PC PORTAL

Experienced. Trusted. Solutions.

Blog

By

Cyber News Rundown: Newegg Breached

Reading Time: ~2 min.

Newegg Breach Lasts Nearly a Month

Newegg finally addressed a recent breach after unknowingly hosting malicious code within a payment page for the last month. While the company is still unclear about how many customers were affected, the injected code does appear to have targeted both desktop and mobile visitors to the Newegg site. This breach is extremely similar to a previous attack on British Airlines, leading officials to believe the same group may have been responsible for both attacks.

EternalBlue Exploit Still Remains a Major Threat

More than a year after the WannaCry attacks brought NSA exploits to light, the cryptomining variant WannaMine is still consistently being spotted in the wild, harming businesses as it spreads. Microsoft was prompt to release multiple patches for the various exploits, but many companies are still falling victim to these attacks due to poor security practices. By operating through several PowerShell scripts, the attack is nearly fileless, making it much more difficult to track through traditional methods.

Ransomware Targets Bristol Airport

Nearly all of the information screens at Bristol Airport have been shut down for the last several days following a ransomware attack on airport systems. Officials were quick to take the systems offline to mitigate further damage and have since returned the airport to normal operations. Luckily, no actual flights were affected by this attack and most passengers noticed only minor delays in services.

Email Breach Hits State Department Staff

A breach of the State Department’s email systems exposed personal information belonging to hundreds of staff members. The security for this department has long been under scrutiny for failing to meet industry standards, including a lack of two-factor authentication for main email systems. The breach is thought to be the result of a phishing attack on a cloud-hosted email server, but the exact cause is still unknown.

Un-owned MongoDB Server Left Exposed

An independent researcher recently found an unsecured database with personal contact information for nearly 11 million individuals, but was unable to find an owner for the server. Though much of the data appeared to be linked to the coupon website SaverSpy, affiliate company Quotient Technology claims they neither own the data, nor suffered a breach. Fortunately, due to the nature of the coupon sites, no payment information was included with the records.

The post Cyber News Rundown: Newegg Breached appeared first on Webroot Blog.

By

Collaborating with customers and partners to deliver a modern desktop: Microsoft Managed Desktop

We have consistently heard from our customers—both large and small—that they struggle to keep up with the pace of changes in technology. They feel pulled between the requirement to stay secure and up to date against the need to drive more business value. They are challenged to deliver the great user experiences that employees want and expect. And the sophistication of today’s security threats requires organizations to re-think how they deploy, manage, and secure assets for their users.

The cloud has dramatically changed the way in which we can deliver, manage, and update devices, which creates an opportunity to think about how we deliver a modern desktop with Microsoft 365 in new and different ways.

Today, we are announcing Microsoft Managed Desktop (MMD), a new initial offering that brings together Microsoft 365 Enterprise, device as a service, and cloud-based device management by Microsoft. MMD enables customers to maximize their IT organizations’ focus on their business while Microsoft manages their modern desktops.

Great experience with Microsoft 365 on modern devices—Our goal with MMD is to provide a great experience for users while keeping devices secure and up to date. MMD relies on the power of Microsoft 365, running in a consistent, lightweight, reference architecture that continues to evolve to allow our customers to take full advantage of our intelligent security capabilities to protect them from nascent threats. Importantly, MMD is built on modern devices that meet our specification and runtime quality bar.

Analytics benefit all customers—Analytics are at the heart of MMD. We leverage analytics to provide operational and security insights and learnings, so we can constantly monitor and improve, as well as enable us to manage the global MMD device population. As an example, we use insights and AI to determine which devices are ready for feature updates or, conversely, whether a specific app is blocking a device’s ability to update so we can act.

Customer and partner insight and feedback—Customer feedback and insight are also at the heart of MMD. We have deployed MMD in a measured approach with a set of early customers, leading to hundreds of changes in Microsoft 365 to better enable end-to-end scenarios for customers around the world. We are delighted to be working in partnership with Lloyds Banking Group to deploy MMD, as well as the Seattle Reign FC. These organizations are united by their desire to transform, to modernize the user experience and shift to a modern desktop. They have been partnering with us to learn from, expand, and develop the MMD offering so that we can bring it to more customers and markets in the future. We are also partnering with key strategic partners like Dell, HP, DXC, HCL, Computacenter, and Accenture/Avanade in our MMD journey. We see great opportunities for our partner ecosystem to expand their existing Microsoft 365 activities and provide devices and experiences alongside MMD.

Today, we are live with MMD with a small number of customers in the U.K. and the U.S., and are starting operations in Canada, Australia, and New Zealand in early 2019. We will continue to learn from these initial customers and use that insight to evolve and improve both Microsoft 365 and MMD. From there we plan to expand to several other geographies in the second half of 2019.

We believe that MMD will be an option that allows organizations to fundamentally shift how they think about and manage their IT. Through MMD, customers will be able to move toward a secure, always up-to-date environment with device management by Microsoft. As we expand the offering, our partners will play a key role in helping us bring MMD to market and support customers in their transition to a modern desktop. We encourage customers who are interested in MMD to contact their local Microsoft account manager as we work to broaden the offering.

The post Collaborating with customers and partners to deliver a modern desktop: Microsoft Managed Desktop appeared first on Microsoft 365 Blog.

By

Telstra empowers its employees to do their best work from anywhere with Microsoft Office 365

The Telstra logo.

Today’s post was written by Gregory Koteras, general manager of digital workplace solutions at Telstra in Melbourne, Australia.

Image of Gregory Koteras, general manager of digital workplace solutions at Telstra in Melbourne, Australia.At Telstra, our mission is to connect people. We’re Australia’s leading telecommunications and technology company, providing mobile phone and internet access to 17.6 million retail customers.

We’re currently fundamentally re-engineering how we operate through our new T22 strategy, designed to remove complexity and management layers, decrease the focus on hierarchical decision making, and increase the focus on empowered teams making decisions closer to the customer.

The strategy leverages the significant capabilities already being built through Telstra’s up to $3 billion strategic investment announced in August 2016 in creating the Networks for the Future and digitizing the business.

The key to any successful organizational change is having engaged and empowered people. One of the ways we’re doing this is by providing new tools and systems that our employees can use to connect across more than 20 countries around the world. This includes outfitting our employees and contractors with Microsoft Office 365 to provide state-of-the-art collaboration and conferencing tools needed to design better services and transform our customers’ experience.

We also know how important it is to give our people a voice, and we use Yammer to let all employees connect with each other, ask questions, and get the answers they need. Conversely, Telstra executives use Yammer to engage with our global staff and rally support for corporate initiatives. Yammer is our corporate living room. There are thousands of work-related conversations happening there, but also book club groups, fitness groups, Brilliant Connected Women groups, and technical interest groups.

We’re also proud to be a corporate leader in serving customers with disabilities and addressing barriers to accessibility and inclusion. And that extends to our people. With the built-in accessibility features in Office 365 ProPlus, such as screen reader support, voice alerts, and keyboard shortcuts, all Telstra employees can use these new tools to be part of company conversations.

In March 2014, Telstra adopted a flexible workstyle model called All Roles Flex, which recognizes the need for flexible hours and modes for different job roles. It includes part-time work, working outside normal nine-to-five business hours, and working from different locations. To support this way of working, our people need to have access to the best tools and services, so they can connect anywhere, anytime. Office 365 gives them the flexibility and functionality to do that.

As we focus on transforming our company, the tools we provide our people will play a critical role. By greatly simplifying our structure and ways of working, we empower our people and better serve our customers.

Read the case study to learn how Telstra is creating a simpler and productive workplace with Microsoft Office 365.

The post Telstra empowers its employees to do their best work from anywhere with Microsoft Office 365 appeared first on Microsoft 365 Blog.

By

Cyber News Rundown: Big Data Mismanagement

Reading Time: ~2 min.

Massive Customer Database Left Exposed by Data Management Firm

A security researcher recently found a database containing customer information for nearly half a billion users of Veeam software on an unsecured AWS server. Most of the data was contact information spanning from 2013 to 2017 and was likely used by the Veeam marketing team’s automated customer contact functions. Fortunately, the database was taken offline within a week of the researcher contacting Veeam about the server.

Hacker Group Breaches British Airways

After last week’s reveal of the data breach affecting nearly 380,000 of the airline’s customers, it was discovered that the injection methods used were the work of known hacker group MageCart. By compromising third-party actors, the group can access hundreds of sites and begin passing any customer payment information back to their own systems. Even more toublesome, this particular attack appeared to be tailored for the British Airways systems specifically, but could very likely be readjusted for other applications.

Chinese Hackers Using Digitally Signed Drivers for Attacks

A long-active hacker group likely based in China has expanded their tactics to include a seemingly innocent network filtering driver (NDISProxy) to start their latest malware campaign. The driver itself has a signed digital certificate from a Chinese-based security software company, which was likely unaware their certificate was being misused. By injecting itself silently across the infected network, the fully functioning remote access Trojan can be used to execute malicious tasks with ease.

Scam Calls Causing Mobile Traffic Jam

The number of scam calls recoreded by the call management firm First Orion rose nearly 1000% over the past year, from 3.7% of total calls last year to 29% so far in 2018. The projections for the coming year project that number to rise to half of all mobile calls received in the U.S. Unfortunately, service providers have few options for slowing down the bombardment of phony calls facing their customers.

Latest MongoDB Attacks are Ransoming Empty Databases

While MongoDB attacks are nothing new, Mongo Lock has stepped up the game by identifying unprotected databases, exporting the data to their servers, wiping them clean, and leaving behind a ransom note instructing the victim to reach out via email rather than sending a Bitcoin payment directly to a crypto-wallet. Mongo Lock appears to operate via an automation script, though it has been known to fail, leaving the victim with both the ransom note and their original data.

The post Cyber News Rundown: Big Data Mismanagement appeared first on Webroot Blog.

By

Cyber News Rundown: Banking Trojans in Google Play

Reading Time: ~2 min.

Banking Trojans Still Appearing in Google Play Store

Multiple security researchers recently discovered a handful of banking trojans that have still managed to make their way into the Google Play app store, despite Google having increased its security to detect such apps. Many of the apps are disguised as astrology/horoscope software, but instead of reading the future, they steal SMS and call logs from the device, install unauthorized apps, and even seek out banking credentials based on other installed applications. Some of these apps had been installed by up to 1,000 individuals, many of whom are likely under the assumption that the app removed itself, after showing a fake error message claiming incompatibility with the device.

Obama-themed Ransomware Forges Dangerous Path

A new ransomware variant bearing the face of the former US president, Barack Obama, has been spotted in the wild performing some unusual encryption tactics. Rather than encrypting personal word documents and pictures, this variant focuses on encrypting executable files across the system, which could lead to the system crashing and other devastating results. It is still unclear if this methodology is the intent, or just an oversight by the ransomware’s authors, but this type of damage is unlikely to pay off if it renders the system nonfunctional.

Thousands of Online Stores Compromised

Due to security loopholes in eCommerce sites that use Magento as a host, nearly 8,000 sites have been confirmed to be hosting card-skimming malware, with up to 60 more being compromised every day. The breaches led to malicious scripts being added to the pages to record and upload any customer inputs in real time, rather than following a more complicated path to obtain the same data after the transaction is complete. Unfortunately, it is difficult to determine whether a site is safe without checking the entire codebase for any unauthorized entries.

Fake Tech Support Ads Now Indistinguishable from Real Counterparts

In the run-up to Google’s release of a verification program for third-party vendors to display ads, the company has been inundated with countless fake tech support advertisements that are nearly impossible to identify over a real vendor’s ads. The creators of these fake ads will go to almost any lengths to avoid detection, including creating entire companies to continue their illicit activities.

Unsecured Sites Leaving .git Repositories Easily Accessible

Nearly 400,000 websites have been found with exposed .git directories that could lead to major information exposure, if improperly accessed. These repositories contain everything from passwords and API keys for the site, to forgotten data stored on the sites. Fortunately for the website owners, the researcher who discovered the breach was not acting maliciously, and quickly began contacting them with information on how he found the leak and what they could do to resolve it.

The post Cyber News Rundown: Banking Trojans in Google Play appeared first on Webroot Blog.