Cyber Advisors Blog

Big Changes Coming to Office Connectivity

Posted by Caleb Lund on Dec 19, 2017 11:45:00 AM

Check it out. 

Read More

Topics: Tech Article, Education

Reblog: Project Honolulu

Posted by Michael Schultz on Dec 1, 2017 10:15:00 AM

Managing windows servers might be getting an upgrade in the future as Microsofts “Project Honolulu” is being developed to add a web UI for it. This has the potential to be a game changer for customers that were on the verge of using HyperV Core but didn’t want to lose the manageability of the full GUI. The goal of this platform is to pick up where the server manager lacked. In offering a Web-based solution it will be easier to use, and they are also releasing APIs for third-party developers to make use of. I would look forward to the actual release of this feature in late 2018, but in the mean time give the preview a try. If you have questions or have interest in Microsoft software, contact Cyber Advisors

Read More

Topics: Insider, Education

Re-Blog: "The Motherboard Guide to Not Getting Hacked"

Posted by Jesse Homa on Nov 21, 2017 12:30:00 PM

Cyber Security is an on-going battle and there isn't one best way to protect yourself. Because security is so important and there are many aspects to it, The Motherboard published a great comprehensive guide on how to not get hacked. This article is updated regularly and is great for just about everyone. If you have further questions regarding cyber security and how to better protect your self contact Cyber Advisors

Read More

Topics: Education, Cyber Security

Re-blog: Exchange 2016 CU7 Bug Causes HCW to Fail

Posted by Terence Kolstad on Nov 18, 2017 10:04:00 AM

Original blog post by Zoltan Erszenyi

Read More

Topics: Insider, Education

Thoughts on the Direction of Microsoft and Security

Posted by Terence Kolstad on Nov 17, 2017 3:09:38 PM

I was fortunate enough to attend the Microsoft Ignite conference in Orlando, FL this year. During the conference, there was a TON of information to gather, experts to network with, and vendors to see in the Expo Hall.

Read More

Topics: Education, Cyber Security

In the Know - Cyber Security Update - Week of August 13th - August 20th

Posted by Eric Brown on Aug 20, 2017 9:25:31 PM

Two of the articles this week deviate from cyber security, however, they are topical and relevant to painting a larger ‘buyer beware’ theme.  Malicious actors sell counterfeit eclipse viewing glasses, Roomba's map your house (potentially for the highest bidder), embedded ultrasonic signals played through a TV can allow malicious actors to track your movement, DJI plans to remove a Trojan from its ‘Go’ app, and shared smartphone application libraries libraries expose content to hackers.

Read More

Topics: Education

In the Know - Cyber Security Update - Week of August 7th - August 13th

Posted by Eric Brown on Aug 14, 2017 7:08:52 AM

User targeted malware picks up this week – the latest variant of ransomware-as-a-service, Cerber, steals bitcoin, and browser passwords before encrypting systems.  Free is not always free, Hotspotshield Free VPN is in some hot water as researchers discover that ads and tracking data is injected into its users’ browsing streams.  NIST (National Institute of Standards and Technology) releases new password guidelines – It says previous guidance of frequent changes and random numbers and characters leads to weaker passwords.  The international SMS messaging app SMS Touch compromises its users by sending authentication data and conversations in the clear.  And researchers discover thousands of Android apps are spying on their users.

1.  Cerber Malware gets more malicious
Cerber a popular ransomware of 2016, in part due to its Ransomware–as-a-service operating model where the author of the ransomware receives 40% of the ransom, and the distributor receives 60%, is back in the news.  The latest Cerber variant scans systems for cryptocurrency wallets, and attempts to steal the coins before encrypting the system.

Read More

Topics: Education

In the Know - Cyber Security Update - Week of July 30th - August 6th

Posted by Eric Brown on Aug 6, 2017 5:19:07 PM

Latest Windows SMB flaw (SMBLoris) compromises all versions of Windows from Windows 2000 to Windows 10.  A big week for phishing - Copyfish Chrome Extension compromised by phishing, Whitehouse execs phiished by “prankster”, Germany reports sophisticated spearphishing, Nissan expired domain allows attackers to collect live telemetry data from cars.

1. SMBLoris – latest SMB (internet protocol) flaw in Windows remains unpatched
SMBLoris effects all versions of the SMB protocol going back to Windows 2000.  This SMB vulnerability is executed when SMBLoris opens an SMB connection and requests a buffer of 128kb (maximum size allowed).  Alone 128kb isn’t much, but since a single attacking address can request 65,535 connections, (one for each source port), it can buffer 8GB of memory.  Multiply this by a few source addresses and memory will be filled quite quickly.  These requests allocate memory in physical RAM without allowing it to be paged in swap space.   This puts the CPU in a loop where it is scanning for additional free memory without cycles to do anything else.  The system will completely freeze without blue screening as it doesn’t even have the time to produce one.

The flaw was privately reported to Microsoft in early June, but the company considered it to be of moderate impact and does not consider it to be a security breach. In addition, it would probably not even be fixed.  Instead Microsoft recommends blocking access from the internet to SMBv1. 

Two researchers Sean Dillon and Zach Harding discovered the exploit while researching EternalBlue. The vulnerability affects every version of the SMB protocol and every Windows version dating back to Windows 2000. The research team demonstrated how they could take down a 128GB server using only a Raspberry Pi in under 30 seconds.

Attackers were able to connect to the IoT device, compromise one of these sensors and move to other vulnerable areas of the casino’s network and send out data. 

Overview:
https://community.rapid7.com/community/infosec/blog/2017/08/03/smbloris-what-you-need-to-know
SMBLoris Attack Demonstration:
https://youtu.be/mPPUv6Y4zHk
SMBLoris Denial of Service Code (in C):
https://packetstormsecurity.com/files/143636/SMBLoris-Denial-Of-Service.html

Read More

Topics: Education

In the Know - Cyber Security Update - Week of July 23th - July 30th

Posted by Eric Brown on Jul 31, 2017 8:31:42 AM

A fish tank leaks data, Uber drivers defrauded by social engineering scam, over a billion smartphones susceptible to Wifi worm, malware campaigns turn to .iso files, and attackers use FruitFly to spy on Mac users. 

1. An internet connected fish tank at a Casino leaks gigabytes of information to hackers.

Recently a fish tank has been added to the list of IoT (Internet of Things) connected devices that have fallen victim to cyber-attack, a report from Darktrace shows.  The fish tank had sensors connected to a PC to monitor water condition, and temperature. 

Attackers were able to connect to the IoT device, compromise one of these sensors and move to other vulnerable areas of the casino’s network and send out data. 

Darktrace Report:

https://www.darktrace.com/resources/wp-global-threat-report-2017.pdf

Read More

Topics: Education

Defense in Depth

Posted by Paul Beasley on Jul 26, 2017 2:33:17 PM

Throughout World War I, trench warfare was used by each side to both gain ground and to hold off attacks. These trenches used multiple defenses to slow or stop advancement by troops: parapets, mortar shells, mustard gas, mines, barbed wire and other nasty tools were heavily deployed. This multi-layered approach was implemented to thwart the various attack vectors that the enemy might use. Barbed wire, for example, is effective against soldiers, but not so much against tanks. This is where mines and mortar shells were far more useful. In the famous Battle of the Somme, trench warfare was so difficult that only miles were gained by the end of the war.

Read More

Topics: Education