11Jan 2021 by nathan

Ubiquiti Breach – Change your password, enable 2FA

Industry News, Tech news
Ubiquiti has been notifying it's customers today (Monday, 11 January 2021) that it had "...became aware of unauthorized access to its systems hosted by a third-party cloud provider...". The notification email was relatively vague (screenshot below) but he point of the email was very clear, change your password and enable 2FA if you haven't already. According to the notification, the data that any potential attackers were able to get was minimal (name, email address, and the one-way encrypted password to your account and address and phone number if you provided it) but, to a skilled attacker, certainly not low value. If you have any Ubiquiti gear deployed, we would recommend taking this opportunity to change the password and enable 2FA. Additional information TechCrunch ArticleKrebs on Secutity
Read More
21Dec 2020 by nathan

December 2020 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary We will be closed Thursday, 24 December and Friday 25 December to celebrate Christmas with family and friends. We will be closed on Friday, 1 January 2020 for New Years Day.Probably the biggest news for December (so far, 2020 isn't over yet) is what looks to have been a very successful compromise of SolarWinds with impacts reaching both far and wide including the Department of Energy, National Nuclear Security Administration, Treasury and a who's who of other critical infrastructure and large enterprise. There's additional information from FireEye here and Krebs here but, short term, removing anything related to SolarWinds immediately would likely be a good plan. Microsoft patched 58 vulnerabilities this month with only nine listed (by both Microsoft and SANS) as critical and none currently being actively…
Read More
17Nov 2020 by nathan

November 2020 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary We will be closed Thursday, 26 November 2020 and Friday, 27 November 2020 to celebrate Thanksgiving with family and friends. We are currently beta testing our device to tether your office network to your mobile phone / hotspot to provide emergency / backup Internet access to your office network. We hope to have a production version available mid December.Microsoft patched 112 vulnerabilities this month, tipping the 100 vulnerabilities in a month scale again. One update, rated as Important by Microsoft, is being chained with a Google Chrome vulnerability and exploited in the wild. Microsoft patched 112 vulnerabilities this month, 17 were classified [by Microsoft] as CRITICAL, 93 rated important and 2 rated moderate. One vulnerability patched this month , CVE-2020-17087, is rated by Microsoft as important but is…
Read More
12Nov 2020 by nathan
I moved my website and now my email doesn’t work? Help!

I moved my website and now my email doesn’t work? Help!

Industry News, Tech news
So, you've hired an awesome website designer to create a new website, got the new website setup and running and all kinds of awesome but now your email doesn't work. Believe it or not, it's something that happens a lot and it's usually a pretty simple fix. First of all, what's happening? In many cases, web designers and marketing companies have preferred companies that they use for web hosting. It may be because that hosting company has better pricing, a preferred management console (cPanel, Plesk, etc.), that the designer is more familiar with or the hosting company offers high commissions but it's rare that the designer wants to or will put the new site wherever the old site was. Without getting too deep in the weeds here, what's happening is…
Read More
05Nov 2020 by nathan

In an emergency, use the mobile hotspot on your phone to get Internet for your office

CTC NEWS, Tech news
With the recent bad weather that moved through the southeast from Tropical Storm Zeta, we and a number of our customers, were without Internet for an extended period of time. We and many of our customers depended on our Internet connection for things like email, Point of Sale (POS) systems, etc., so the Internet outage was crippling. In some cases, the ISP has a wireless backup option but a) there was an additional monthly cost and b) it wasn't immediately available. As a work around at our office, we built a small device (based on our Network Ninja) that connected a mobile phone and our firewall and, using the phone's mobile hotspot, got the office Internet access for all of our computers and VoIP phones. It worked very well and,…
Read More
15Oct 2020 by nathan

October 2020 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary The US Treasury Department released an interesting advisory earlier this month suggesting they were prepared to file civil charges against the victims of ransomware who pay the ransom and anyone offering material support.Microsoft released patches for 87 vulnerabilities this month, making it the first month in 8 with less than 100 (and the first in 5 with less than 120).Twelve of this months patches address vulnerabilities considered by Microsoft to be critical.Adobe released a patch for a critical vulnerability in Flash Player that affects Windows, Apple / Mac, Linux and ChromeOS. Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include…
Read More
07Oct 2020 by nathan

Interesting advisory from the Treasury Dept. regarding ransomware

CTC NEWS, Industry News, Tech news
If you are a potential ransomware victim, an insurance company who provides ransomware protection, an IT Services provider or financial institution who may provide services to a ransomware victim, the latest advisory from the U. S. Treasury Department suggesting that you may be subject to civil penalties if you pay, recommend paying or facilitate the payment of a ransom may be worth a read. The U.S. Department of the Treasure's Office of Foreign Assets Control (OFAC) released an advisory on 1 October 2020 that suggests that it can and may pursue civil penalties against victims of ransomware who pay the ransom as well as third parties who recommend or facilitate ransomware payments. I've linked the advisory below and have copy / pasted some of the pertinent sections of the advisory…
Read More
24Aug 2020 by nathan

Zoom Outage

Industry News, Tech news
We have received a number of reports that Zoom is down. We have looked into the matter and it does appear that Zoom is having problems, it looks like the issue is specific to the Zoom Web Client and that it is not impacting the Zoom desktop clients. Additional information is available from Downtime Detector via the link below: https://downdetector.com/status/zoom/
Read More
05Aug 2020 by nathan

OpSec is hard. Lessons learned from the Twitter hack arrests.

Industry News, Tech news
As many of you may already know, social media platform Twitter was attacked on 15 July 2020 and 130 high-profile accounts were taken over and used in a scam to collect Bitcoin. During the attack, there was a lot of discussion and marvel at the scope and complexity of the attack and a $1 million bounty was offered to "those who successfully track down and provide evidence for bringing to justice the hackers / people" [behind the attack]. Coverage of the attack and 'buzz' on social media continued for a couple of days. Fast forward to this morning and one of the first things in my news feed was an article that the 17 year old alleged mastermind of the attack was arrested after authorities tracked him down using a…
Read More