MSPNetworks Blog

Even the solutions designed to keep businesses and organizations safe are vulnerable to the threat of a cyberattack, as when it all boils down, these tools are still software solutions, no matter how secure they might be. The company in question today—Barracuda—is a huge name in the cybersecurity industry, and it has become the victim of a zero-day exploit. Let’s go over how you can prevent your business from experiencing the same thing.

A Vulnerability Was Discovered in Barracuda’s Email Gateway Security

A vulnerability was discovered in Barracuda’s mail Gateway Security application only after it was exploited. This is the part of the email security system that scans email attachments, so it’s an important one. The breach was discovered on May 19th, and patches were swiftly deployed to resolve the vulnerability.

The official statement from the company is as follows:

“Barracuda recently became aware of a security incident impacting our Email Security Gateway appliance (ESG). The incident resulted from a previously unknown vulnerability in our ESG. A security patch to address the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. Based on our investigation to date, we've identified unauthorized access affecting a small subset of appliances. As a mitigating measure, all appliances received a second patch on May 21, 2023, addressing the indicators of potential compromise identified to date. We have reached out to the specific customers whose appliances are believed to be impacted at this time. If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause.”

Explaining Zero-Day Exploits

Zero-day exploits are those that were previously unknown to security researchers, only having been discovered after they are actively being targeted by a threat. The severity of these exploits can vary, but they are extremely difficult to detect, as they often go undiscovered and undetected for quite a long time. After all, you can’t protect against something that you don’t know exists. Eventually, these vulnerabilities can become serious problems and logistical nightmares for security companies and businesses alike.

What Can Be Done to Stop Them

The worst part of dealing with a zero-day vulnerability is not knowing if one exists, as well as not knowing how long they have existed for. In the case of this exploit, it doesn’t appear to be too long, but any vulnerability in Barracuda’s ESG system is going to cause quite a stir. Businesses use a lot of software throughout the course of their operations, and the same issue could happen for any application on your network. You need to have a strategy in place to handle potential threats as they arise or become known, and it starts with making sure that patches are tested and deployed as soon as they are available.

MSPNetworks can help your business deploy patches and updates in a quick and efficient manner using our remote patch deployment solutions. We can keep your software secure and safe from all threats, and if zero-day exploits do arise, we’ll do what we can to deploy fixes and assess damages. To learn more, call us at (516) 403-9001 today.

Google’s Project Zero team has discovered 18 zero-day vulnerabilities impacting the Samsung Exynos modems—four of which enable remote code execution. Let’s talk about what this issue does, and what needs to be done to minimize risk.

These Threats are Severe and Need to Be Addressed

Without going too far into the weeds, some of these vulnerabilities—which, in addition to mobile devices, were also identified in wearables and vehicles—can be carried out with the attacker only knowing the target’s phone number and can give the attacker access to the device with no need for the target to provide access. In fact, a vulnerable device could be compromised without the target even being made aware.

Samsung’s list of impacted devices includes:

• Samsung mobile devices, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
• Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series
• Google’s Pixel 6 and Pixel 7 series

Plus, any wearables that use the Exynos W920 chipset and vehicles with the Exynos Auto T5123 chipset are also impacted. It is also important to note that this is by no means an exhaustive list.

Patches Aren’t All Available as Of Yet, But There is a Fix

Because this issue impacts devices from so many vendors and manufacturers, patches aren’t necessarily available for everything that is going to be impacted. However, you should disable Wi-Fi calling and Voice-over-LTE to prevent the threat, and update your devices when patches are released.

For most of the common smartphones, like the recent Google Pixel phones and Samsung Galaxy phones, these updates were pushed out in the March security patch. If you own these devices, you need to make sure you apply these updates because not doing so will leave your device extremely vulnerable to attack.

We’re Here to Help You Manage the Complicated IT Businesses Require

Reach out to us for any assistance needed with implementing these fixes, or any of the rest of your IT. Call us at (516) 403-9001 today for help.

You’ve probably already heard about Log4j this week. Maybe you don’t recognize the name, but it’s likely that you have run across emails or news articles talking about this widespread vulnerability. You need to take it very seriously.

What is Log4j?

When developing software, developers utilize different programming languages. One of these languages is called Java, and in Java, developers have multiple libraries to work with. Log4j is one of those libraries, and it has recently been uncovered that there is a huge vulnerability that cybercriminals can exploit to gain access to your systems and data. It’s a huge open door that has been there for years, and now that the world knows about it, it is just a matter of time before it is being used to do damage.

This particular Java library has been used a lot over the years. The vulnerability impacts some pretty big names in software and cloud hosting, such as:

• Amazon
• Apple
• Cisco
• Fortinet
• Google
• IBM
• Microsoft
• SonicWall
• Sophos
• VMware

…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.

Is My Business Impacted by Log4j?

It’s almost certain that it is. We can’t stress enough that this is a big issue, and that major tech companies are scrambling to put out patches. It doesn’t just affect the folks at Amazon and Microsoft, it affects those that use their products as well.

What You Can Do to Fight Back Against Log4j

One of the scary things about this vulnerability is that most businesses are at the mercy of their vendors to patch it, and some experts think it will take years before this vulnerability is totally removed from the world. Fortunately, as we mentioned earlier, the big names in tech are scrambling to get a patch out the door, and many, if not most, already have.

However, it also falls on the impacted webmasters and businesses to apply the patches that these developers put out. Beyond that, it is critical that you as an individual remain vigilant in your cybersecurity hygiene. That goes double for your business.

For example, let’s assume for a moment that you’re a user on a fantasy football league website. If that website relies on technology that Log4j impacts and they don’t apply the fixes, the information you’ve provided to the website—account details, financial information, and whatever else—would be vulnerable and easy to steal.

This applies to every website or application that uses this technology; if they don't react, your account with them is not very safe. 

The problem is, as a user, you can’t really tell if a website or piece of software is using this particular Java library. In other words:

Everything just potentially got a little more dangerous, when it comes to cybersecurity. It’s up to everyone to work harder to protect themselves.

How to Protect Yourself from Log4j, as an Individual and a Business

It’s critical to use strong password hygiene. “Password123” isn’t going to cut it. Using the same passwords across multiple accounts needs to stop, immediately. This involves following the basic password best practices that we always talk about, like:

• Using a unique password for each account and website
• Using a mix of alphanumeric characters and symbols
• Using a sufficiently complex passcode to help with memorability without shorting your security
• Keeping passwords to yourself

Audit your IT IMMEDIATELY

All organizations need to bring in a professional to audit all of their technology and update what can be updated to remove the influence of Log4j. Not only will this help protect your business and your employees, it will also protect the interests of your clients and customers. 

We recommend that you give MSPNetworks a call at (516) 403-9001 to schedule an appointment. This is extremely important, and you need a professional set of eyes to audit your IT to make sure you aren’t affected by this awful vulnerability. 

2020, unsurprisingly, has decided to go out with a bang, as it has been revealed that the United States was targeted in the largest cyberespionage attack to date. Let’s go over what this attack means, and how things will need to play out in the future.

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

• The U.S. Department of State
• The U.S. Department of the Treasury
• The U.S. Department of Homeland Security
• The U.S. Department of Energy
• The U.S. National Telecommunications and Information Administration
• The National Institutes of Health, of the U.S. Department of Health
• The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

Unfortunately, the full extent of this threat will not be clear to us until much later, but what is clear is that we’ll be here to keep your business’ IT as secure as possible. To learn more about what we can do for your business and its security, take a few moments to give us a call at (516) 403-9001.

We realize that it’s one thing for us to tell you how important it is to update your software. After all, we’re tech guys, so we worry about that kind of thing all the time. Hopefully, it’s quite another matter when Homeland Security does it, which is why we’re really hoping that you take heed of this warning and update Google Chrome.

Homeland Security Warns of Current Attacks Via Chrome

So far this month, there have been no fewer than five vulnerabilities patched in the Chrome web browser, all of which have been zero-day threats.

A zero-day threat is one that attackers have begun to leverage before a software developer or security researcher has managed to identify it. As a result, the attacker using a zero-day attack has the advantage of an early start, leaving the vendor playing catch-up. This makes zero-day threats particularly dangerous to begin with.

What’s worse, the last two zero-day threats that influence Chrome have been deemed to be high severity attacks. While the full details of these threats have not yet been released to the public, we do know that CISA—the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency—has stated that the vulnerabilities these threats are composed of could enable an attacker to take over an affected system. One of them, tied to a JavaScript engine, would most likely be used in a phishing attack, while the other is more likely to be a corruption vulnerability in one of Chrome’s features.

Regardless, these vulnerabilities have already been spotted in active use, and so CISA is also encouraging users to apply the updates that Google has released to resolve these issues.

Why Applying Updates is So Important

Let me ask you this: if the front door of your business suddenly couldn’t be locked properly, would you just leave it like that and hope for the best, or would you fix it immediately?

Either one of these vulnerabilities are akin to the broken lock, and too many users unwittingly elect to take the first option. For instance, when Google mitigated one of these vulnerabilities with an update, only half of Android users updated their version of Chrome within a day. Whether this is simply negligence or the use of an out-of-date device, it leaves serious vulnerabilities open to attack.

As a managed service provider, MSPNetworks is here to help. Part of our service is to ensure that these kinds of patches and fixes are applied in an appropriately timely manner. If you need assistance with securing your business’ IT or with any other aspect of your technology management, reach out to us to find out what we can do for you. Call (516) 403-9001 today.

Data and cybersecurity is hard enough without vulnerabilities coming from one of your most utilized applications. That’s the scenario after a bug was found in some of today’s most popular Internet browsers putting billions of people’s data security at risk. Let’s take a brief look at the vulnerability and how you can ensure that it won’t be a problem for you or your company.

Chromium Bug Explained

Internet browsers such as Opera, Edge, and Chrome are built on top of Google’s open-source Chromium platform and therefore share a lot of the same code. Unfortunately, researchers found an exploitable vulnerability in the Chromium code that would allow hackers to bypass the Content Security Policy on websites, leaving them able to steal data or run malicious code. 

What is the Content Security Policy?

The Content Security Policy (CSP) is an Internet standard that was designed to eliminate certain types of cyberattacks. The policy provides access to website administrators to set the domains that an Internet browser sees as legitimate. An Internet browser with a CSP will block scripts that aren’t loaded into the policy’s parameters. Most websites on the Internet use CSP.

How Does the Hack Work?

In order to use the CSP vulnerability in the Chromium-based browser, the hacker first needs to gain access to a web server. There are several ways this can happen, but most commonly, they can use a brute-force attack--that is an attack where so many different iterations of login credentials are used that eventually the password is discovered--is used. Then the attacker alters the JavaScript to allow the nefarious cofe to work, bypassing the CSP completely.  So while it actually takes a successful hack to exploit the vulnerability, it is still extremely dangerous due to the amount of trust people have in, what claim to be, secure websites.

What You Can Do to Ensure Your Browser is Secure

This is a great example of how even the most trusted software could have long-standing security vulnerabilities. The Chrome browser, which reached 5 billion downloads in 2019, carried this vulnerability for over a year. Since being discovered, however, the issue has been patched. As a result, users of Chrome, Microsoft’s Edge, Opera, and Vivaldi will definitely want to update to developers’ newest versions to ensure your browser doesn’t carry this very dangerous vulnerability. 

Staying safe online requires your browser to be updated and patched. If you need help ensuring your business is running patched and up-to-date software, contact the security professionals at MSPNetworks today at (516) 403-9001.

COVID-19, or coronavirus, has been a major global health concern over the past couple of months. At this point, it is clear that this disease could have serious impacts on the workplace. We wanted to provide a brief rundown of good workplace and network health practices, as well as a few pointers on how you can handle health-based employee absences.

How to Minimize General Exposure in the Office

Based on what is currently known about the coronavirus, the Centers for Disease Control and Prevention have some recommendations as to how to keep the potential impact of coronavirus to a minimum:

• Encourage employees who are ill to stay home. This will help to minimize the spread of infection within your business. Make sure that your employees are aware of this policy by reiterating it verbally, and by posting notices around the office encouraging them to stay home if under the weather.
  
  Emphasize hygiene and etiquette. Properly stifling coughs and sneezes and keeping hands clean are surprisingly effective ways to keep your workplace healthier. Rather than using their hands to catch a cough or sneeze, your employees should use a tissue or--if unable to do so--use the upper part of their sleeve.
  
  The CDC recommends that tissues and alcohol-based hand sanitizer should be made readily available. Make sure your employees are washing their hands with soap and water for the recommended 20 seconds.
  
  

• Engage in keeping the workplace clean. There is a chance that coronavirus (and other illnesses) could be spread via infected surfaces. Make sure that all surfaces that are touched frequently, like desks, workstations, and doorknobs, are kept sanitized. Provide your employees with disposable wipes so they can proactively disinfect these surfaces before use.

If you find that one of your employees is confirmed to have been infected with coronavirus, make sure that you inform their coworkers of their possible exposure while still maintaining the confidentiality that the Americans with Disabilities Act requires. These employees and those who are living with a sick family member should assess their risk of exposure using the CDC’s guidelines.

Coronavirus as a Cyberthreat

Unfortunately, coronavirus will also require you to also keep an eye on your network security, particularly if you operate within the healthcare industry. Hackers and cybercriminals have taken advantage of the widespread concern that the disease has caused. For example:

• Scammers have phished healthcare providers with updates that appear to have come from the World Health Organization or hospitals local to their area, but actually introduce keyloggers into their systems.
• Those involved in the medical supply chain have been targeted with emails referencing the coronavirus that install malware to steal information.
• Ransomware has been introduced into consumer systems by promising recipients of an email information about COVID-19’s spread.

While the current climate may not make it easy, these emails and other threat vectors can be overcome through the same best practices that foil other cyberthreats. In addition to comprehensive digital protections, training your employees to spot these threats will be crucial.

Of course, you should also maintain a comprehensive backup in case you need to recover from a successful attack.

How to Maintain Productivity with Your Team at Home

With today’s technology, sending an employee home sick doesn’t necessarily mean that you will be sacrificing that employee’s productivity. We now have many ways that your team can work effectively from home, still contributing to your organizational agenda without exposing their coworkers to their illness.

Equipping Your Employees

Remote access solutions, paired with virtual private networking technology, can allow your employees to securely continue their work from home, safely accessing the applications and data their tasks require through an encrypted connection. As collaboration will certainly be necessary, you will want to be sure that your employees are also equipped with the communication tools that facilitate this collaboration as well.

Network Protections

You will also want to thoroughly secure your network infrastructure to help prevent threats like phishing attacks and other methods from being successful… as well as preparing for a potential breach or emergency with data backups and disaster recovery policies and procedures (including contact information for your employees) to help mitigate a worst-case scenario.

Employee Awareness

Finally, make sure your employees are on the lookout for any suspicious activity that could be a cybercriminal’s attempt at using the coronavirus as a means to an end. Not only should your employees know how to spot these attempts; they should also know the proper procedures for reporting and handling them.

Is the coronavirus scary? At this point, it is safe to say that it is, but does it have to interrupt your business operations entirely? Not if you are properly prepared.

For more assistance in preparing your business for any kind of disaster, reach out to the professionals at MSPNetworks by calling (516) 403-9001.

What is COVID-19?

COVID-19, better known as coronavirus, is a respiratory illness that first appeared in Wuhan, China, and was reported in the United States on January 21st, 2020.

As of March 3rd, 12 states have reported 60 total cases of coronavirus and six confirmed deaths, with no vaccines or specific antiviral treatments for the illness. Symptoms of the virus include fever, shortness of breath, and a cough, while those with complications from the virus can experience pneumonia in both lungs, failure of multiple organs, and death. 

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million.

How Could My Asus Laptop Get Hacked?

This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now.

The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack.

What Do I Do Now?

First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date.

If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed.

Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool.

We HIGHLY encourage you to reach out to MSPNetworks if you are running any Asus hardware. It’s better to be safe than sorry.