SpireTech Blog - Category: Security
IT Security topics
A new vulnerability affecting most Dell computers was announced this week. The vulnerability cannot be exploited remotely – but we have remediated the issue.
Our NOC team prepared an automation and removed the vulnerable file from all Dell systems supported under our VIPsupport management. Dell is releasing updates to their firmware update tool that will prevent this vulnerability from being exposed or reinstalled.
For more information on the vulnerability, you can visit Dell’s webpage regarding the issue here.
Apr 1, 2021
On the one-year anniversary of our cloud server migration solution, we’d like to re-post a youtube video of it in action: https://www.youtube.com/watch?v=ySvx4-6K8sQ
Ubiquiti, a vendor best known for inexpensive and reliable Wi-Fi gear has been hacked. Rumor is that an employee’s LastPass credentials were stolen, which allowed hackers access to Ubiquiti’s entire infrastructure, including customer data, passwords, and so on. The IT community has been annoyed by the vendor’s evasiveness in its response.
While we use and recommend Ubiquiti Wi-Fi gear, we do not use their cloud-hosted wireless management servers, and do not store information on Ubiquiti servers, so we do not believe our clients are impacted.
For more information on the breach, see https://www.theverge.com/2021/3/31/22360409/ubiquiti-networking-data-breach-response-whistleblower-cybersecurity-incident
Our service desk spent an unusual amount of time last month troubleshooting internet connectivity related issues for clients. Typically, we’re looking at speed or downtime issues at an office that workers are trying to connect to over VPN to work remotely. Oftentimes, we’re spending a lot of time dealing with technical support at the various ISP’s around town – which has led us to have opinions on who is good and who is not in the Portland metro area. It is almost always the ISP’s problem, and certain ones have earned a well-deserved spot on our “bad” list for being time-wasters or just plain unreliable. Talk to us before you order internet, please.
What can we do to mitigate these speed or reliability issues? There are two things:
- If you are keeping your office long term and have a second ISP available in your area, we can look at redundant internet connections, combined with a Bigleaf appliance. Bigleaf is a local company in Beaverton that offers affordable appliances that handle redundancy and speed optimization automatically. This is also useful when you are using a phone system that relies on the internet to function, such as VoIP.
An update that Microsoft released in March caused issues for many users, ranging from printouts and PDF exports containing no text, jumbled text/graphics, applications freezing or giving errors, or even a full system crash (aka “blue screen”) when attempting to print. We quickly blocked it from being installed, but had to roll it back on many systems where it had already been deployed. The “fix” to the patch that was subsequently released also caused further issues. This is unfortunate, because the patch also contains important security fixes.
We believe that the next update that will be released in April will fix the bug but we are proceeding carefully. For further technical information, please see the following article: https://windowsreport.com/kb5000802-kb5000808-bsod/
We aren’t sure why this isn’t “Headline News”, but it should be: Due to a technical glitch or human error, Microsoft recently deleted files from some SharePoint online sites. Across our client base, one customer was affected – to the tune of approximately 300k files missing, scattered randomly about their file structure.
There were grumblings online about this happening to others: https://www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/
Microsoft issued some advisories, but wasn’t fessing up to the cause, and technical support was extremely slow to assist or even acknowledge the situation. We believe the issue was related to an Azure AD authentication problem that happened around the same time – also plaguing lots of businesses – around March 15th, where people could not login to any Microsoft or other cloud services that depend on Azure AD for authentication.
So yes, this should underscore the message that you do need to backup your cloud storage using a service or specialized hardware. This would include all cloud vendors – not just Microsoft. As we all know and experience frequently, software bugs or human error can lead to data loss. Read more...
Our service desk always gets a lot of questions about whether or not an email is legitimate. If you suspect an email is not legitimate, it probably is not – usually your gut instinct is correct here. 95% of the time the email is not legitimate. You can refer to our earlier 3-minute instructional video on the subject here:
Some of the recent scams that we’ve seen are:
- Fake invoice emails, sometimes with attachments, sometimes claiming a bill is past due
- A real secure email (like you would get from a bank or secure email sending service) that contained spam inside it, sent from a hijacked account
- Fake docusign emails with an html attachment
Many of these emails are easily detected using the techniques outlined in our educational 3-minute video contained in the link above, which includes:
- Instructions on how to examine the sender email
- How to inspect links for validity
Spammers are lazy, and these simple techniques will allow you to hit the delete button on the majority of these emails. Please watch the video, and if you aren’t sure about an email, always send it to us for an opinion. Read more...
On Tuesday March 2nd, Microsoft announced a new zero-day vulnerability targeting Exchange email servers. M365 Exchange online is not affected. Microsoft quickly released out-of-band patches to address the vulnerability. Our NOC (Network Operations Center) immediately went into action, patching client’s exchange servers late into the evening.
For more information on the breaches, please see the following articles:
- Tech Community / MS Patch Response – Released: March 2021 Exchange Server Security Updates – Microsoft Tech Community
- MS Security Center Response – Multiple Security Updates Released for Exchange Server – Microsoft Security Response Center
Unfortunately, this information comes to light after the exploits have been observed in the wild by security researchers, as is often the case with these vulnerabilities. Our NOC has been examining systems looking for evidence of attack, and we believe that the attack is more widespread than Microsoft initially disclosed. We will be notifying any affected clients directly. Read more...
Legacy Edge (the first version of the Edge Browser) and Internet Explorer 11 will no longer be able to access any Microsoft online services on August 17th of this year. Microsoft has installed tools to redirect users to the new Edge Browser.
On March 9th 2021, Legacy Edge will stop receiving security updates. Some banks and websites are still requiring Internet explorer for compatibility with their sites.
Everyone should be using a modern browser, such as the new Edge, Chrome, or Firefox. If you access websites that claim to require Internet Explorer, those websites will need to be updated very soon for compatibility with modern browsers.