Fastly internet outages affecting Europe and North America

A number of retail, news and social media websites experienced internet downtime caused by an outage at the global website cloud hosting service, Fastly.

For an hour from 11am BST today, users of Fastly’s hosting service including gov.uk, PayPal, Amazon and a whole host of other major company websites were greeted with and “Error 503 Service Unavailable” detailing problems with the cache server.

By 12.09pm BST, Fastly released a statement saying that their global network was coming back online and that it had been “investigating potential impact to performance with our CDN [content delivery network] services”. However, users were still met with slow loading times and sporadic access to multiple companies’ websites.

Error 503 message that greeted those trying to access the affected websites

When functioning correctly, CDNs such as Fastly aim to improve website security from denial-of-service attacks and reduce loading time for images, videos and HTML pages whilst managing sudden web traffic clusters for their customers’ websites.

ESET commented on the outage and its implication going forward with “whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent” – adding weight to the growing responsibility that these CDN providers have over global Internet control and access.

The outage raises security concerns over the over-centralisation of the internet in the hands of a few major hosting providers and asks questions about its reliability in the future should a larger scale problem like this occur again – demonstrating that we have not learned our lesson from the past hosting service outages as exemplified by the Cloudfare crash of 2019.

Full list of all websites affected below:

AFR, Age, Amazon, Boots, BuzzFeed, CNN, Deliveroo, Etsy, Evening Standard, Financial Times, Giphy, Horse and Hound, IGN, Imgur, Independent, Kickstarter, Le Monde, New York Times, PayPal, Pinterest, Reddit, Royal Mail, SMH, Spotify, Taboola, The Guardian, The Verge, Twitch, Twitter, UK Government website (including HM Revenue and Customs), Vimeo and Weightwatchers

 


7.5 Million at risk from out-of-date ISP routers

Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.

Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.

The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.

Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.

Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.

A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.

In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.

Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.

Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.

Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N


macOS Gatekeeper Vulnerability Discovered

Apple has released important security updates under macOS 11.3, in response to a serious gatekeeper vulnerability discovered by security researcher Cedric Owens.

The weakness, found in Apple’s ‘Gatekeeper’ tool which normally blocks unrecognised apps from being installed by default, allows a dangerous file to be rigged so as to not trigger the operating system’s inbuilt safeguards.

Writing in a Medium Post entitled ‘Gatekeeper Bypass: 2021 Edition’, Owens demonstrates a terrifying method by which an attacker can ‘very easily craft a macOS payload that is not checked by Gatekeeper.’

Once launched, no warning prompts prevent the user from installing just about any dangerous application, which can also communicate with external servers without even triggering App Transport Security (ATS).

The simplicity of the hack, which leverages the fact that scripts placed in Contents / macOS / directory are not checked, has been described by Objective-See as ‘massively bad’ and ‘a doozy’ of a blog post.

GateKeeper itself was originally introduced in 2012 as part of an effort to stop the spread of malware in Mac OS X ‘Lion’ v10.7.5, and was followed by enforced application notarisation in 2020 under macOS 10.15 ‘Catalina’, as Apple required software developers to have apps officially cleared for authorised use.

In response to the discovery, Apple have released macOS Big Sur 11.3 update with ‘improved state management’ that prevents the ‘bypass’ of Gatekeeper checks, and are urging macOS users to install the upgrade.

 

For Cybersecurity expertise and support, please contact our team today.


NHS COVID-19 update blocked for breaching privacy rules

The NHS COVID-19 app, run by the Department for Health and Social Care (DHSC), has had its latest update blocked due to a breach in the privacy terms outlined by Apple and Google.

NHS Coronavirus app, available on Apple and Android devices, was designed to include a new feature that would allow users (upon showing a positive COVID test result) to upload a list of all locations and establishments they have visited using a phone scan QR code.

The Exposure Notification System built into the app’s software would then alert other users who had entered the same venue to monitor their symptoms or to immediately be tested. This update relies on location tracking for its function – a tracking type heavily reliant on Bluetooth monitoring of surrounding devices with the app installed – outlawed by Apple and Google privacy agreements.

This is the latest in a calamitous string of COVID app mishaps by the UK Government who had only recently scrapped plans for their own rival system to the Apple and Android contact tracing system.

Total development of the UK based rival tracking app cost £12 million over a 3 month period, but was eventually rejected due to battery life issues, privacy concerns over Bluetooth’s potentially invasive interaction with, and data collection from, other apps installed on the device such as Facebook and Twitter. As a consequence, the Apple and Android app was adopted even with the concerns over restrictions of location data.

As the UK returns to a quasi-normal state with Phase 2 of lockdown lifting measures being rolled out today, this news comes as a blow for the Department of Health who have released a statement reassuring the public that the update blockage does not affect the overall functionality of the NHS COVID-19 app and that there are “discussions ongoing with our partners to provide beneficial updates to the app which protect the public”

Instead of the updated version, the previous form of the app will still be obtainable in both the Google Play and iOS App Stores.


Facebook & Linkedin breaches hit 500 million users

Facebook and LinkedIn have both suffered massive data breaches, exposing the details of more than 533 million and 500 million user accounts respectively, it has been revealed.

Extensive leaked data from Facebook was reportedly found online by security researcher Alon Gal – including the personal information of 11 million UK users such as phone numbers, locations, birth dates and many email addresses.

It’s believed that the ‘hack’ may relate to a bug in Facebook’s friend-adding ‘Contact Importer’ tool which was fixed in September 2019. Previous breaches in 2017 fell before the introduction of GDPR, which Facebook argues absolved it of responsibility to notify users.

Questions still hover over the LinkedIn breach in particular, with the company claiming much of their data appears to have been aggregated from other sources, or (like Facebook) were perhaps not technically ‘hacked’ at all – but scraped in bulk from publicly visible parts of the popular professional website.

The huge cache of Linkedin data was thought to be on sale, after security researches found a 2 million user ‘sample’ advertised online.

A Facebook spokesperson told Reuters the social media platform will not inform users if their accounts were part of the breach, and Linkedin are yet to issue a statement on this point – although given that LinkedIn has around 740 million accounts in total, a clear majority of its users are likely affected.

Users of both platforms can check if their email addresses (and now phone numbers) were likely breached via either platform over at: https://haveibeenpwned.com/ – and are advised to update passwords as a precaution.

 

For IT Support and cybersecurity expertise, please contact our team today.


Urgent Patches issued for Microsoft Exchange Server

Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.

The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.

All four breaches were announced on Wednesday under the Microsoft Security Response Centre (MSRC) and graded ‘Critical’ – requiring urgent patching.

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.

HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.

As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.

 

For Cybersecurity advice and expertise, please contact our team today.


Cyber Aware Launch new Action Plan tool for Small Businesses

The UK National Cyber Security Centre have launched a new online Cyber Aware ‘Cyber Security Self-Assessment Tool’ to help small businesses.

Free to use, and aimed at organisations with fewer than ten staff, the short online questionnaire generates a handy to-do list of actionable cybersecurity recommendations and points to check, with guidance for each – depending on the answers submitted.

Questions are branching depending on the circumstances of each small business, but covers topics including backups, passwords, technology lifecycle management and more. Small business owners are also directed to useful plain-English resources to address each point highlighted.

Cyber Aware is a campaign launched by the UK National Cyber Security Centre (the public-facing arm of GCHQ) designed to provide simple guidance for individuals and small businesses to use technology more safely.

You can learn more about Cyber Aware, the NCSC, and get your own Action Plan here.

 

For IT Support and cybersecurity expertise: please contact our team today.


Final Month for Edge Legacy Browser

Support for Microsoft Edge Legacy will officially end on 9th March 2021, and the web browser will not receive any further security updates, Microsoft have announced.

The next Windows 10 monthly update, due 13th April, will automatically include the new (Chromium-based) Microsoft Edge and replace the legacy version automatically.

Edge was originally released in 2015 as a direct replacement and refresh for Internet Explorer, which was rapidly losing market share among the world’s most popular web browsers. Edge Legacy, which used EdgeHTML, was a programming fork of Microsoft’s ‘Trident’ engine that had been used in Internet Explorer 11.

The new Edge, released in 2020 and based on the same Chromium ‘Blink’ browser engine as Google Chrome, has proved more popular – and as of January 2021 looks set to overtake Firefox as the world’s third biggest web browser.

Enterprise organisations still provisioning the legacy version as standard are advised to plan their deployment of the new Microsoft Edge with the following set of steps.

 

Lineal are Microsoft Gold Partner – for IT expertise and support, please contact us today.


81,000 .eu Domains Frozen

Approximately 50,000 UK customers have had .eu domains suspended, following Brexit.

The .eu domain registrar EURid has formally suspended 81,000 such domains as of 1st January 2021, following the decision that .eu ownership requires the owner to be resident in a country that holds membership of the European Union.

Many internationally trading UK companies hold foreign domain versions of their websites to assist trading overseas, support multiple languages, improve web performance in other territories and develop export markets.

Numerous IT services, including email, websites, directories and more are often also tied to domains which represent a key pillar of many companies’ authentication technology.

Many British domain holders cancelled their domains as the transition period approached – over 200,000 .eu domains held by UK customers were cancelled between 2018 and 2021, with registrars contacting customers multiple times to alert them to the changes.

Although the remaining 81,000 have not been not cancelled outright, UK customers have no way to recover these domains without being able to prove the owner holds citizenship of an EU member state, and provide a suitable registered address.

Britain’s exit from the EU also begins a countdown for these customers – who must either have an EU company representative to renew on their behalf, or face their domains put back up for sale again by 2022.

 

Need IT Support expertise? Contact Lineal today.


Microsoft cautions against SMS 2FA

Microsoft have announced they will direct users away from SMS 2FA (‘text-based’ two-factor authentication) for security reasons.

Instead, the company will promote multi-factor authentication methods they consider to be more secure – including biometrics and secure authentication apps such as Microsoft Authenticator – for logging into Microsoft services such as Microsoft 365 and Azure.

SMS-based two-factor authentication, where the user typically receives a passcode text message to their smartphone that acts as a secondary confirmation of who they are, has been a staple of online banking and many other secure online services needing two-factor authentication (2FA) for over a decade.

However many now believes even SMS can be intercepted, and would rather sign users onto authenticator apps or issue secure keys with encoded passcode generation.

Official Microsoft statistics state that users who enable Multi-Factor Authentication (MFA) on their accounts to verify identity block 99.9% of all automated account breaches. Using SMS-based two-factor authentication should not ‘stop’ doing so (despite the flaws of SMS, any 2FA is better than none) but users should consider swapping to other methods.

We’ve talked before about the often-predicted ‘death of passwords’ – and possible scenarios for their phasing out, but in recent years a number of big tech firms, including Apple, Google and Microsoft have all suggested their long-term plans that seek to replace passwords with biometric or other forms of login.

However this modification to Microsoft’s advice will see more of a driving force behind MFA as specifically biometric, authenticator app or secure-key based, rather than relying on mobile networks for one-time passcodes.

 

For cybersecurity expertise and support, please contact out IT team today.


Apple M1 Silicon Chips in New Macs

Apple have announced a new range of Mac devices with Apple M1 Silicon Chips. iPad and iPhone devices have used Apple’s own ‘A’ chips for some time, but M1 will be the first Apple chipset in macOS devices – which previously used Intel chips under license.

M1 is expected to show exceptional performance – with the 8-core CPU matching comparable PC laptop performance while using only 25% of the power, and able to deliver over twice the speed of comparable PC laptop CPU performance at maximum power levels.

new macos devices

Apple claim this makes the newest generation of devices – the new MacBook Air, MacBook Pro and Mac mini – faster than 90% of PCs sold in the last year.

Autumn 2020 sees the release of macOS Big Sur, the latest update to Apple’s Mac operating system, which has been optimised for the M1 chipset and its integrated graphics – as well as offering new app features such as universality for all Mac apps across all M1 devices, and offering iOS/iPadOS apps vis macOS.

 

For Apple expertise and support, please contact our team today.

 


Petroc Techknowledgey Transfer Launches

Lineal are delighted to be taking part in the new Petroc Techknowledgey Transfer project – aimed at teaching students to support businesses with special technology masterclasses.

The project will involve some of North Devon’s best known technology firm, and cover a range of different topics, including modern accounting, digital marketing, procurement, cybersecurity and other important business processes.

“Petroc’s Techknowledgey Transfer​ project is excited to be supporting local businesses alongside local business experts Applegate Marketplace, Maynard Johns Chartered Accountants, Lineal, LimeCloud and Barr Media to deliver an exciting new project.

We are inviting small and medium sized businesses to access support on business admin technologies. Our business partners will be delivering fully funded virtual masterclasses to eligible businesses. We also have student work placements available for some businesses. For more information, please contact- [email protected]

One hundred small businesses will be selected to take-part in the student-led part of the Petroc Techknowledgey Transfer, which will also be a studied project to measure the benefits of technical expertise being applied to businesses.

More information is available on Petroc’s website here.

 

For IT expertise and support, please contact our team today.


Lineal Becomes Keeper Partner

Lineal Software Solutions has become a managed servicer provider for Keeper Password Management.

We tested a number of different Password Management providers, including 1Password and LastPass, but were particularly impressed with Keeper.

Password management is increasingly recognised as a key pillar of cybersecurity: the UK National Cyber Security Centre admits it is ‘virtually impossible’ for users to use unique passwords for all their accounts without software assistance.

Password managers help users remember all their passwords – but can be a much more powerful tool for dramatically limiting the damage in the event of a single account being compromised.

Criminals increasingly use credential-stuffing attacks where automated tools use previously-breached account details to gain access to the user’s other accounts.

A good password manager ensures you can use a strong, randomly generated and distinct password across each of your accounts to prevent any single breach putting other data at risk.

Keeper can also notify users when breached passwords are identified online, integrate with single sign on tools such as Active Directory, and enforce multi-factor authentication – all important considerations for organisations needing to maintain cybersecurity standards across large teams.

For added convenience, Keeper is available via the web, Windows/MacOS desktop clients, browser extension and Android/iOS mobile app.

 

For Cybersecurity advice and expertise, please contact our team today.

 


Windows XP Source Code Leaks Online

The original source code to Microsoft Windows XP and Windows Server 2003 has leaked online – nearly two decades after their original release.

Official support for Windows XP ended back in 2014, and the final security patch was a one-off release in 2017 released in response to the WannaCry ransomware attack that temporarily crippled large parts of the NHS.

Among the interesting things we learned were that Microsoft originally included a hidden theme that made Windows XP look like Apple’s rival macOS operating system, and that the 4chan poster who released the dump had either added or helped spread anti-vax and population control conspiracy-theory material about Microsoft founder Bill Gates.

According to NetMarketShare, Windows XP still accounts for at least 1% of all PCs that generate web traffic worldwide (around 25 million PCs) although may actually include many air-gapped factory PCs and similar in practice.

The 43gb data dump has been available to Government agencies and similar for a while, although it’s unusual that the public at large have the opportunity to discover zero-day exploits for an entire operating system. Microsoft urges that users should not still be using XP, and the outdated platform is insecure even for the oldest legacy services.

 

For IT expertise and guidance, contact our IT team today.


AI saves the day

AI lent a helping hand to one of our technical support teams last week to help Lineal save a local business from an email hack.

At 07:40 GMT on a seemingly normal week day, Barracuda Sentinel issued an alert to Lineal to say an account had been accessed from a suspicious location.  It seemed a malicious actor, appearing to be from Nigeria, compromised one of a client’s finance department email accounts, and created a forwarding/delete rule in the inbox.

Barracuda Sentinel’s AI email protection caught the account takeover attempt, and as a result, we were able to mitigate and resolve a significant threat to one of our customers. Barracuda Sentinel detects both account takeover attempts and attacks launched from compromised accounts.

Corporate account takeover presents a significant new threat to business. Hackers gain access to email accounts and use them as tools to launch subsequent targeted attacks, internally and against external targets – who themselves fall victim.

Account takeover or attacks that originate from these accounts are almost impossible to detect as they don’t use the usual impersonation techniques—they come from a legitimate account and appear to be from a trusted source, allowing the attacker to initiate sophisticated financial scams.

Lineal automatically picked up the alert & create an incident in Barracuda Sentinel.  Sentinel remediated the issue with an immediate password reset, disconnecting all active logon sessions for the user and deletion of any rules created during the incident time.  Within 40 minutes this potentially disastrous event was avoided.

Barracuda’s worldwide threat protection network automatically gathers intelligence from inboxes around the world to deliver award-winning security, checking both inbound and outbound email to stop the spread of cyber-threats and malicious communications.  To find out more visit our Barracuda Email Security page on our website.

This risk could have easily been mitigated by using any of Lineal’s services, such as:

  1. Using Multi-Factor Authentication (MFA) on the account,
  2. Barracuda Sentinel-type tools to alert/remediate on compromise,
  3. Having Azure P1/P2 licensing to allow the use of conditional access to prevent sign-ins from risky locations, untrusted countries, etc.

If you would like to find out more about Cybersecurity and how Lineal can help protect your business please contact us.


Adobe Lightroom Users Suffer Data Loss

Many Adobe Lightroom users on iOS have suffered a crippling data loss after a faulty routine update.

Users who updated to Adobe Lightroom Mobile 5.4.0 on iPhone or iPad had their photos and software presets deleted unexpectedly.

Adobe, which develops a large suite of creative apps for the media and design-sectors, has apologised and issued an update for the fault, but made clear that the lost data is irretrievable to those without backups.

The software company’s statement clarify it is only a subset of Lightroom users who have been affected – specifically those:

  • Using Lightroom Mobile 5.4.0 on an iOS device (iPhone/iPad)
  • Without an Adobe Cloud Subscription, or with cloud sync disabled
  • Without a separate device or cloud backup (such as iCloud) in operation, independent of Lightroom itself.

This includes many free version users who would have trialled Lightroom without a full Adobe Creative Cloud subscription.

Hundreds of unlucky users took to Adobe’s Support Forums, social media and Reddit to complain that years of photos had been lost as part of the routine update. Others flagged that restoring from local device backups deleted the restore once the app was re-opened.

As noted by The Register, Adobe’s problem is especially acute given Lightroom’s specialist popularity among professional photographers, and others who have significant time or money invested in valued images.

Users are advised to update to 5.4.1 to avoid the issue, although this will not restore lost photos. As always: please, please, please maintain an independent backup of all data you can’t afford to lose.

 

For IT Support and business continuity assistance, please contact our team today.


Lineal on Tech South West Podcast!

Lineal’s Mike Matthews and Huma Mahmood-Khan recently featured on the Tech South West Podcast (‘Tribe Tech’) – to discuss the post-lockdown recovery, women in tech, and Lineal’s new SQLWorks MRP software.

It’s nearly a year since Lineal was shortlisted for Tech Company of the Year, and won a 2019 Tech South West Award (North Devon Cluster). Members of our team were invited to discuss recent developments, including Covid-19 and other issues facing the technical sector, alongside other award-winning tech businesses from across the region.

Listen now for the story behind our response to the C-19 crisis, the importance of more women exploring a career in tech, and the latest developments for our hotly-anticipated new SQLWorks software release.

Tech South West exists to champion the area’s growing number of technology businesses, showcase innovation and suport STEM skills across the wider South West region – partnering with a number of more local Tech Business Groups to advocate for the sector.

You can learn more about their mission on their website here: https://www.techsouthwest.co.uk/

 

For IT expertise and support, please contact our team today.


DNS Vulnerability: Your IT Team to the Rescue

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

dns vulnerability conversation

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

dns how stuff works diagram

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

 

For IT expertise and support, please contact our team today.


UK Government rules against Huawei 5G

UK mobile networks have been instructed not to buy Huawei 5G equipment for their infrastructure by the Government, and must remove all existing Huawei equipment by 2027.

The landmark ruling came following an overturning of last year’s half-way decision to ban Huawei from the ‘Core’ UK network only – decided as a result of the UK National Cyber Security Centre’s 2019 findings that due to US sanctions affecting Google Android products, any Huawei chip manufacture removed from (Japanese-owned and UK-based) ARM could ‘increase the risk’ to the UK.

But Government MPs, the US and Australian Governments, and even some China-critical Human Rights Groups, argued the ruling did not go far enough – resulting in today’s announcement of a complete ban.

Huawei itself argues the criticism is a politically-motivated attack by Washington to hit the Chinese economy. The tech company is the World’s biggest provider of this kind of technology, as well as one of China’s most successful exporters.

China itself has undoubtedly faced more scrutiny from the international community in recent months, following news stories about the Chinese Government’s handling of Coronavirus, Hong Kong protests, the detention of Uighur Muslims in ‘reeducation’ camps, and the close connections between Huawei and the Chinese Communist Party.

All four of the UK’s big mobile providers (BT EE, Vodafone, Three and O2) all use Huawei equipment in their core networks, albeit to different extents. The decision also affects major broadband infrastructure providers, such as BT Openreach, and related ISPs.

In practice, this means 5G providers will be forced to look at alternatives from either Finnish-provider Nokia or Swedish provider Ericsson.

 

 

For IT expertise and support, please contact our team today.


New macOS ransomware warning

Cybersecurity experts are warning against a prevalent new strain of macOS ransomware for Apple devices dubbed ‘EvilQuest’ – packaged alongside pirated versions of popular apps.

Like most ransomware, EvilQuest encrypts all the Apple user’s files and demands a $50 ransom for decryption within 72 hours.

While many Mac users believe malware for Apple devices does not exist – this is simply untrue. The newest strain comes after similar infections spreading between Mac users in recent years, including KeRanger and Patcher.

EvilQuest is also a more sophisticated effort than most attempts by cybercriminals: the app is correctly code signed, with a very convincing installer, and even overpowers the Mac versions of common antivirus softwares such as Norton, Kaspersky, Avast, McAffee and Bullguard.

The trojanised software known to be used to deliver EvilQuest to unsuspecting victims are torrent download versions of popular Apple macOS apps, examples of which include Little Snitch, Ableton Live and Mixed in Key 8 – a popular DJ software.

Among the important steps Mac users should take to reduce the risk of macOS ransomware are:

  • Keep a regular, organised regime of backups, offline and air-gapped from the device itself.
  • Only download Apps from reputable sources.
  • Consider whether utilities like Malwarebytes and RansomWhere are needed as extra precautions.

 

For IT Support and cybersecurity expertise, please contact our team today.


easyJet Hit by Cyber Attack

Popular short-haul airline easyJet has been hit by a cyber attack, affecting around nine million customers.

In a statement, easyJet says that a “highly sophisticated cyber-attack” discovered in January 2020 compromised email addresses and travel details of roughly nine million travellers. For 2,208 customers, credit card information was also accessed.

No further detail has yet been publicised as to the nature of the breach, although the company stated that it had “closed off unauthorised access”.

The bad news comes at a difficult time for airlines, as air-travel has declined dramatically in the wake of Covid-19 restrictions. When faced with a similar situation in 2018, British Airways received a large financial penalty of £183m from the Information Commissioner’s Office.

The airline are making contact with all affected customers warning extra vigilance towards ‘unsolicited communications’, due to the heightened risk of phishing attempts from criminals masquerading as easyJet who may have gained access to customers’ personal details.

Under new GDPR guidelines introduced in 2019, it is mandatory that breached organisations report to the UK Information Commissioner’s Office (ICO), who are currently investigating.

 

For cybersecurity and IT Support expertise, please contact Lineal today.


NCSC Whitelist & Blacklist Terms Replaced

The UK National Cyber Security Centre (NCSC) are officially removing the technical terms ‘Whitelist’ and ‘Blacklist’ from their organisation in an effort to be more inclusive.

The terms ‘Whitelist’ and ‘Blacklist’, which refer to lists of permitted and not-permitted things in the cybersecurity world, will be replaced with the more literal and accurate ‘Allow List’ and ‘Deny List’.

Prolific spam email domains for example are often ‘Blacklisted’ by system administrators – a negative association the NCSC feels should not, even inadvertently, imply a connection to skin colour.

The organisation, a more public extension of GCHQ, acknowledged in a statement on their website that whilst “…it’s not the biggest issue in the world…”, the organisation is acting positively in response to requests from the public, is making an effort to be more inclusive, and that using such terms might otherwise have impaired the recruitment of valued “future colleagues.”

‘Blacklisting’ also has an unfortunate connotation with an illegal practice of barring whistle-blowing employees and trade union members from working across certain sectors, which has a history within the construction industry among others.

Google Chrome, Microsoft Edge and others have made similar terminology decisions – deciding that pejorative references to colour should not be used in cybersecurity terminology.

 

For IT Support and cybersecurity expertise, please contact Lineal today.


Number of Covid-19 Scams Explodes

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Barracuda Covid-19 email scams graph

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

covid-19 scam sms phishing example

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

 

For cybersecurity expertise and assistance, please contact Lineal today.


Uh Oh, Time to Patch Firefox Again

Mozilla have released an urgent patch to version 74.0 of Firefox, notifying browser users around the world that it’s time to patch Firefox again.

The timing of the new patch, which also affects the ‘Extended Support Release’ (version 68.6) suggests that the latest update fixes a vulnerability which (at worst) may have been live in the browser since July 2019.

Mozilla’s official announcement from 3rd April categorises the impact as ‘Critical’, and states that ‘we are are of targeted attacks in the wild abusing this flaw’.

The precise details of the security flaw have not yet been published, although we know that the issue refers to a ‘use-after-free’ function by which the browser frees up previously occupied memory back to the device – with online cybersecurity blogs speculating that any new contents of the relinquished memory may still have some level of access to the browser.

Community-led Mozilla, whose popular Firefox browser is still the World’s second-most popular desktop browser, suffered other critical security flaws as recently as January – when the US Department of Homeland security took the unusual step of instructing users to urgently update their browsers following the discovery of a vulnerability which granted potential access to the operating system.

Not that Mozzilla are unique in such issues: Google also faced embarrassment in recent months after rolling out an experimental change to Chrome which left millions of users unable to load new tabs.

Patch your browser regularly: Firefox users can update to version 74.0.1 via:

  • To upgrade on PC, open Firefox and click ‘About’ and select ‘Restart and Update Firefox.’
  • To upgrade on Mac, open Firefox and click ‘Options’, ‘Firefox Updates or Options’, ‘Advanced’, ‘Update to update Firefox.’

Critical Security Flaw Found in Firefox

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have advised all Mozilla Firefox users to urgently update their browser versions, following discovery of a vulnerability that grants potential access to the operating system.

The unusual warning comes after Mozilla itself admitted being aware of ‘targeted attacks in the wild abusing this flaw.’

Security loopholes in major platforms are usually closed before criminals are able to exploit them on mass, but this latest admission raises the ‘security advisory’ notice to ‘critical’ status.

Users should upgrade their browser to at least version 72.0.1 on PC/Mac – mobile versions are thought to be unaffected.

  • To upgrade on PC, open Firefox and click ‘About’ and select ‘Restart and Update Firefox.’
  • To upgrade on Mac, open Firefox and click ‘Options’, ‘Firefox Updates or Options’, ‘Advanced’, ‘Update to update Firefox.’

Discovered by Chinese security company Qihoo 360 just two days following the release of Firefox’s previous update, the US Government ‘encourages users and administrators…. To apply the necessary updates.’

 

For IT Support and cybersecurity expertise, please contact Lineal today.


Google Chrome Adds a Hacked Password Alarm

Google Chrome 79 will contain a Chrome hacked password alarm to notify at-risk users.

‘Password Checker’, which first appeared in October, will regularly compare user passwords saved in-browser against publicly-known data breaches.

The service will feel familiar to those who’ve tried the (often terrifying) but essential https://haveibeenpwned.com/ – which shows visitors where their email addresses have been compromised.

Chrome’s update is being gradually rolled out to new users, and is available within Settings > People > Sync and Google Services > Other Google Services, and is named ‘Warn you if passwords are exposed in a data breach.’

The alert mechanism is just the latest in a series of attempts to push users to safer browsing: 2019 also saw Google Chrome actively warn users of websites without valid security certificate, and penalise such websites in Google search rankings.

Chrome 79’s new hacked password alarm mechanism should prompt systematically when account credentials need password updates, and allow users to keep their accounts secure.

 

For IT support and cybersecurity expertise, contact Lineal today.


How secure is your password?

How secure is your password?… One of the biggest reasons for security breaches is weak passwords.  People often choose passwords that are too short.  Regardless of how tedious it seems, make it a point to update your passwords regularly; use upper and lower case letters along with symbols and numbers.

The key measurement of password security is entropy. This, in computer science terms, is a measurement of how unpredictable a password is, based on how long it would take an attacker to work it out by making a guess at each character.  As a standard, longer passwords are by definition more secure and harder to crack.  In the table below you can see how shorter/easier passwords, are quicker to crack.

Password strength

What should a password look like

Strong, secure passwords have a lot in common; they are usually long, unique, random and involve a mixture of lowercase and uppercase letters as well as special characters and numbers.  Trying to create passwords that comprised of all of these aspects, can sometimes be challenging.

Most insecure passwords are the result of our human behaviour. People do a lot of very predictable things and in general find it difficult to be random, especially when they are actively trying to be.  For instance putting special characters only at the beginning or end rather than mixing them up in the middle, or using common phrases and keyboard patterns.  So that we can remember we often try to use memorable pieces of information but we should always, where possible, avoid clues and references to our personal lives.

Where can I go for advice

There are many articles online to help assist with what a strong password looks like.  At a recent event Lineal ran with the South West Police Regional Cyber Crime Unit, which focused on cyber security, password strength was highlighted as a high risk for many businesses and individuals.

To find out more, or if you require any help with ways to help protect your business, please contact the IT support team at Lineal.


Lineal Hosts SW Police Cybersecurity Workshop

Local businesses recently gathered at Barnstaple Library for a special cybersecurity workshop organised by the South West Police Regional Cyber Crime Unit and Lineal Software Solutions Ltd.

Thirty participants from firms across the South West took part in a series of lego-based group exercises highlighting key concepts in cybersecurity, as they sought to protect a fictional utilities company from attack by common real-world cyber crime.

The winning team defended their company by spending their budget on the correct countermeasures at each stage of the exercise, and strategically limiting the damage from any breaches in security.

The South West Regional Organised Crime Unit (SW ROCU) is one of nine regional units across England and Wales that delivers specialist capabilities to target and disrupt serious and organised crime. Designed to raise awareness of coordinated digital threats, the cybersecurity workshop session is part of a new educational initiative being run by the Police right across the region.

Group exercises were followed by a short Q&A including advice for businesses on related topics including network best-practice, password policy, physical security, and the Government’s new Cyber Essentials certification.

Lineal’s Head of Technical Services, Matt Norris, explained: “We were to delighted to be able to organise the Cyber Crime Unit to run this very special workshop for local companies: we see cyber attacks becoming ever more sophisticated, and the SWRCCU takes a really positive and constructive approach to educating business owners about how to protect their organisations and employees.”

“Many businesses struggle to grapple with cybersecurity, but help and expertise is accessible.”

 

You can learn more about the South West Police Regional Cyber Crime Unit’s and their educational work across the South West online here.

For IT support and cybersecurity expertise, please contact Lineal today.


iPhone 11 Set to Launch

Apple have officially announced their expected launch event for the iPhone 11, for Tuesday 10th September 2019.

The invite, issued ‘By Innovation Only’ doesn’t give much away about what we can expect to see, although Apple devotees have noted the similarity between the glassy colouring of the teased Apple logo and the original Apple Emac’s famous colourful style from the early 2000s.

Rumours circulating online suggest Apple may be planning multiple iPhone 11 models – with square multi-lens camera clusters and glassy coloured casings, photos of the materials or which were leaked online in May.

Remaining releases are likely to be mainly iterative, including iOS 13 for iPhone, iPadOS and even WatchOS 6. MacOS 10.15 Catalina is also expected to be a key part of Apple’s showcase.

The tech giant is likely to see the iPhone 11 announcement as a chance to help reverse hardware sales trends – which Apple now curiously no longer publishes in full, asserting that devices sold is ‘less relevant today than it was in the past’ a likely marker of the iPhone market slowing down as consumers hang on to their devices for a longer replacement cycle.

Apple is also expected to launch it’s own gaming service, dubbed Apple Arcade, as an online subscription service akin to an iTunes for gaming – just one example of how the company is increasingly re-focusing its efforts on premium service offerings, rather than luxury hardware.

 

For Apple hardware, expertise, accessories and support – please contact our team today.


Are passwords doomed?

Reports of the death of the password may have been greatly exaggerated in the media: from the suggestion that passwords are the ‘weakest link’ in the cybersecurity chain, to the notion that humans are so bad at using them, that it’s time the technology industry saved us from ourselves.

But is it true; are passwords doomed? Enter the FIDO2 Project – a fascinating effort to ‘Move the World Beyond Passwords’ led by the FIDO Alliance industry association and World Wide Web Consortium.

Headlines aside, FIDO2’s aims are ambitious: to replace passwords with a flexible device-based authentication standard that allows users to log in via biometrics or temporary security keys.

Unique to each website, not stored centrally and not transmitted, FIDO2 argue this standard naturally scuppers phishing, password theft and replay attacks – and introduces some privacy advantages sure to woo even ardent digital rights activists: such as the inability to track users between sites.

While still technically possible, cheating biometrics requires the kind of preparation not common to everyday opportunistic cyber-criminals.

The big players are taking note: Google plans to ‘begin’ retiring passwords for Google services accessed via biometric enabled smartphones (such as those with fingerprint scanners) and Microsoft is planning similar changes to apps in Windows 10; even talking of a ‘passwordless world‘ via Windows Hello that extends facial recognition. Apple have been publicly heading down this road for a while now – with ‘FaceID’ facial recognition introduced for recent generations of iPhone and iPad, as well as Apple Watch device-led unlocking for your Mac.

Apple’s efforts to prove that the iPhone stores only a ‘mathematical representation’ of the user’s face also suggests that they’re preparing to defend a policy of extending FaceID further at the expense of passwords, even in an increasingly privacy-conscious World.

Users may of course find the a world without passwords a little disorientating to begin with – although not forever, if the replacement technology proves more convenient.

Password keeper apps (such as the excellent 1Password) have become an interesting half-way house to a more secure password future – where the password manager retains a set of passwords behind a strong keycode, in an encrypted form. The password manager may also perform other useful functions, such as warning the user where passwords overlap, allocating different password access permissions to different people within a business or organisation, or auto-filling in common web browsers.

The adoption of password managers may reflect a coming time where users continue to ‘use’ passwords, but without engaging in the process of recalling or typing the password. It may not be passwords that are doomed, but the user’s traditional interaction with passwords.

Are passwords doomed? A few potential futures emerge: one where passwords exist but are used less directly by users, where passwords are relegated to a secondary security measure of questionable usefulness, or most radically, where passwords are replaced entirely.

 

For cybersecurity and IT expertise, please contact our team today.


Zoom in hot water over Mac webcam exploit

Apple have issued a silent update for video conferencing software Zoom, following discovery of a major webcam security vulnerability affecting Mac users.

Zoom issued an emergency patch for the problem two days ago – in a rapid response Apple was still concerned might not reach enough users.

The controversial web server installation – originally designed to save Mac-based Safari web browser users from additional clicks and make video conferencing easier to use, was shown to create a potentially serious vulnerability whereby Zoom calls could be launched from any website with the camera turned on.

In bizarre scenes, technology journalists researching the problem were even paired up in video conferences with other unknown individuals doing the same.

Believed to put at risk more than 4 million webcams globally, the zero-day exploit was discovered by security researcher Jonathan Leitschuh – who originally gave Zoom 90-days to resolve the issue prior to publication.

zoom tweet

Leitschuh has since praised Zoom’s willingness to do a public ‘about face’ with the emergency patch, and Zoom’s CEO taking direct video calls to discuss the problem.

Nevertheless, Apple’s decision to step in to protect Mac users remains an embarrassment for the previously very successful video conferencing solution.

Additional problems include Mac versions of video conferencing software which use Zoom’s underlying services for white-labeled video calling – such as Ringcentral.

Instead of patching the problem, Zoom’s permission to turn on the webcam can also be disabled manually, via Settings > Video > ‘Turn Off My Video When Joining a Meeting.’

 

For software expertise and support, please contact Lineal today.


GandCrab ransomware defeated by Bitdefender decryption

Bitdefender have released a free decryption tool rescuing those affected by recent versions of GandCrab ransomware.

The free tool enables stricken users to recover data encrypted by various versions of GandCrab without paying a ransom to cybercriminals.

In a joint announcement with Europol, Romanian Police and other law-enforcement agencies, the cybersecurity provider detailed how a team of experts were recently able to gain access to the GandCrab control server, and access decryption keys for the ransomware that would allow safe recovery of data.

Blackhat developers behind GandCrab have claimed to have exploited more than $2 billion in ransom payments worldwide, and appeared to have enjoyed mocking the cybersecurity industry’s attempts to bring them to justice.

GandCrab became the latest nasty ransomware threat in January 2018 – following a disturbing trend of businesses and organisations worldwide struck by malicious encryption software.

Bitdefender’s previous attempts to quash the ransomware resulted in new versions being released by cyber criminals, but the latest recovery of private keys resulted in GandCrab’s developers announcing their ‘retirement’ – allegedly having exploited more than $150m in personal profit over five major versions of the ransomware.

Bitdefender’s recovery tool and instructions for use is available for download from the Bitdefender Labs here. In order to use the tool successfully, affected users must have a working internet connection and at least one copy of the ‘ransom note’ file present on the affected device.

 

For cybersecurity expertise and support, contact our team today.


Zero-Day Patch Released for Adobe Reader DC

Adobe have released an urgent update for Adobe Reader DC, patching newly discovered security vulnerabilities.

The highly popular PDF app, often pre-installed on Windows PCs, has been shown to contain a loophole that allows an attacker to remotely run Javascript code within an opened PDF to cause memory corruption.

Currently rated ‘Critical’ by Adobe’s Severity Rating System, the bug is believed to have originated from entirely legitimate functionality: Adobe Reader allows PDFs to contain embedded JavaScript to support interactions with the web.

Adobe have responded quickly – publishing the fix to Adobe Security Bulletin alongside patching for 42 other vulnerabilities as of Wednesday 12th February, including one which allowed PDF documents to access hashed passwords.

Adobe Reader is officially 25 years old this year, and although official figures are hard to source, is popularly believed to dominate more than 75% of the PDF software market.

Users can either auto-update their installation or prompt this manually by clicking ‘Help’ > ‘Check for Updates’ within the software itself.

 

For software and security expertise, contact Lineal today.


773 Million Email Addresses Breached Online

Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.

The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.

The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.

More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.

Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.

You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.

For IT support and cybersecurity expertise, contact Lineal about your requirements today.


Microsoft announce end of support for Windows Server 2008

Support and security updates for Microsoft’s Windows Server 2008 and 2008 R2 operating systems will end in January 2020.

Customers operating Windows Server 2008 will then cease to receive security patches and other important system updates.

Around 70% of the world’s server operating systems are Windows based, with Server 2008 one of the most successful versions, still representing more than half of these installations as recently as 2016.

Users of Server 2008 and 2008 R2 have just over 6 months to decide whether to upgrade to a newer version of Windows Server (such as the long-awaited Server 2019, hardware permitting), replace servers with newer models, or migrate those server-based processes to a cloud-based platform, such as Microsoft Azure.

‘Mainstream’ Support for Server 2008 is unlikely to be extended – having already been granted temporary extensions, once from July 2013 to January 2015, and again to the final deadline next year.

As with previous operating systems, enterprise customers will have the option of purchasing ‘Premium Assurance’ support packages of different levels, to extend support as late as 2026 – but as with other legacy Windows products, for increasingly high associated costs.

Businesses will need to weigh up for how long they can afford to delay upgrading, or depending on the physical server hardware, whether it makes more sense to spurn the licensing costs of upgrading the Windows Server version and go directly to either the cloud, or a new server.

 

For IT infrastructure support and expertise, please contact our team today.


WPA3 Wi-Fi Introduced

The Wi-Fi Alliance has formally announced the introduction of the WPA3 security protocol, the next generation of wireless security to protect routers and networks.

The new security standard follows hot on the heels of last year’s breach of the existing WPA2 standard, which has been in use since 2004.

WPA3, released in both ‘personal’ and ‘enterprise’ with extra protections, is expected to fix a number of deficiencies in the older WiFi protocol, including:

  • Captured encrypted data cannot be decrypted by a later breach of the password – in order to access data, a hacker must have both the password and data at point of transmission.
  • Encryption of data will be individualised, such that snooping on other devices across less secure Wi-Fi networks will be made more difficult.
  • Extra protections against password brute-forcing and ‘dictionary’ style attacks, dramatically increasingly the time cost of bulk guessing a password successfully.
  • Smart devices with no screen, including many Internet-of-things (IoT) technologies, will be administered via a smartphone screen during Wi-Fi setup.

To most end-users, the experience of entering a Wi-Fi key will feel virtually identical. WPA3 isn’t expected to actually be implemented until 2019, and is predicted to gradually replace the existing WPA2 standard on all Wi-Fi certified devices. WPA2 will continue to function, but will be steadily phased out.

Nevertheless, expect to see major manufacturers rushing to ensure their own products are stamped with the very latest security ‘WPA3 Ready’ branding.

For networking and cybersecurity expertise, please contact Lineal today.


Top Picks: Best GDPR Resources

Be honest, you’ve read some truly useless things online about GDPR. We all have.

The problem isn’t one of enthusiasm: more and more companies are recognising the impending deadline of the new data protection regulations and acting to implement best practice.

There is, of course, a growing industry of consulting firms and data protection advisers trading on businesses’ lack of expertise and frequently, fear of being left behind. Most organisations begin preparing with a spot of Googling, some light reading, and a bit of browsing online GDPR help articles written by experts.

However, the real experts can’t divulge too much free advice (otherwise why contract their services?) thus much of the available articles and blog posts are deliberately vague. The conundrum has already spawned some unfortunate attempts at humour, but doesn’t really help companies attempting to put in place GDPR compliant policy.

All is not lost: there really is some genuinely useful  guidance out there – here are our pick for some of the best GDPR resources:

 

ICO: Eight Practical Steps

ico eight practical GDPR steps

The Information Commissioner’s Office original ‘eight practical steps’ presentation is a series of slides that are exceptionally clear, and can be worked through in stages. A more recent, formal ’12-step’ version also exists, for a more conceptual understanding of the new regulations.

 

GDPR Readiness Assessment from Microsoft

Microsoft GDPR quiz

A little technical at times, this quick quiz is a useful way of thinking further about protection policy, particularly around access control. For further information on how Microsoft can assist with GDPR in the cloud, look for the blue button in the top right hand corner.

 

ICO Helpline

ICO GDPR helpline

The ICO has a little known helpline via which small businesses and charities can consult a member of ICO staff for extra advice – details of which can be found above.

 

IT Governance Compliance Gap Assessment Tool

IT governance GDPR compliance gap assessment tool

Always a strong source of IT expertise and policy, IT Governance have developed a range of ‘Toolkits’ to assist data protection officers and those implementing GDPR within their organisations. These range from the simple £60 compliance gap assessment tool (a handy Excel Spreadsheet you can work through) to more expensive implementation packs and data flow mapping tools.


Why USB drives are terrifying

USB drives are a security nightmare. From losing files, to sharing them inadvertently, or accidentally installing something malicious, these tiny handheld digital storage grenades are a data-protection disaster waiting to happen.

Many people can’t help themselves. Sometimes it’s just so useful to be able to move a file to a separate computer, or carry a copy of that file on a handy keyring.

It’s true that too many operating systems auto-run memory sticks. As users we could perhaps be more careful though – find a USB and it’s tempting to plug it in… a 2016 University study suggested roughly half of those who find a memory stick on the ground will plug it in without thinking.

In particularly data-sensitive environments options are available to either disable PC USB ports, or remove them from a PC entirely. At the very least, businesses preparing for this summer’s new GDPR regulations need to take some sensible USB security precautions:

 

1. Be strict.

Ask yourself whether it’s entirely necessary to put this file on a memory stick, and be harsh about what files you copy. Memory sticks now hold terabytes of data, and are too easy to drop, or leave on the train.

GDPR is naturally concerned with sensitive personal data, and not your supermarket shopping list. Nobody ever intends to lose a file full of personal data, so you should think twice before putting the former on a USB drive, while the latter is probably OK.

 

2. Don’t allow easy access to your network.

USB based viruses come in a variety of forms – from cheap foreign spyware purchased online, to the fascinatingly complex (and probably Western-sponsored) ‘Stuxnet’ worm which famously sabotaged the Iranian nuclear program with planted USB drives in 2011.

The best antivirus softwares (for example Lineal’s recommended ESET antivirus) automatically offer to scan a newly connected memory stick for malicious software, before the user accesses the files. This only takes a few seconds, but it’s strongly advised to let your antivirus act as gatekeeper for a USB stick, as you would your emails or web browsing.

usb drive security

 

3. Sharing is not caring

Sharing files via memory sticks is not sensible, not least because you’re forced to share the whole contents, including the ability to duplicate files.

You can’t be certain what any given person will do with the USB drive or its data, or what the person giving you a memory stick might have done with it previously, so it’s safer to confine USB drives to a specific individual.

 

4. Get something better

The world of IT is full of better solutions, including Apple’s useful ‘Airdrop’ function which allows direct, localised file sharing over WiFi. For company-wide systems, numerous excellent cloud-based file storage and sharing platforms are available. Microsoft’s excellent OneDrive platform is easy to use from any device, and allows businesses to share files online via the cloud, with customisable permissions to control who has access to the data at any time.

A USB drive should not be necessary to complete routine IT tasks. Thank goodness.


Apple fixes MacOS Root Password security blunder

Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.

The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.

Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.

Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.

Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.

Security update 2017-001 is now available via the App Store, and Apple have even taken the almost unprecedented step of forcing 10.13.1 devices to update automatically.

MacOS root

The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.

Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”

 

For Apple assistance and support, contact Lineal’s IT team today.


Technology firms rush to fix WPA2 KRACK

Technology firms are urgently issuing fixes for the WPA2 KRACK (Key Reinstallation Attack) thought to compromise the WPA2 encryption used in most WiFi routers and other wirelessly enabled devices.

The exploit, discovered and published by Mathy Vanhoef, a Belgian security expert for Imec-Distrinet, Ku Leuven, has caused serious alarm amongst cybersecurity professionals due to the widespread use of WPA2 across millions of items of networked hardware around the World.

Vanhoef’s website, detailing how the the WPA2 KRACK works, demonstrates on video how an unfortunate Android smartphone can be tricked into re-installing an all-zero encryption key, which makes de-crypting data transmitted from the device possible. 

Security guidance remains to continue using WPA2 (rather than reverting to an older encryption standard) and to install the latest WPA2 KRACK security updates from manufacturers as soon as they are available.

A number of key technology vendors were notified in August, giving them some time to prepare. Microsoft are reported to have adjusted “how Windows verifies windows group key handshakes” to fix the issue. Apple and Android are yet to specify exactly when patches will be available, although both are understood to be working on a secure fix to be made available in coming weeks. The more responsive hardware developers, including Cisco and Ubiquiti, yesterday began issuing guidance and new firmware for their wireless equipment.

The Wi-Fi Alliance, the international organisation dedicated to developing Wi-Fi technology, have essentially argued that there is no need to panic. There is no evidence of the extremely serious hack being deployed outside test conditions (yet) – although it’s probably only a matter of time before someone attempts to do so. Because Wi-Fi relies on physical range, it’s likely this could target public Wi-Fi and other easily accessible networks. For this reason, users are (as always) reminded not to use public networks for sensitive tasks, such as online banking.

It’s clear from the increased publicity surrounding the discovery that major vendors of network equipment will be under pressure to issue the required WPA2 KRACK security patches.

However, the underlying vulnerability also threatens a wide range of wirelessly connected internet-of-things (IOT) devices – including everything from CCTV to smart-fridges – such that it’s unclear just how widespread this latest security flaw will actually prove.

For IT support and cybersecurity expertise: get in touch with Lineal today.


Fake hardware seized by Police

Fake hardware has been seized by a City of London Police intellectual property crimes unit, following a recent raid in Kent.

The counterfeit networking equipment, worth at least £300,000, is believed to have been manufactured by organised criminals imitating the high-quality hardware of IT giant Cisco.

Small form-factor pluggable transceivers were recovered, which are used to convert optical data to conventional electrical signals as part of fibre-optic networks. 

Police believe the risks of organised criminal gangs being caught transporting imitation IT hardware are lower than for drugs or firearms, and that only technically-trained specialists would be able to distinguish counterfeit technology from the real thing.

Although no evidence of cyber-security intrusions have so far been found, engineers from Cisco stressed that small items like these could easily find their way into a business or public-sector supply chain, become mixed up with genuine network hardware, or fail due to low-quality manufacture.

Customers who suspect they may have encountered counterfeit items should isolate the hardware in question from other devices and report their suspicions to IT staff.

 

Lineal are a Cisco Select Partner – for hardware advice and support, please contact our team today: 01271 375999


Anti-Virus Politics: Kaspersky offers to hand over source-code to US Government

In a surprise move, Eugene Kaspersky has publicly offered to give the US Government access to the source code of its security software in a bid for transparency.

The offer is the latest development in an ongoing dance between the Russian IT security company and the US Government, after the Senate Armed Services Committee threatened to ‘blacklist’ the software company from applying for US defence contracts over the risk of influence from the Russian Government.

In a sensationalist piece released by Bloomberg, journalists claim the Moscow-based firm hold regular meetings with Russian Ministry of Defence and FSB agents, and that Eugene Kaspersky has even personally met with Russian intelligence officials in a ‘banya’ sauna.

Modern business anti-virus software typically collect invaluable background data to reinforce a real-time intelligence war against the latest security threats on the internet – with many users not being aware of whether their antivirus understands the latest threats.

Kaspersky argues the headlines are part of a ‘witch-hunt’ by Washington; industry analysts have acknowledged the heightened scrutiny of Kaspersky by US authorities has closely followed their recent uncovering of NSA ‘Equation’ hacking tools as a part of work against recent ransomware outbreaks, but may also represent the beginnings of a smear campaign by domestic US security providers.

Speaking to the Associated Press, the security provider implied it had already rejected government requests to undertake offensive cyberattacks rather than defensive software development – not necessarily requested by the Russian government.

Against the background of press-interest in alleged Russian hacking stories, it appears the dramatic feud has some distance left to run.

 

For IT security advice and expertise – contact Lineal’s team today.


Windows XP Antivirus? Bitdefender to the rescue.

Around 6% of PCs are estimated to still be running out of date, unsupported operating systems like Microsoft Windows XP. Here at Lineal we’ve long advocated keeping operating systems up-to-date and secure against the latest threats.

But in certain circumstances that’s not always so easy: legacy XP machines are often connected to third party equipment (e.g.: manufacturing hardware) using cable connections or drivers that are now difficult to obtain. The external hardware can’t be replaced as readily as the connected PC for both cost and practical reasons, so the ageing PC (with a lack of XP antivirus) creates an in-built security vulnerability for a businesses’ whole network.

Users caught by this conundrum can find a solution in Bitdefender’s Security for XP and Vista – a version of Bitdefender’s award-winning security built to be backwards compatible to older PCs, and providing ongoing security against the latest threats for legacy hardware.

Security for XP and Vista is available for Windows XP Service Pack 3 and Vista Service Pack 2 operating systems, and also integrates with older software likely to be found on such machines, such as Outlook 2007, Yahoo Messenger 9, Internet Explorer 8 and other common web browsers of the same generation.

For those concerned that a trusty old machine and lack of XP antivirus could be the very weakest point in their security, Bitdefender could be a shrewd choice indeed.

For IT Security advice and support, contact Lineal today.


Lineal become a Bitdefender Partner

Lineal Software have been certified as a Bitdefender Partner for Bitdefender security software.

Bitdefender’s range of security products are used on millions of devices worldwide and the provider ranks highly in independent Virus Bulleton’s VB100 tests, as well as winning numerous quality awards for software innovation.

A wide variety of both Bitdefender Home and Business security products are available, across platforms including Windows, Mac and Android and more.

Lineal’s Head of Technical Services Matt Norris explained: ‘We’re very pleased to qualify as Bronze Bitdefender partners – this qualification only expands the range of IT security options which Lineal can offer to our customers and we look forward to delivering a high quality service for those interested in using Bitdefender.’

‘There are only a handful of Bitdefender partners in the South West, and Lineal are delighted to be one of them.’

 

For IT security advice and support, contact Lineal today.


Fake DVLA Emails: Tracing a Trojan Scam

Continuing our recent series on email phishing trickery including fake invoices and Apple ID theft, this week we discovered a new scam involving a fake communication claiming to be from the Driver & Vehicle Licensing Agency (DVLA).

You haven’t sent them your vehicle details: but never fear, enter them below and avoid a hefty ‘1000 GBP’ fine. Never mind that your garage should have organised a V5 document for you, just click the link and type in your details. This couldn’t be a scam? Right?

We set Lineal’s security trainee Lewis on the fake DVLA emails case – who found that the email links to a private (non Gov.uk) web-page with a extensive bit of PHP code running in the background. A classic Trojan, this webpage invited you to download your casefile – and likely something dangerous along with it.

trojan

Despite poor grammar, the format matched a GOV.UK page quite closely and the ‘official’ nature of the styling might easily have tricked unsuspecting motorists.

Avoiding the page itself, Lewis completed an HTTPS lookup on the domain hosting the fake web page – but found two servers running the same scam. The email itself appeared to be routed via the USA, in an effort to mask the attacker(s) identity.

Tracing both IPs seperately led back to the same address in Germany, registered under two different names which could either be part of an organisation (or more likely) both assumed identities stolen from others fallen victim to the scam.

German privacy law prevents Google StreetView from being completed across most of the country, so an aerial view of an unknown industrial building on the outskirts of Lippstadt was a close as we could get to sourcing the suspicious email itself.

Clearly a sophisticated operation, fake DVLA emails like this highlight the growing technical ability of online scammers and the need for solid IT security precautions.

 

For IT Security advice and support, contact Lineal today: 01271 375999


Hunting Down Email Scammers

 

Here at Lineal we check a lot of suspicious emails – containing everything from fake invoices, dodgy downloads and even new ‘Zero-day’ ransomware threats not yet seen elsewhere on the internet. Cyber-security is a rapidly developing battlefield.

Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.

‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.

The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.

The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.

Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.

Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.

A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)

Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.

Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.

As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.

 

For IT Security advice and support – contact Lineal today.


2017: Be Prepared

2017

With data security making national news headlines, 2017 is only likely to put increasing pressure on businesses of all sizes to take sensible precautions.

But with IT moving so fast, what innovations are likely to lead the way through 2017? Exactly what sensible precautions will most tech-savvy companies be taking?

 

Cloud is good…

The worldwide push for ever more cloud-based systems appears to be unstoppable. A recent report from Synergy Research Group has suggested the global market for cloud computing grew by 25% to September 2016, reaching a staggering $148 billion in value.

It’s hard to see this not continuing, with companies relying on the convenience and automation of stashing growing quantities off-site backups in the cloud – using services like Office 365 as their private vault. As we’ve covered before: holding assets like email in the cloud actually gives you better protection than most people’s private server.

 

…..But Hybrid Cloud is better still.

But 2017’s smartest will be looking further ahead to Hybrid Cloud systems. As IT Pro recently noted, many companies report using more than 5 backup systems, but have no planning for speed of recovery should that data actually be needed urgently during 2017.

Getting all that data back may present a problem if your organisation is large, meaning hybrid on-site/cloud services like Lineal’s Disaster Recovery Service are likely to become the most flexible middle option. Keeping both a synchronised backup on-site, and a copy with a relatively local cloud service, leaves even the most vulnerable business with the maximum number of options.

 

Change your passwords

If you don’t already change passwords regularly, the security benefits cannot be overstated. Stolen data can often be circulated on the internet many times, so changing passwords regularly keeps not only your business secure, but helps prevent repeat data theft from being profitable. 

Whilst everyone still has a ‘New Year’ mindset and are prepared to accept a little change, it’s worth updating those passwords company wide. Remember to use a variety of different characters and choose something only you would ever guess.

 

Have a 2017 Plan A…. and a Plan B

Ransomware increasingly appears to be the organised criminal world’s cyber-weapon of choice and shows no sign of abating; expect to see more big UK high-street names get compromised this year by malicious emails. 

Antivirus companies may include ever more sophisticated heuristics to intercept malicious downloads before they begin encrypting your files, but ultimately only safe backups will ensure you can always restore to a clean set of data. Every firm should have a ‘Plan B’ for how to carry this out.

 

It’s all about Recovery Time

Expect to see Disaster Recovery (not just back-up and contingency) become a by-word for preparedness, with companies and organisations in every sector being judged not just by their number of backups, but by their costly hours of down-time. 

So if nothing else, start 2017 with an old piece of technology: a pen and paper. Work out what your business’ data recovery plan actually is, and how long it will take –  should the very worst happen.

 

Lineal can provide a range of IT security and business continuity solutions: contact our team today.


Microsoft opens new UK Data Centres

UK data centres –

Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.

The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.

Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.

Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.

In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.

For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.

The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.

 

Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.

 


4 Smartphone security threats you need to avoid:

smartphone security

We increasingly live in a mobile dominated world in which Smartphone sales have skyrocketed whilst traditional PC sales have stalled. With portable devices likely to be the future of many people’s IT use – we’ve put together a few of the main smartphone security threats you need to be aware of.

 

  • Mobile Phishing & Fake Apps

Phishing websites which pretend to be your bank in order to get your personal or financial details have been around for many years, but for few people imagine that this is also a big risk on their smartphone.

Fake apps are the most obvious modern incarnation of this scam. IT security specialist ESET recently showed that a popular app like Prisma spawns multiple fakes online, downloaded unwittingly over 1.5 million times before being pulled from Google Play, with many containing harmful malware which attempt to steal personal information.

Don’t attempt to download an anticipated app before it’s official release date, as it’s likely you’ll be downloading a fake. Avoid downloading apps from unknown third-party websites, check the comments for warnings from other users, and invest in mobile antivirus to intercept downloaded threats to your smartphone security.

 

  • Old-fashioned Theft

In addition to fitting in your pocket, your phone contains a staggering amount of personal information about you which makes theft a real danger – everything including your personal details and those of friends/family, your emails, GPS coordinates of places you regularly visit and more: all stored on the device.

Home Office research suggests iPhones are the device most likely to be stolen – perhaps reflecting the Apple smartphone’s high value, quality and distinctive branding.

In addition to setting numeric pin codes on every device to prevent the danger of theft, tracking and lifesaving wiping tools like are strongly advised.

 

  • Public Wi-Fi Networks

With the proliferation of portable devices, many businesses, particularly in retail, offer public Wi-Fi hotspots to customers.

The problem with this is that you’re sharing a network with… whom? Terrifying free tools like [Redacted – obviously] and [Redacted] allow anyone on a shared public network to view insecure websites you visit, and snoop on any keystroke you type.

Not every public Wi-Fi network is a security nightmare, but it’s sensible to avoid using public Wi-Fi to do anything sensitive, such as online banking. A 4G data connection or simple telephone banking is the easiest alternative if you’re on a mobile phone, and likely to be more secure than a public Wi-Fi Network.

It should probably go without saying that you shouldn’t connect to entirely unrecognised, unsecured or unknown Wi-Fi networks either. For obvious reasons.

 

  • Being Personally Targeted

The problem with the wider shift to portable devices is that we carry our workplace into the outside world. Many of us expect complete access to our business data on our smartphone (as we would on our PC) wherever we are.

But carrying your work phone outside work means you’re also outside the protection of in-house IT security software and firewalls.

A simple phishing email can easily be targeted to you outside working hours when you’re ‘off-guard’, and the potential loss of confidential company data could be devastating.

Of course, many of the best IT security software providers now offer Android & iOS smartphone versions of their antivirus software – so why not extend your business’ IT security to your smartphone?

 

For IT support and security guidance – contact Lineal today.


Lineal at 50th North Devon Show 2016

North Devon Show

Team Lineal recently attended the 50th annual North Devon Show, setting up alongside a range of local businesses in the show’s ‘Arcade’ tent at the Umberleigh show ground.

Visitors to our stall at the largest one day event in North Devon received free 30-day trials of Microsoft Office 365 (along with many free sweets!) to celebrate Lineal recently becoming a Microsoft Gold Partner. We also took the opportunity to showcase our SQLWorks business software, ShoreTel Unified Communications systems, ESET security software, and much much more.

“As a local business, Lineal are always pleased to be able to attend the North Devon Show” explained Lineal’s managing director Mike Matthews: “the huge variety of enthusiastic local firms and organisations exhibiting here always make the day a success, and there’s always something new to see.”

Two days of rain beforehand didn’t dampen spirits, and the show itself was sunny and well attended by thousands of both North Devon locals and tourists to the area.

We’ll see you next year!

For IT Support, systems and software expertise – contact Lineal today.


Fake Invoices – Don’t enable document malware!

fake invoices

This week’s IT security alert from Lineal – fake invoices which ask users to run a dangerous piece of code.

The example above comes from a fake Word document emailed with a typical text line, such as ‘Please check this invoice’ or ‘Double check my numbers for me’, to an unsuspecting user.

Upon opening, the document appears to load a popup from Office 2016 prompting the user to ‘Enable Content’ for compatibility purposes, before they can view the detail of the ‘invoice.’

In fact, the display is just an image within the word file, and the ‘Enable Content’ content button instead runs a piece of Visual Basic code downloading unknown malware from the internet.

The scam relies on users’ curiosity at the unusual $1999.00 charge, and upon reaching a user still running an outdated version of Microsoft Office.

 

Several measures can be taken to prevent this kind of attack:

  • Don’t click any popup that doesn’t visibly pop ‘open’ in Microsoft and don’t ‘Enable Content’ you can’t see in a document.
  • Consider an email filtering service like Barracuda – in the above example, Barracuda had recognised this email as malicious and stripped the code from the document before placing it in the correct email inbox for the intended recipient.

 

For IT Security advice and guidance – speak to Lineal today.


You spoke, we listened – Results of the Lineal Client Feedback Survey 2016

customer support

It’s that time of year again – when we ask you how we’ve been doing, and what Lineal can do to improve the quality of our technical support.

Firstly, a big thank you to those of you with kind words to say about members of our IT help desk. Our team found your kind comments to be enormously supportive and it’s good to know that so many of our customers value the contribution of their account manager so highly.

83% of you felt we met the technology needs of small to medium size businesses ‘Well’ or ‘Very Well’, and 89% felt we understood your IT queries ‘Very Well’ or ‘Extremely Well.’ Overall, 85% of you rated our customer support ‘Good’ or ‘Great.’

We weren’t perfect however – some of you felt we’d been slower to respond to certain emails and call-backs recently, and we’re putting in place new measures to address this: we’ll be adding to our team in coming weeks to help manage our responsibilities to our ever-growing number of IT support clients, and to ensure clearer communication between our team and customers during ongoing project work.

Your comments included an insightful mix of both praise and constructive criticism which we’re reviewing carefully – but here were a few of our favourites:

  • “A good “local” company. Always on hand.”
  • “As a small organisation of mainly non IT literate users Lineal staff always respond to queries in language we understand and without making us feel stupid!”
  • “Would like to thank Martyn especially, and dealing with mostly one person simplifies things.”

Thank you to everyone who gave us their feedback, it will inform our future decision making and help us provide a high quality of customer support.


Windows Server 2003 vulnerability for 1 in 5 businesses

Windows Server 2003

Nearly 1 in 5 Windows Server users are still running Windows Server 2003 at great risk, more than a year after Microsoft announced end of security support for the product, new findings have shown.

Research by Spiceworks and Cloudphysics both found that 18% of Windows Server licensing market share is still taken up by Windows Server 2003, based on data recorded in June 2016. More than 53% of those surveyed also still ran one or more instances of Windows Server 2003 somewhere in their organisation.

Anyone still using the old software risks becoming vulnerable to security threats, which Microsoft will no longer address, with many organisations potentially being in violation of their compliance, insurance or regulatory obligations for data protection.

The continuation of Windows Server 2003 (which Tech Radar last year touted as potentially “the biggest security threat of 2015”) has been left unresolved within many companies, many of whom believe they lack a clear decision, expertise, or funds to replace the now unsupported operating system.

In the short term the best measure is risk mitigation: isolate any Windows Server 2003 systems as much as possible to prevent access by outside security threats.

But sooner or later, all companies will need to upgrade important systems, and those that do make the move are less likely to invest in the capital expense of physical hardware as they were over a decade ago – with increasing numbers likely to utilise an outside IT provider to migrate to a managed virtualised solution, for example business cloud services.

For Windows licensing support or guidance, please contact Lineal today – 01271 375999 or click here.


Zepto Cryptolocker Alert: Lineal intercepts dangerous zero-day threat with ESET Antivirus

Zepto

Yesterday Lineal’s team successfully rescued a client from a new ‘zero-day’ Cryptolocker Virus which nearly destroyed many of their files.

The dangerous variation of the ‘Zepto’ cryptolocker, only identified online during the last 24 hours, is believed to be a brand new threat originally derived from ‘Locky’ ransomware.

An employee at one of Lineal’s IT support clients recently opened an email containing an infected file – a malicious piece of obfuscated code written in Visual Basic scripting language. The installed Zepto cryptolocker began encrypting the company’s files, readying to demand a heavy ransom.

In a coordinated attack, an outside user also forced access to our client’s server, instructing it to begin sending fake Barclays ‘phishing’ emails, attempting to criminally capture banking details.

Our team caught both threats early, forcefully locking out the intruder in mid-session, identifying the employee who introduced the threat, and quarantining the infection with ESET’s business endpoint security. 

Lineal then notified ESET about Zepto to help with future identification, having avoided the need to restore all the clients files from backup at great disruption.

The landscape of online security threats is rapidly changing, and Cryptolocker variants have spread quickly in recent months.

In this case Lineal’s rapidly responding team and professional security software helped our client dodge the huge potential losses from the security breach – and highlighted how vital it is that organisations of all sizes take proactive steps to protect their IT from hostile intrusion.

 

For IT security advice and support, contact Lineal today.


One in four PCs running outdated versions of Internet Explorer

Internet Explorer

New research by security company Duo has suggested that as many as 25% of Windows PC users are running out of date versions of Microsoft Internet Explorer.

Among Windows XP legacy users the problem is particularly acute, with more than half still running Internet Explorer 7 or 8, rather than upgrading to version 11.

Duo suggest this is putting thousands of PC users at risk of exposure to over 700 security risks caused by known viruses, malware or other online threats via their now outdated and unsupported web browser. In particular, un-patched exploits via popular third-party plugins such as video player codecs pose a likely danger.

Microsoft are currently offering Internet Explorer’s latest replacement, the superior Microsoft Edge, free to every user with a Windows 7 license who chooses to upgrade to their PC to Windows 10 before the 30th of July deadline.

Alternatively, users should consider the pushier update-reminding Mozilla Firefox, or Google’s automatically updating Google Chrome offering, along side a tried and trusted security software (such as the excellent ESET NOD32 Antivirus,) to ensure that the technology they use for private data transfers such as email and online banking, remain private.

Contact Lineal today for IT advice and support: 01271 375999 or email [email protected]


Phishing Emails that know your home address spread

 

Hundreds of people have received new types of phishing emails which knows the individual’s home address.

Clicking the link in the dangerous email, which as a appears very authentic request to pay an overdue invoice, installs devastating cryptolocker ‘ransomware’ on the user’s computer.

The virus then begins encrypting files, demanding a ransom be paid to unlock the user’s data.

According to the BBC the unconnected company cited in the email, cotton fabric manufacturer British Millerain Co Ltd, have received more than 150 phone calls from individuals concerned that they owe money.

Phishing emails and websites, which typically mimic official bank or company communications to trick vulnerable users into making payments to criminals, are becoming increasingly sophisticated.

The use of an individual’s personal address, and higher quality written English, suggests the original creator of the email has gone to greater lengths to make the email look convincing and to avoid detection.

It is also likely that the matching address originates from stolen, legitimate customer data, accounting for users’ recognition of the way they write their own home contact details.

New threats are constantly developing, and Lineal recommend installing an antivirus software with a strong record of catching emerging online threats – such as ESET.

 

Always follow some simple rules:

  • Never click a link or open an attachment from any suspicious email whose origins you do not recognise.
  • Banks and similar will NEVER request your private passwords, pin numbers or other confidential information. Do not disclose these to anyone.
  • If hit by cryptolocker style ransomware, every second counts – seek professional technical support immediately.
  • Always keep a regular, separate backup of your files.

 

Photo Credit: BBC News


WhatsApp Encryption Launches

 

Popular messaging app WhatsApp have launched end-to-end WhatsApp encryption for over one billion users.

The new security capabilities introduced by the Facebook owned company ensures that every message remains encrypted during transmission, preventing even WhatsApp from reading user data.

With encryption and technological privacy issues regularly appearing in recent news headlines, the WhatsApp encryption upgrade comes at just the right moment for the security concerned, after more than two years of delays in development across multiple platforms.

Much like during Apple’s recent legal dispute with the FBI, the move would also prevent the release of confidential user data following a court order. According to reports from the New York Times, the technology provider have been reported to already be in a longstanding dispute with the US Department of Justice over user data.

WhatsApp are making it clear they support absolute user privacy, with “not even WhatsApp” able to read the encrypted data, and users able to verify their connections are secure via a 60 digit or QR code swap.

From today, the WhatsApp conversation screen will now display an official notification to all users – confirming that their messages are encrypted successfully.

 

For hardware and software security advice – contact Lineal today.


Cryptolocker Warning from Lineal

 

Cryptolocker Warning: in the past fortnight we’ve seen an increasing number of companies hit by sophisticated cryptolocker viruses.

These dangerous programs, often installed by accident, lock your files over time, encrypting data and eventually demanding victims pay a ransom to retrieve their irreplaceable data.

In all of these cases, security products were installed but they did not protect against the threat. In our experience the only product that is reliably detecting these new threats and offering sufficient protection at this time is ESET. Older, less effective or out of date security products are offering little or no protection against these new cryptolocker variants.

Once affected by a cryptolocker, there is no way to de-encrypt scrambled files without paying the ransom, and users must remove the trojan before recovering recent versions of a file from their backups – highlighting the importance of a regular backup plan for data.

Please don’t be the next one to get caught out – talk to Lineal today about IT security options to ensure your valuable data is protected.

 


The Windows 10 update you didn’t notice

 

Windows 10.1 updates security

With ‘Windows 10.1’ now barely a month old, and the Microsoft operating system already running on over 12 million business PCs, how fares Microsoft’s free updates strategy?

Windows 10.1 update was released with relatively little fanfare (be honest, you didn’t notice) adds features that, understandably with hindsight, might have been a distraction at the main Windows 10 release back in July.

Packaged within were mainly performance and security upgrades – Windows 10.1 will now boot almost 30% faster than an old Windows 7 system on the same device, the Cortana virtual assistant has some new handwriting recognition skills and there are new enterprise tools for mobile devices. Microsoft Edge runs smoother too, offering previews of tabs before viewing and syncing favourites across devices.

Most importantly, after recent corporate data breaches in the news, Microsoft have added a range of new security safeguards. These including ‘Windows Hello’, supporting enterprise grade biometrics including fingerprint and facial recognition – sadly currently only available for US users.

Aside from controversy surrounding user privacy then (if you didn’t notice your Windows 10.1 update, that’s maybe because Microsoft installed it automatically on your device without asking you) the first free update went ahead with relevant additions and limited fuss.

Starting free updates officially moves Microsoft into line with Apple’s OS X business model that has become the industry standard. Yet limited promotion of Windows 10’s ongoing development risks downplaying Microsoft’s progress.

Which would be unfair, because Microsoft is plainly taking extra care to develop the business security of their product range, including the excellent Office365, Microsoft Azure and now Windows 10.1. Microsoft is clearly listening to business’ fears, and businesses should welcome it.

 

For help and support with Microsoft enterprise IT, contact Lineal today.


Keeping your business IT secure – What’s the perfect password?

IT-Security

How to keep your IT Secure

Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?

Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.

Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!

Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.

Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!

Here at Lineal we’d also advise against ‘Remember Me’ automated sign-in functions, as well as Windows 10’s new Wi-Fi password sharing ‘Wi-Fi Sense’ Feature, as these make your chosen password redundant.

If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.

Lineal’s advice is to stick to the following basics:

Avoid physical theft:

  • Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.
  • Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.
  • Never tell anyone your password, and change your password if you suspect it has been compromised.

Ease of Access:

  • If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.
  • Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.
  • Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.

Preventing digital theft:

  • Use different passwords for your most important accounts, such as online banking.
  • Use two-stage authentication.
  • Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.
  • Consult IT specialists to ensure office networks are protected from outside attacks.

Your security should always be strong enough to give peace of mind. Lineal can provide expert advice and support for securing your IT systems: why not get in contact with us here?

More from Lineal News

Flikr: Jason Baker