about this, a few things come to mind:

  • What are the requirements for building electronic devices?
  • What are the requirements for security in electronic devices?
  • What is the standard for “well-known and easily-preventable” flaws?

I am unaware of the first two requirements but the last one rubs me wrong. I have dealt with really sharp security people that are aware of just about everything and have action plans around mitigation and I have been around “non-engaged” (not sure how this is possible but I meet them) security professionals that have no idea what you are talking about when you bring up “APT or Zero-Day”.

Bottom line, though, is until someone enforces or penalizes people from making IoT products without security then they will continue to make them without security as a part of the framework.

Any product that has a “default username and password” MUST be changed immediately or removed from the network. No exceptions.

The IoT will only continue to grow and we ALL must do what we can to limit their ability to cause disruptions if the manufacturer cannot fix their products.

For example, when we (UTG) assess a business for security we ALWAYS include the IoT devices in the conversation.

  • Are they on a separate VLAN?
  • Access Control Lists to limit network activity?
  • Have the default credentials been updated?
  • Does it have the latest firmware installed?

These are simple steps that can go a long way.

The post FTC sues D-Link for Gross Lack of Security—Are You Protected? appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/ftc-sues-d-link-gross-lack-of-security/feed/ 0
[WEBINAR] Exposing the Risks with Transport Layer Security Feb. 1, 2 PM ET https://www.utgsolutions.com/webinar-exposing-the-risks-with-transport-layer-security-feb-1-2017/ https://www.utgsolutions.com/webinar-exposing-the-risks-with-transport-layer-security-feb-1-2017/#respond Thu, 26 Jan 2017 20:22:13 +0000 https://www.utgsolutions.com/?p=5677 Many organizations and email providers endeavor to reduce risks by sending emails over Transport Layer Security (TLS) believing that TLS protects sensitive and confidential data. […]

The post [WEBINAR] Exposing the Risks with Transport Layer Security Feb. 1, 2 PM ET appeared first on United Technology Group.

]]>
[ZIX WEBINAR] Exposing the Risks with Transport Layer SecurityMany organizations and email providers endeavor to reduce risks by sending emails over Transport Layer Security (TLS) believing that TLS protects sensitive and confidential data. However, using TLS for email has its own inherent security vulnerabilities that make it susceptible to man-in-the-middle (MTM) attacks.

Is your organization protected? Identifying security gaps is the first step in ensuring your email communications are protected.

Join Cathy Kingeter, Sr. Product Marketing Manager, for a webinar on Wednesday, February 1 at 2 PM ET as we discuss:

  • Security risks associated with sending email via opportunistic TLS
  • Request for Comment (RFC) proposals to close security gaps
  • Additional functionality you can use to secure email in-transit

Register now to join us for this webinar.

The post [WEBINAR] Exposing the Risks with Transport Layer Security Feb. 1, 2 PM ET appeared first on United Technology Group.

]]>
https://www.utgsolutions.com/webinar-exposing-the-risks-with-transport-layer-security-feb-1-2017/feed/ 0