SpireTech Blog - Category: Security
IT Security topics
Our service desk always gets a lot of questions about whether or not an email is legitimate. If you suspect an email is not legitimate, it probably is not – usually your gut instinct is correct here. 95% of the time the email is not legitimate. You can refer to our earlier 3-minute instructional video on the subject here:
Some of the recent scams that we’ve seen are:
- Fake invoice emails, sometimes with attachments, sometimes claiming a bill is past due
- A real secure email (like you would get from a bank or secure email sending service) that contained spam inside it, sent from a hijacked account
- Fake docusign emails with an html attachment
Many of these emails are easily detected using the techniques outlined in our educational 3-minute video contained in the link above, which includes:
- Instructions on how to examine the sender email
- How to inspect links for validity
Spammers are lazy, and these simple techniques will allow you to hit the delete button on the majority of these emails. Please watch the video, and if you aren’t sure about an email, always send it to us for an opinion. Read more...
On Tuesday March 2nd, Microsoft announced a new zero-day vulnerability targeting Exchange email servers. M365 Exchange online is not affected. Microsoft quickly released out-of-band patches to address the vulnerability. Our NOC (Network Operations Center) immediately went into action, patching client’s exchange servers late into the evening.
For more information on the breaches, please see the following articles:
- Tech Community / MS Patch Response – Released: March 2021 Exchange Server Security Updates – Microsoft Tech Community
- MS Security Center Response – Multiple Security Updates Released for Exchange Server – Microsoft Security Response Center
Unfortunately, this information comes to light after the exploits have been observed in the wild by security researchers, as is often the case with these vulnerabilities. Our NOC has been examining systems looking for evidence of attack, and we believe that the attack is more widespread than Microsoft initially disclosed. We will be notifying any affected clients directly. Read more...
Legacy Edge (the first version of the Edge Browser) and Internet Explorer 11 will no longer be able to access any Microsoft online services on August 17th of this year. Microsoft has installed tools to redirect users to the new Edge Browser.
On March 9th 2021, Legacy Edge will stop receiving security updates. Some banks and websites are still requiring Internet explorer for compatibility with their sites.
Everyone should be using a modern browser, such as the new Edge, Chrome, or Firefox. If you access websites that claim to require Internet Explorer, those websites will need to be updated very soon for compatibility with modern browsers.
SpireTech does not use any SolarWinds software. However, the longer-term effects of this hack are likely not going to be known for a while – if at all – because SolarWinds was used by many government agencies and larger enterprise companies.
As of this point, we know of no customer-affecting data breaches as a result of this hack. However, with a hack of this magnitude, it is important to consider the larger supply chain – perhaps even your vendor’s vendors. For example, Microsoft makes extensive use of contractors. Microsoft has disclosed they were affected by the SolarWinds hack and there was unauthorized read-only access to their source code repository. No access to customer data has been reported or disclosed as of this writing.
Evolved from Emotet and Trickbot malware, Trickboot has the ability to modify your computer’s firmware – basically, the portion of code that lives in chips in your motherboard – to survive even after a complete wipe and reinstall of your hard drive.
The best defense against this malware is user education – typically, a user is tricked into opening a compromised Word document, usually received via an email attachment or link, and accepting macros. This causes the malware to execute and potentially download other harmful malware to your computer. Be sure that any attachments you receive are legitimate – even attachments from “trusted” senders could be compromised. If in doubt, forward to our helpdesk for advice on how to proceed.
Microsoft is transitioning Internet Explorer 11 to End-of-life status. Internet Explorer became unsupported by Microsoft Teams on Nov 30th, 2020 and it will cease to be supported by Microsoft completely on August 11, 2021. Microsoft has installed tools to redirect users to the new Edge browser.
The new Microsoft Edge is powered by Chromium, the same browser engine that powers Google Chrome – and has vastly superior compatibility with websites when compared to the previous version of Microsoft Edge or Microsoft Internet Explorer.
We recommend anyone still using Microsoft Internet Explorer 11 stop doing so now, and switch to a supported browser – such as the new Microsoft Edge, Mozilla Firefox, or Google Chrome.
Over the last two months, we have seen several customers have their WordPress websites hacked. Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse. All sites were successfully recovered from backup and repaired by our IT Service desk, which is a billable event.
Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices. Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting.
In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page. Bots will try the default login URL to find your login page. Simply changing this URL to something unique will give them nothing to probe. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you. Caution