Login 

Call Us Now:

Weston Technology Solutions Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Archives
    Archives Contains a list of blog posts that were created previously.

Alerts

Your Router And Russian Malware

Posted by on in Alerts

SonicWall 2016 LogoYou may have heard recently about some Russian Malware that is going around. The headlines tell you you need to reboot your router to make sure your router isn't a part of a large botnet. Rebooting removes the malware from the device's memory, but it's likely to come back later if you don't lock the device down by changing the default passwords and updating the device. 

If you are a client of ours, however, and are using a SonicWall firewall (either stand-alone or as part of our WestonShield program), then you don't need to worry about rebooting the firewall as Sonicwall devices are not affected.

OneNote LogoMicrosoft is being a slow phase out of their OneNote 2016 Desktop app. Not the end of the world as the app will still be supported with security patches for several more years, but with the release of Office 2019 later this year, OneNote for Windows 10 will replace OneNote 2016 as the default OneNote experience for Office 365 and Office 2019 (which makes sense considering that Office 2019 will only work on Windows 10). Microsoft will continue to provide bug fixes for a few more years (until October 2020) and security fixes until October 2025.

Watch Out for Invoice Scams

Posted by on in Alerts

spamJust a reminder to keep an eye out for Invoice scams that are becoming increasingly common. Like any phishing scam (follow these tips to avoid phishing scams), it’s best to not open or click on anything in those messages. We’ve seen a few of these floating around lately that are pretty elaborate, to the point where the criminal doing everything in their power to look legit. We saw one not long ago where the crooks registered a domain very similar to the company’s actual domain (companyname.com vs companynames.com) and also looked up the names of the C-level officers for the company, and sent out fraudulent messages based on that, asking to authorize wire-transfer to XYZ accounts and make some online payments to a specific URL – neither of which were legitimate requests.

Long story short, stay vigilant, keep an eye out, and always verify verbally with the sender if things don’t feel right.

Meltdown and Spectre Alert

Posted by on in Alerts

It seems we are sending these emails much too often these days, but yet another set of vulnerabilities have been found affecting basically every computer out there from Windows to Apple to Linux, as these particular vulnerabilities target the CPU or “brain” of your computer. These vulnerabilities have been reported in the mainstream media as “Meltdown” and “Spectre”

Microsoft released patches for Meltdown yesterday. We are in the process of rolling these out to our internal systems as we speak. If all goes well with our systems we will be rolling out the patches to all of our CompleteCare or other managed patching clients in the next couple of days.

As for Spectre, this one is a hardware vulnerability which is a lot harder to fix than a software patch, we await further information from Intel and other CPU manufacturers on how they will be addressing this issue and we will let you know more as further information becomes available.

Here are a couple of articles if you would like to know more:
https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html
https://www.msn.com/en-us/news/technology/security-flaws-put-virtually-all-phones-computers-at-risk/ar-BBHQ0UL?li=BBnbcA1

More technical details about the vulnerability can be found at https://spectreattack.com .

This is yet another reminder to be extremely vigilant about what links you click on, in social media and in banner ads on websites especially.

Even if you get an email with a link or attachment from someone that you know, if you were not expecting it, contact that person and make sure it was sent by them. Many of these attacks utilize software that will attempt to impersonate an email user and send an email to everyone in their contact list.

As always thanks for choosing Weston and Happy New Year!

Eric Spinney
Service Manager
Weston Technology Solutions

Tagged in: Hardware Security

KRACK Attacks Wireless Vulnerability

Posted by on in Alerts

krackattacksOn Monday a research paper released that discussed how an attacker could compromise the WPA2 wireless encryption mechanism. This vulnerability has been dubbed Key Reinstallation Attack (KRACK), aka Krack Attack. While this attack is especially effective against Linux and Android client devices, the paper goes on to describe that any device using the standard WPA2 wireless security is vulnerable and should be patched.

This is a dangerous vulnerability. In its current state, it is very difficult to execute and needs to have a very close physical presence to the wireless network being compromised. That being said, once code is released for this vulnerability, it’s only a matter of time before exploiting it becomes easier.

Tagged in: Security

Mobile? Grab this Article!

QR-Code