Back in April, security researchers laid the blame for the SolarWinds attack on the Russian Foreign Intelligence Service. Microsoft has discovered that there are various modules used by the attack group, a collective referred to as Nobelium. Nobelium includes other malware such as GoldMax, GoldFinder, and Sibot. Other types of malware that were previously known to researchers include Sunburst/Solorigate, Teardrop, and Sunspot. In the case of FoggyWeb, it is a malware which installs a backdoor on an already compromised server. Backdoors themselves allow hackers to pull off all sorts of nasty tricks. Hackers can use the backdoor to access a network at any given time in the future, and they can use the backdoor to install malware, access sensitive data, spy on users, and so much more. It?s safe to say that backdoors are dangerous for businesses to contend with. As for FoggyWeb, the backdoor itself is used to steal credentials and configurations from compromised servers. With these credentials in hand, hackers can remain on the infrastructure even after they have been purged from it. Hackers can also use these credentials to control access to important assets or other tasks that demand authentication. As with other backdoor threats, FoggyWeb can also receive commands remotely to pull off even more dangerous stunts. To ensure that your business does not fall victim to these types of threats, you should take a multi-faceted approach to your network security. This includes monitoring your network for suspicious activity, ensuring that user access controls are in effect, and deploying comprehensive security solutions that can keep your infrastructure safe. Thankfully, these solutions are more accessible than ever with the help of managed service providers like White Mountain IT Services. We can help arm you with the tools to protect your business from any type of threat. To keep your business secure from all sorts of threats, reach out to White Mountain IT Services at (603) 889-0800.

To get started, the private cloud is one that is hosted and maintained by your company rather than through a third-party provider. Compared to the public cloud offerings you might be more used to seeing recommended for SMBs, the private cloud has several benefits and advantages that make it a standout solution. More Flexibility Oftentimes companies that take advantage of public cloud services have a limited amount of flexibility in terms of services offered or rendered. This means that they don?t have as much control over the solution and how it works for them. Naturally, the private cloud offers you more advanced features that grant greater flexibility in this regard, allowing you to customize your cloud solution to your heart?s content. Greater Security With a public cloud infrastructure, it makes sense that your company has limited control over what the provider does to secure your data. Unfortunately, this can often come to the detriment of public cloud users who want greater security measures in place for sensitive data. If you use a private cloud, however, since you are directly in control of the hardware and software used to host the cloud, you can secure it in any way you deem necessary. Better Compliance As you can imagine, the limited control over security for public cloud solutions can complicate your organization?s compliance needs, especially with so many types of data now being governed by data privacy regulations. If your data is stored in-house on its own computing infrastructure, you will have more control over how you comply with these regulations, and thus be less likely to be in violation of them. There Are No Excuses With the advent of managed IT services, there is no longer any excuse to not, at the very least, consider a private cloud solution for your company?s needs. Managed services make the private cloud easier and more affordable than ever to take full advantage of, so why not consider it for your business? While it does, of course, depend on your organization?s specific needs and challenges, we think that a private cloud might be a potential solution for your company. We would be happy to help you make this determination with one of our comprehensive network assessments. Furthermore, deployment and management will not be an issue, as we can take care of this for you. Our technicians are ready and capable of taking care of your technology solutions, including a potential private cloud. To learn more, reach out to us at (603) 889-0800.

Cloud Solutions Given the scale that enterprise solutions need to operate in, the cloud is a no-brainer for them to adopt? but why shouldn?t your business emulate them in this regard? The cloud is inherently scalable. This means that the solutions provided via the cloud can be sized to fit a business? needs and budget very precisely. It is also worth mentioning the variety of uses the cloud can provide. Cloud platforms can fulfill many different needs, from storage to application delivery to platform hosting. This, again, is all made easily budgetable and exceptionally available. Wireless Upgrades Wireless connectivity is critically important in the modern business environment, which is why so many companies focus so strongly on providing their employees with fully available Internet throughout their location. Part of this is accomplished by strategizing not only where access points will be placed, but how this connection will be delivered. Different versions of Wi-Fi can be made available for different purposes. While enterprise companies have these kinds of adjustments made, smaller businesses can (and in some cases should) do the same. Network Security As time has passed, security has become more and more prescient to businesses of all sizes. One way that this is reflected in modern enterprises is the way that security tools are now deployed via a cloud solution, as mentioned above, helping to integrate them into their processes. Much like the cloud solutions referenced, this approach has proven scalable to smaller businesses as well. While the tools and defenses used by the enterprise may feel out of reach for many small or medium-sized businesses, a lot of what supports an enterprise can in fact prove beneficial and accessible to the average SMB. We can help you to accomplish a lot of what can be done by the enterprise at a scale that works for your needs. Interested in finding out more about our IT services? Give us a call at (603) 889-0800.

The vulnerability is called Chaos DB and is capable of providing read and write access to just about every database on the service. No evidence indicates that the exploit was used by hackers or attackers, but it is still a major problem and one that you should be aware of. The vulnerability comes about as a result of how the database handles primary keys and how Microsoft deployed its default settings for one of their services. The service in question, Jupyter Notebook, is a feature found in Cosmos DB. Wiz found that this feature was enabled automatically for all instances of Cosmos DB in the month of February 2021, but this issue could go as far back as 2019 when Jupyter first became a feature. A misconfigured setting within Jupyter allows users to obtain the primary keys for other users of Cosmos DB. Since the primary keys give the holder the ability to read, write, and delete data on the database, it is a pretty serious issue. Primary keys are credentials that do not expire, so if malicious entities get ahold of them, the only solution is to rotate them so that they are no longer useful to whoever steals them. If this is not done, then anyone who has obtained the primary key can potentially gain escalated privileges. Wiz recommends that all users who have Jupyter enabled on their service rotate their keys, no matter how long or short they have used the service for. Microsoft has since disabled the vulnerability that allowed for Chaos DB, but the company doubled down on the fact that it cannot change the primary keys, instead urging customers to rotate them themselves. Microsoft has also issued a warning to affected customers, which amount to about one-third of the service?s user base, along with instructions on how to limit the risks associated with this vulnerability. Again, it is extraordinarily important that you prioritize security configurations for your business technology, as you could unknowingly be placing your business? data or privacy at risk. To remove the guesswork, get White Mountain IT Services on board to give you a hand. We can assist with any configurations your technology needs to remain secure. To learn more, reach out to us at (603) 889-0800.

Emphasize Security Security obviously needs to be present on this list, as it seems that it?s been a long time since we?ve gone a week without news of yet another cyber incursion. Data is the modern-day salt, or oil? an immensely valuable resource that there is high demand for to sustain everyday life. The difference is that someone trying to steal your data or attack your operations doesn?t need to be present to do it. This makes it all the more important that your business has sufficient IT protections in place to keep threats out, with your entire team kept apprised of the importance of security diligence and how to report any issues they spot. As remote work proves to be a lasting innovation, these defenses and practices will only be more important to have at the ready. Adopt Cloud Options Speaking of remote work, it is just one way that utilizing cloud-based solutions can deliver considerable benefits to your business and its operations. From simplified access to data and the solutions used to process and utilize it, to the collaborative benefits that these cloud-based solutions offer, to the many advantages of having a copy of your data stored separately from your business? infrastructure in terms of your business continuity preparations, the cloud has a lot to offer the modern business. As a result, you can enjoy a wide variety of capabilities with little-to-no maintenance needs on your end, all for a budgetable fee. Automate What You Can Here?s the holy grail of productivity solutions: why spend time working on something when it can be done automatically, much quicker, and more accurately? Automation enables businesses to take many rote responsibilities off of their human resources and instead set their computing resources to complete them. While the term ?automation? has unfortunately been associated with ideas like downsizing and replacing workers with machines in the past, it is important to think about it in terms of what it is actually supposed to do: free up your employees to accomplish more worthwhile things, the menial jobs that once took up their time now seen to on their behalf. If you think about it, automation is really the antithesis of downsizing? you?re basically adding non-human resources to your workforce. Communicate Whenever you stream something over the Internet, you are using bandwidth, whether that ?something? is the latest original series from your favorite streaming service or placing a call over a Voice over Internet Protocol (VoIP) phone. As you might imagine, the office will have a great number of Internet-based processes happening simultaneously at any given time, meaning that bandwidth will be a valuable resource. Unfortunately, it also means that the bandwidth-demanding communication apps that businesses favor today may be flaky without action from you. You?ll want to work with an IT provider (like us) to ensure that sufficient bandwidth is available for your collaborative efforts. Don?t Sacrifice Quality for Costs? Sake Finally, we come to the big sticking point for many businesses? making sure they are getting the most value for their investment into their technology. There?s no sugar-coating it: IT solutions can be expensive, particularly if new hardware is required or external resources need to be brought in to provide their particular expertise. Plus, it?s no secret that the ongoing hardware shortages throughout […]