Here are some of the technology stories that caught our eye today:
Consumers have been warned about Microsoft’s end-of-life deadline for Windows XP support, set for April 8, 2014. Also reaching EOL that day is Microsoft Exchange 2003, and organizations need to start thinking about whether they want to keep their Exchange 2003 setup and risk not being able to get support for it, or upgrade to another on-premises or cloud service.
Microsoft is cautioning users about Reveton, a ransomware attack that not only locks victims out of their computer and demands money in return, but now also has the ability to steal a user’s passwords. The attackers are targeting vulnerabilities in Microsoft Office and Internet Explorer, as well as Java and Flash browser plugins.
Veeam announced version 7 of their Backup & Replication program, including built-in WAN acceleration and backup from storage snapshots. WAN acceleration copies data to offsite locations up to 50 times faster than a regular file copy, without the need for a WAN acceleration appliance or additional bandwidth. Backup from storage snapshots is a feature designed to work with HP storage solutions.
May 20, Help Net Security – (International) Cyber espionage campaign uses professionally-made malware. Researchers at Trend Micro identified a large cyberespionage campaign dubbed “Safe” that has targeted computers in several countries and appears to have been created by an individual with formal computer engineering training. Source: http://www.net-security.org/malware_news.php?id=2500
May 20, Help Net Security – (International) Form-grabbing rootkit sold on underground forums. A Webroot researcher found a rootkit for sale on underground forums known as “Private Grabber” that can capture communication sent over SSL and steal login credentials. Source: http://www.net-security.org/malware_news.php?id=2499
May 20, Softpedia – (International) Yahoo Japan may have leaked 22 million IDs in attack. Around 22 million user IDs from users of Yahoo Japan may have been leaked during an attack. Yahoo was unsure if the file was stolen since it was intercepted and access cut off when the attack was detected. Source: http://news.softpedia.com/news/Yahoo-Japan-May-Have-Leaked-22-Million-IDs-in-Attack-354574.shtml
May 17, Softpedia – (International) Syrian Electronic Army hacks Financial Times Twitter accounts, blogs. The Syrian Electronic Army hacker group compromised several Twitter accounts and blogs belonging to the Financial Times, defacing them. Source: http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Financial-Times-Twitter-Accounts-Blogs-354308.shtml
Here are some of the technology stories that caught our eye today:
Microsoft’s Tim Rains examines the latest Microsoft Security Intelligence Report and sees a new trend in the rise of viruses infecting computer systems, particularly in countries with poor Internet access and users without up-to-date antivirus protection.
Dell announced their Project Ophelia device will be released in July. The device plugs into the HDMI port of a monitor and turns the display into an Android-powered smart device. It connects to Citrix, Microsoft, and VMware virtualization platforms, and allows IT departments to manage devices remotely. Ophelia also comes with Wyse PocketCloud, allowing users to access files on PC’s, servers, or mobile devices.
VMware announced Dave O’Callaghan as the company’s new senior vice president of Global Channels and Alliances. “Dave’s wealth of experience with many high-profile sales leadership roles at enterprise IT organizations will be invaluable to our robust partner community,” said Dan Smoot, senior vice president, Global Customer Operations.
May 17, Help Net Security – (International) Ransomware adds password stealing to its arsenal. Microsoft researchers found a new variant of the Reveton malware that downloads a password-stealing component after it infects a victim’s computer. Source: http://www.net-security.org/malware_news.php?id=2497
May 17, The Register – (International) Mac malware found with valid developer ID at freedom conference. A security researcher participating in the Oslo Freedom Conference discovered a piece of malware for Apple OS X that takes regular screenshots from a victim’s computer and then sends them to two servers. Source: http://www.theregister.co.uk/2013/05/17/mac_malware_steals_screenshots/
May 17, The H – (International) ownCloud fixes critical security vulnerabilities. The developers of the ownCloud cloud storage and collaboration software released an update that closes security vulnerabilities that allowed SQL injection, PHP code execution, and the downloading of others’ calendars. Source: http://www.h-online.com/security/news/item/ownCloud-fixes-critical-security-vulnerabilities-1865334.html
May 17, Threatpost – (International) Pakistan hit by targeted attack out of India. Researchers at Eset discovered a cyberespionage campaign targeting Pakistani users via phishing emails, and appears to return sensitive information to India. Source: http://www.darkreading.com/attacks-breaches/pakistan-hit-by-targeted-attack-out-of-i/240155117
May 16, IDG News Service – (International) Four former LulzSec members sentenced to prison in the UK. Four U.K. nationals associated with the LulzSec hacking group were convicted and sentenced in the U.K. for their role in attacks on Web sites in 2011. Source: http://www.networkworld.com/news/2013/051613-four-former-lulzsec-members-sentenced-269856.html
By now we are all familiar with cloud-based services. Whether they be public, private, or hybrid offerings, cloud-based services are prevalent in many organizations. There are many cloud providers to choose from, and over the past two years many of Gotham’s customers have begun migrating services to the public cloud, typically starting with email.
Recently a Gotham customer migrated their email from an internal Exchange 2007 environment to the public cloud. The overall migration went smoothly; however problems started post-migration with network latency issues communicating with the cloud provider. As we all know, email is a core business service. Companies rely on email for communications, so this greatly impacted users’ productivity as they experienced connectivity issues to their hosted mailbox.
According to the cloud provider, all of their customers were affected, and they were instructed by Microsoft to upgrade to Exchange 2010 SP3, which had only been out for 2 weeks at the time. Gotham’s customer had no say in this, and following the upgrade to SP3, the issues only got worse. Upon asking the cloud provider what the rollback plan was, our customer discovered they didn’t have one. When asked about change management, the provider didn’t have anything for that either. It’s worth noting that this was not a startup cloud provider, but one that had been around for a number of years. The issue was finally resolved by adding more CAS servers to the cloud-based environment. However, intermittent mailbox access impacted user productivity at Gotham’s customer for approximately 3 weeks.
The moral of the story is, once your company goes with a cloud provider for a business-critical service like email, you are very much at the mercy of that provider to maintain the shared service. It’s important to do your homework and ask the right questions before moving any core service to the cloud.
Questions you should ask include the following:
- How many years has the company been in business?
- What is their change control procedure? Have the hosting company provide in writing what the change control is.
- What is the overall uptime? Many hosting companies state 5 “9s”, i.e., 99.999% uptime. Have them clarify what exactly that means to them.
- Ask if the hosting company supports multiple links to their site in the event that one of the links goes down.
- Request customer references.
- Ask about SLAs for support tickets.
- Ask about the security of the solution; and regulatory compliance (e.g., HIPAA, Sarbanes-Oxley)
- Ask about the hosting facility itself (e.g., physical security, redundant power, Internet)
- How does the hosting company handle updates to the environment such as OS and Exchange updates?
As seen above, having been in business for several years doesn’t necessarily mean much. Seemingly correct answers to the other questions might not mean much either, so you should ask all of these questions and consider the totality of the responses before selecting a service provider.
Here are some of the technology stories that caught our eye today:
The Internet Crime Complaint Center released their 2012 Internet Crime Report study this week, and found that cyber criminals stole $500 million last year. The IC3 received 289,874 complaints, with 40% of those resulting in financial loss for victims. Criminals used tactics such as fake tech support phone calls, fake antivirus and scareware, and impersonation schemes.
Cisco reported its ninth consecutive quarter of record revenue and earnings in the third quarter, during a conference call with analysts on Wednesday. Sales were $12.2 billion, up 5.4 percent over 3Q 2012. Revenue in the U.S. commercial market rose 13 percent over last year. “We continue to see evidence in the marketplace. … It’s great hardware and Cisco software that will drive SDN,” said Robert Lloyd, president of Cisco’s development and sales.
Parth Shah, an engineer at VMware, sat down with Semil Shah for a discussion on his work at VMware and his thoughts on the enterprise stack.
May 16, Help Net Security – (International) Researchers reveal OpUSA attackers’ MO. Trend Micro researchers analyzed attacks in the recent OpUSA campaign and found that attackers compromised some sites ahead of time with compromised URLs. Source: http://www.net-security.org/secworld.php?id=14918
May 16, The H – (International) Exploit for local Linux kernel bug in circulation. A Linux kernel bug not previously addressed as a security issue affects some versions of Linux by allowing access to almost any memory area. Source: http://www.h-online.com/security/news/item/Exploit-for-local-Linux-kernel-bug-in-circulation-Update-1863892.html
May 15, Threatpost – (International) PushDo malware resurfaces with DGA capabilities. The PushDo trojan associated with the Cutwail botnet was found to now incorporate a domain generation algorithm (DGA) to avoid detection and increase resiliency.Source: http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/
