Category: Blog

Exchange Server 2010 End of Support is (Still) Coming

exchange_2010

Exchange Server, like almost all Microsoft products, has a support lifecycle during which we provide new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support. When Exchange 2010 reaches its end of support on January 14, 2020, Microsoft will no longer provide:

Technical support for problems that may occur
Bug fixes for issues that are discovered and that may impact the stability and usability of the server
Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
Time zone updates
Your installation of Exchange 2010 will continue to run after this date. However, due to the changes and risks listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible. Read more…

Microsoft to end support for Windows 7 in 1-year from today

windows7

A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system.

So it’s time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that’s precisely one year from today.

After that date, the tech giant will no longer release free security updates, bug fixes and new functionalities for the operating system that’s still widely used by people, which could eventually leave a significant number of users more susceptible to malware attacks. Read more…

Top 25 Cloud Backup Enablers List for January 2019

Top-25-Cloud-Data-Backup

The market has witnessed the rise and fall of many start-ups and stabilization of others. Interestingly, the companies that have gained a strong foothold in the industry are not all similar. There is a subtle distinction in the nature and types of services they offer. Some of these companies are pure enablers, while others combine enablement functions with direct-to-market services. Yet others, may license the software from enablers with or without re-branding options and service the cloud backup service needs of their clients. Read mode…

Self-Encrypting Drives Have Multiple Vulnerabilities

storage sed

Vulnerability Note VU#395981

There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs), which can allow an attacker to decrypt contents of an encrypted drive.

There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user, allowing the attacker to decrypt information encrypted with that key.

According to National Cyber Security Centre – The Netherlands (NCSC-NL), the following products are affected by CVE-2018-12037:

 

  • Crucial (Micron) MX100, MX200 and MX300 drives
  • Samsung T3 and T5 portable drives
  • Samsung 840 EVO and 850 EVO drives (In “ATA high” mode these devices are vulnerable, In “TCG” or “ATA max” mode these devices are NOT vulnerable.)

Read more…

 

 

SamSam Ransomware – Alert (AA18-337A)

uscert

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.

The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms. Read more…

Marriott faces massive data breach expenses even with cybersecurity insurance

marriott

Marriott’s total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.
Marriott’s disclosure of a data breach impacting as many as 500 million consumers is going to result in technology, security, and legal expenses for years to come — and the tab is likely to be in the billions of dollars.
The hotel company said that information on about 500 million guests may have been breached on its Starwood network since 2014. For about 327 million of those guests, personal information such as date of birth, gender, email, passport numbers, and phone numbers may have been exposed. In some cases, payment card information may have been exposed, but that data was encrypted. Read more…

Hackers are opening SMB ports on routers so they can infect PCs with NSA malware

router

Akamai says that over 45,000 routers have been compromised already.
Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.
The way hackers achieve this, Akamai said, is via a technique known as UPnProxy, which the company first detailed in April this year.
The technique relies on exploiting vulnerabilities in the UPnP services installed on some routers to alter the device’s NAT (Network Address Translation) tables. Read more…

3 ways for your business to spot a spear phishing email during the holidays

Cyberattacks on organizations are predicted to skyrocket during the online holiday shopping season. Here is how to identify possible threats.

Beginning with Black Friday and Cyber Monday, cyberattacks are predicted to spike throughout the entire holiday shopping season, according to the recent Carbon Black Holiday Threat Report. These attacks are on track to increase by nearly 60% this season alone, the report found.

Last year, global organizations faced a 57.5% increase in attempted cyberattacks during the holiday season, according to the report. The 2016 holiday season also saw an increase in cyberattacks 20.5% above normal levels. History has repeated itself year after year, so companies and consumers should remain cautious when online shopping in the next month. Read More…

IBM to acquire Red Hat in deal valued at $34 billion

  • IBM announced plans to acquire Red Hat in a deal valued at about $34 billion.
  • Prior to the acquisition, Red Hat’s market capitalization stood at approximately $20.5 billion.
  • The acquisition is by far IBM’s largest deal ever, and the third-biggest in the history of U.S. tech.

IBM is acquiring Red Hat, a major distributor of open-source software and technology, in a deal valued around $34 billion, the companies announced on Sunday. 
According to a joint statement, IBM will pay cash to buy all shares in Red Hat at $190 each. Shares in Red Hat closed at $116.68 on Friday before the deal was announced. 
The open source, enterprise software maker will become a unit of IBM’s Hybrid Cloud division, with Red Hat CEO Jim Whitehurst joining IBM’s senior management team and reporting to CEO Ginni Rometty. Read more…

Cisco pays cool $2.3 billion for hot security company Duo

Cisco today laid out $2.35 billion in cash and stock for network- identity, authentication and security company Duo.

According to Cisco, Duo helps protect organizations against cyber breaches through the company’s cloud-based software that verifies the identity of users and the health of their devices before granting access to applications with the idea of preventing breaches and account takeover. Read more…