Recent Blog Posts

HAFNIUM Attacks Target Most Microsoft Exchange Servers

HAFNIUM, and Their Actions Back on January 5th, 2021, a security researcher at security testing firm DEVCORE operating under the nom de plume ?Orange Tsai? reported a few issues that were discovered in Exchange Server. The same issues were reported on January 27th by the Danish firm Dubex, and on February 2nd by a firm called Volexity. All these reports alluded to what proved to be the actions of a hacking group in China that goes by ?HAFNIUM.? HAFNIUM?s hacking efforts have been directed toward the email platforms used in many different organizations? systems?including organizations classified as infectious disease researchers, defense contractors, institutions of higher education, law firms, think tanks, and civil societies/non-government organizations. In total, it seems apparent that hundreds of thousands of organizations making use of Microsoft Exchange have been swept up in the attack, breached by HAFNIUM with backdoors left open for the hacking group?s convenience later on. These breaches were originally directed against exclusively high-value targets, but have swiftly become far less discerning in who may be affected, with all encountered servers now taken over by the automated attacks. While these attacks have left the cloud-hosted Exchange servers untouched, a lot of the victims were using both on-site and cloud-hosted in tandem. A patch was released on March 2nd that only protects against infiltration, leaving those who had already been infected to fend for themselves. This is Now A Global Cybersecurity Crisis With the patch in play, it is now a race between hackers and organizations to see who acts first?with either HAFNIUM infecting a target or that target patching their systems against them. Too many have already lost to HAFNIUM, at this point. Even worse, these patches won?t do anything to resolve an existing breach, necessitating a comprehensive network analysis to eliminate any sign of infection. With this event constituting a zero-day threat against all self-hosted instances of Outlook Web Access that had not been patched within that span of a few days, these activities need to be prioritized within every business if only to be certain. We?re here to help. As a managed service provider, part of our job is to help our clients identify and eliminate any risk factors and threats that issues within their technology may pose. Learn more about our services by calling (603) 889-0800 today.

Making Sense of Bitcoin

Bitcoin is Digital Money Whoa, whoa, whoa…money?  Yes! Like many other types of currency such as the yuan, the dollar, the euro, and the ruble, Bitcoin is real money. It is what is called a cryptocurrency and it is (very) slowly becoming a universally accepted currency. Its actual value comes from its scarcity, which we?ll touch on in a bit. Bitcoin first entered the public consciousness when the value of one skyrocketed from a relatively measly few hundred dollars to about $20,000 in late 2017. Since then, Bitcoin has garnered its own following and inspired many to seek it out for themselves. Where Bitcoin Comes From Here?s the thing that a lot of people overlook about money: it?s little more than a symbol to represent value, essentially an IOU from the government backing it?rather than a voucher stating how much of that government?s treasury is due to the person possessing it. This kind of currency is known as fiat money, and is known for its economic stability. Bitcoin and other cryptocurrencies are different. Instead of a bank or a nation backing the currency, cryptocurrencies are self-managed with their own transaction histories recorded in perpetuity. Bitcoin is generated through ?mining??a computer processing complicated equations to generate a packet of data. The trend has actually generated shortages in high-end computer hardware and boosted demand for data centers worldwide. However, this boom has led to a much slower generation rate of new Bitcoin? the more miners seeking it out, the more Bitcoin mined successfully, and the more processing it will take to generate more. As Bitcoin can?t really be mined on consumer-grade or even business hardware for any real return, the investment to make it work is formidable. Not only is the hardware needed expensive in and of itself, maintaining that hardware takes a lot of time and draws a lot of power. Estimates have posited that the carbon footprint used to maintain Bitcoin is in line with the carbon footprint of the entirety of New Zealand, which suggests that environmental regulations may be applied to mining at some point in the future. What?s the Point? The major selling point behind Bitcoin is that it is anonymized. While there is a public record of all transactions, identities remain hidden. By establishing a Bitcoin wallet on your computer or in the cloud, the wallet?s ID is then associated to your transactions. This enables Bitcoin to be used for effectively everything from illicit goods and materials to home goods from Overstock?effectively, the merchant just has to accept them. More than anything else, however, Bitcoin has become a bit of a speculative stock market, miners seeking to make a profit by buying up Bitcoin when the value is low and selling it off when prices are high. Is Bitcoin Risky? Let?s make this clear: any investment, regardless of what it is in, carries with it some level of risk. Bitcoin adds a few more?your money could be deleted due to a hardware failure or a virus, and a wallet could be stolen from the cloud without any of the insurance that a bank account offers. Bitcoin is not the only cryptocurrency by a long shot. One that has also seen a recent surge in popularity is the meme-inspired and Elon Musk-promoted Dogecoin? almost strictly because Musk […]

Let?s Take a Look at the Data Breaches So Far in 2021

January For the first ten days of the new year, there weren?t any major breaches, but on the 11th: 1/11/21 Ubiquity Inc. – One of the largest vendors working in the Internet of Things space, had their database accessed by unauthorized entities through their third-party cloud provider. Possible exposed items include customer names, email addresses, hashed passwords, addresses and phone numbers. Parler – The former social media news app, Parler, after being removed from Amazon servers got some more bad news. It had its data scraped by a hacker and resulted in 70 terabytes of information leaked. This included almost every post to the platform, person-to-person messages, and video data. All of Parler?s Verified Citizens, users that have verified their identities with their driver?s license information were exposed.  Facebook, Instagram, and LinkedIn – A Chinese social media management organization called Socialarks suffered a data leak that exposed the PII (Personally Identifiable Information) of at least 214 million social media users from Facebook, Instagram, and LinkedIn. User?s names, phone numbers, email addresses, profile pictures, and more were exposed in the leak. 1/12/21 Mimecast – Cloud cybersecurity company Mimecast had their tools hacked, exposing around ten percent of their customers who currently utilize the Microsoft Office 365 email platform.  1/20/21 Pixlr – The free photo-editing application had the user records of 1.9 million of their users compromised. Data that was leaked included email addresses, usernames, hashed passwords, and other sensitive information.  1/22/21 Bonobos – Seven million customers of men?s clothing retailer Bonobos had their customer data stolen and posted on a hacker forum. Some of the data exposed included addresses, phone numbers, account information, and even partial credit card information. 1/24/21 MeetMindful – MeetMindful is a dating platform that was hacked and had 2.28 million registered users? personal information posted for free on hacker forums. The data that was exposed includes names, email addresses, location, dating preferences, birth dates, IP addresses and more.  1/26/21 VIPGames – The free gaming platform, VIPGames.com had 23 million records leaked for more than 66,000 users. The cause was explained as a cloud misconfiguration. Leaked user records include usernames, emails, IP addresses, hashed passwords, and the status of user accounts. 1/28/21  U.S. Cellular – After a targeting phishing attack of U.S. Cellular employees, hackers were able to gain access to the company?s CRM that contained almost five million user profiles. U.S. Cellular is the fourth largest wireless carrier in the U.S. and admitted to only having 276 users be victims of the social engineering attempt. Records that were compromised included names, addresses, PINs, cell phone numbers, plan information, and more.  February 2/2/21 COMB – Standing for a ?Compilation of Many Breaches?, a database containing more than 3.2 billion unique pairs of cleartext emails and passwords that belonged to past leaks of Netflix, LinkedIn, Bitcoin, Yahoo, and more was discovered available online. In the searchable database, hackers were given access to account credentials, access to 200 million Gmail addresses, and 450 million Yahoo email addresses. 2/10/21 Nebraska Medicine – In the first major medical organizational breach of 2021, Nebraska Medicine was inundated by malware allowing a hacker to access and copy the medical records of over 219,000 patients. Information copied included names, addresses, dates of birth, medical record numbers, health insurance information, lab results, imaging, diagnosis, and more. […]

The FCC is Taking Measures to Assist with Internet Connectivity

What the FCC Has Done On Thursday, February 25th, the FCC unanimously voted to give low-income households a discount on broadband internet service as a $3.2 billion part of the $900 billion that Congress earmarked for coronavirus relief in December. With up to $50 available to these households (or $75 for those on tribal lands) each month and a one-time $100 discount on a computer or tablet, this program will hopefully assist people in staying safe as the pandemic drags on. Considering that the average bill for stand-alone broadband service was calculated to be around $66 per month by the Wall Street Journal, it should come as no surprise that this is too much for many households to swing. Laying the numbers out like this makes it clear that the Internet is a costly investment, even in the best of times. The list of eligible households covers those that are already receiving low-income Internet benefits or pandemic relief recipients, as well as those who are eligible for free and reduced school lunches, Medicaid, SNAP, and Pell Grant recipients, and anyone who found themselves unemployed by the pandemic. Set to open up in a few short months, this program isn?t without its flaws. First of all, the $3.2 billion won?t last very long when you divide it up amongst 117 million households that meet the eligibility requirements. Once that $3.2 billion is gone, the program is slated to end. Deeper Connectivity Issues This program also does little to address another, arguably larger issue?the fact that millions of families don?t have any reliable means of accessing broadband at all. With so many now working and learning remotely, we?ll likely see some considerable impacts due to this coming to the surface. While the Federal Communications Commission has estimated that 18 million people lack reliable enough connections to access the Internet from home, the method they used to measure would allow these figures to be inaccurately skewed. The reason is this: these figures are based on ZIP code-based census blocks. In order to be counted as broadband-compatible, only a single household needs to have such Internet services available within the block. However, in sparsely-populated areas it isn?t uncommon for census blocks to stretch hundreds of square miles, indicating that this metric is far from effective. Hopefully, this discount will be the first step to a more accessible Internet service with more equity for all, as the need has never been more well-defined. Here, we?ll turn it over to you: are these steps the start of effective change? Let us know in the comments what you think about it.

Tip of the Week: Pin a Chrome Tab for Easy Access Later

Pinned Browser Tabs Most times, you?re going online to do a set list of things, using just a few certain websites more than most others. Studies have shown as much. However, if a user prefers to keep these tabs open throughout their browsing session, it is too simple to accidentally close it out when trying to navigate between them. This is where the benefits of pinning a browser tab become apparent. By pinning a browser tab, your tab can no longer be closed out and the website name is removed so that it takes up less space and leaves more room for other tabs. Pinning a tab is simple: Right-click on the tab Select Pin tab from the drop-down When you want to unpin your tab, follow the same process, and simply select the correct option from the same drop-down. If a tab has been pinned, any internal links (directing to a page on the same website) will open in that tab, while external links will open in a new, unpinned tab. Interested in learning more about how your technology can work harder for you? Reach out to White Mountain IT Services today by calling (603) 889-0800.