Tag: cybersecurity news

  • China sponsored hacking data dump highlights the importance of seeing the bigger picture when it comes to your cyber security protections

    China sponsored hacking data dump highlights the importance of seeing the bigger picture when it comes to your cyber security protections

    It’s not a new concept to many Americans that cyber warfare crosses all borders and boundaries and affects many areas of our day to day, from the increase in attacks at the start of Russia’s war with Ukraine, to concerns related to our voting systems and democracy, to even leaving US citizens nationwide transfixed over the implications of an errant balloon. Overseas sponsored cyber-attacks tend to strike a different chord with us than attacks that originate stateside.

    Many of us have heard of applications on our phones being rife with spyware connected to China, conversations about apps such as Temu or TikTok and how to safeguard our information from not only being sold and used in overseas ventures but even whether these apps are a potential threat vector have lead to talks about whether they should be banned outright. Again, the fear surrounding the unknown nature of the threat these apps may or may not pose is often palpable.

    Awareness is only one part of the equation when it comes to overseas invasions of a digital nature, agreeing on what to do about it, how to prevent it or whether it can even be prevented in our interconnected world is no small matter and something that is constantly debated at a government level.

    We don’t often have the proof needed to back up the claims that are made, however, that these cyber-attacks are occurring. As you would expect the threat actors behind attacks on other countries are experts in their field and covering their tracks can often be a matter of life and death for them.

    That’s why the leak that occurred this week of a 600-page document detailing a complex network of for hire hackers used to spy on Chinese citizens and conduct global cyber attacks is so shocking. The document which was posted to GitHub is being analyzed and experts are weighing in on what is nearly a first of its kind look at the inner operations behind global cyber warfare conspiracies that have proliferated news cycles for decades.

    This leak occurs during heightening tensions with the US and China and is being dubbed “the tip of the iceberg” by FBI Director Chris Wray who reported in October that Chinese cyber operations are the “biggest hacking program in the world by far, bigger than ever other major nation combined” in an interview with CBS News.

    You may be reading this now wondering, what does this have to do with me? Well besides the implications when it comes to our global security, cyber attacks don’t occur in a vacuum.

    Hackers are constantly looking for new ways to infiltrate systems and the aftermath is new threats are being released for public consumption. Not every hacker is an expert, and many attacks don’t have financial motivation and are simply orchestrated to disrupt.

    We need to come together as a community and make sure we’re doing everything possible to prevent our systems from being infiltrated and our devices from being used in potential attacks.

    Even if your business is unlikely to be targeted by an overseas orchestrated attack, that doesn’t mean it cannot be used to assist a specific hacker’s operations and the more ways we shut down cyber attacks as a profitable enterprise the better off we all will be.

    If you want to know how you can help or where to start, here are 10 items you can implement in 2024 that will be up your cyber security protections 10-fold.

    If you need help with the implementation of cyber security measures in your business, Valley Techlogic is the resource you’ve been looking for. We are experts in the field of cyber security and for helping businesses improve their cyber security protections and comply with government regulations and frameworks. Reach out to us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • If you have a computer or server with an Intel Processor, you need to patch for this vulnerability ASAP

    If you have a computer or server with an Intel Processor, you need to patch for this vulnerability ASAP

    Intel just released a fix for a vulnerability that would make certain CPUs in jeopardy of being compromised. The vulnerability would allow an attacker to gain privileged access to machines or trigger a denial-of-service attack.

    You can see the list of affected CPUs here, patching for this vulnerability may need to occur in phases including micro-updates to the BIOs, system OS and drivers. In a statement on their website Intel says malicious exploitation of this code would need execution of an arbitrary code (so it can’t be exploited with no input from the end user). They don’t believe patching for this issue will impact devices in a noticeable way.

    Originally discovered by a Google Security Engineering team and dubbed “Reptar”, a researcher at Google commented on how strange this vulnerability appears to be.

    The vulnerability changes how redundant prefixes, basically small bits of code, are interpreted by the effected CPUs. Normally CPUs ignore redundant prefixes for obvious reasons (the key word being “redundant”) but instead these prefixes triggered expanding errors within the system. The Google team found that when it was left without remediation eventually the affected machines would report processing errors and begin to malfunction.

    Destructive code like this is frightening because it may not just be a loss of data or temporary use of the affected machine, but it may cause the computer or server to fail altogether.

    This Isn’t the first CPU exploit Intel has suffered and they’re not the only ones battling attacks to their hardware, with AMD also announcing news of their own “CacheWarp” vulnerability that allowed attackers to gain root access to Linux Virtual Machines. So, if you thought these types of attacks were limited to Windows, think again. In this case the vulnerability only affects 1st through 3rd generation EPYC processors, the 4th generation is not vulnerable in this case.

    Also, with the AMD vulnerability it’s also important to note that while a patch is available for just the 3rd generation EPYC processor. For 1st and 2nd generation there is no mitigation available. As with Intel it’s not expected that the patch will have any effect on the CPU performance.

    Both companies have been very quick to patch these aggressive vulnerabilities and attacks like these highlight the need to make sure regular patching is a primary component of any tech service plan. Below are 5 key components we recommend when it comes to proactive technology support

    Proactive care is often a tough sell, with many business owners not feeling the need to spend the money on proactive tech care as these things “won’t happen to them”. It’s important to note that many attacks that occur are widespread and have no specific target in mind. If you have unpatched equipment in your office, you may be a sitting duck to any widespread attack issued to a vendor you use or because you bought a certain kind of hardware that ended up having a vulnerability. These attacks are ones of convenience not of malice as is often misconstrued.

    Even if it can be recovered from, why take the chance? Having a partner like Valley Techlogic to make sure vulnerabilities like the ones in this article are patched as soon as a fix is available means you will never be part of the eye-opening statistic about businesses who suffer a major breach. If you’re not aware, 60% of businesses close after a cyberattack. Don’t let that be you, reach out for a free consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Threat actors attack on cloud company leads to customers data being wiped completely

    Threat actors attack on cloud company leads to customers data being wiped completely

    Last week a Danish cloud provider called CloudNordic suffered a cyber attack that led to them losing all of their customers data in one fell swoop.

    The hackers who gained access to CloudNordic’s system immediately issued a financial demand that the company was unable and unwilling to meet and led to all of their data being encrypted by the hackers. The company said that no evidence of being hacked was left behind other than the encrypted data.

    This hack also effected their sister company, AzeroCloud, and both companies released identical statements on the ongoing issues they’re facing after this event, you can see the statement below translated to English from Danish.

    In an effort to start over the company has establish a new name and new servers and have offered to restore their clients to servers with the same name as they had previously, though they’ve also included instructions for customers who want to move their domains to new hosts.

    CloudNordic suspects the attack occurred while they were moving data centers, exposing them to already infected systems. As they were mid-migration it allowed the attackers access to their systems and even their own backups.

    CloudNordic states “”The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,”.

    They’ve stated while the data was scrambled during the attack, they don’t believe the attackers copied customers data as is typical with ransomware attacks, so it’s unlikely individual customers will be targeted to be ransomed back their data.

    No known ransomware group has so far taken credit for this attack. The company CloudNordic and their sister company AzeroCloud have both said they plan to try to rebuild from here without access to their previous data.

    At Valley Techlogic, backups are an important puzzle piece when it comes to maintaining the security of your business. For many businesses, a cyber event where all of your data is lost would be difficult to impossible to recover from. Many businesses that suffer attacks like these end up going out of business.

    That’s why we created our triple layer backup plan, TechVault.

    With TechVault you not only have an onsite copy of your data, there’s also a cloud backup and what we call an archival backup.

    This archival backup is what makes this program we’ve created special, as it’s write once read many. Basically, the data can be copied back to you as many times as needed but once it’s on there, it cannot be deleted.

    This, in addition to the 24/7 monitoring we provide as well as firewall, antivirus and other protections means your data is virtually bullet proof.

    If you would like to learn more about what makes Valley Techlogic a cyber security leader in the Central Valley, schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • More data breach woes for LastPass and our recommendations for you on how to deal with it

    More data breach woes for LastPass and our recommendations for you on how to deal with it

    We’ve posted about LastPass data breaches before but at that time it was purported to be a false alarm according to the company, the news on this most recent breach is that it’s real and that LastPass users should be concerned.

    The data breach in question happened in August but LastPass is just now revealing the details on what was stolen and the scope of breach. At the time of the hack LastPass was again saying that it was a false alarm but that wasn’t true and “backup customer vault data” was accessed during the August incident.

    This backup vault data included both unencrypted data such as website URLs and encrypted data such as website usernames and passwords. Having both details will allow hackers to easily put two and two together to access customer accounts.

    With that said because the data for usernames and passwords is still encrypted LastPass has let customers know their data is still safe, as they say it can only be unencrypted with their unique encryption key that is derived from your master password. User master passwords are not accessible due to their “Zero Knowledge” architecture.

    With this architecture no one, not even LastPass themselves, has access to a user’s master password. LastPass requires that master passwords be 12 characters long so even if the hackers who accessed this data attempt to brute force individual passwords it would still be difficult to impossible, with LastPass themselves estimating it would take “millions of years using generally-available password-cracking technology”.

    LastPass users should still be on the lookout for phishing attempts in the upcoming days however, even if your data is safe bad actors may still use the news of this breach to attempt to trick users into revealing their data. You should never share your password details with anyone, especially your master password. LastPass will never ask you for your password information.

    Also some additional advice for business owners who may own websites from Google, because the URLs in this breach were not encrypted they may include some that you didn’t want publicly accessible. John Mueller a SEO expert at Google recommends reviewing any website URLs you may have that may inadvertently leak data for your business, including customer form data.

    We still believe password managers are a security benefit to both consumers and businesses alike. They’re one small part of increasing overall cybersecurity awareness and safety and fall under the larger spectrum of increasing user education and accountability.

    We’ve posted about proper password safety and advice on avoiding phishing attacks, but here are the top 5 things you can enable in your business today to improve your cybersecurity safety in 2023.

    Internet Safety InfographicIf news of breaches make you nervous and you aren’t sure if your business is prepared from a cybersecurity standpoint, Valley Techlogic can help. We consider ourselves to be a premier provider of cybersecurity services for businesses in our area and beyond. We can help your business by covering your endpoints, setting up secure backups, virus and malware scanning and prevention and more. Schedule a consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.