Infradapt Blog

This is some blog description about this site

ALERT: Change Your Twitter Password, Says Twitter

ALERT: Change Your Twitter Password, Says Twitter

Twitter is recommending that all 336 million users change their passwords as soon as possible due to the discovery of an internal security flaw. While the issue has been fixed and no data breach seems to have taken place, Twitter is clearly taking this situation seriously.


On Thursday, May 3, it came to light that there was an internal log upon which an undisclosed number of account passwords were recorded without any protection. As a result, this unknown amount of passwords can no longer be considered secure, even though there is no apparent evidence that any data breach has occurred.

Twitter uses a process called hashing to protect their passwords, as many companies do. However, a bug created a log of passwords before they were hashed, leaving them fully legible. This bug has since been resolved.

In response to this situation, Twitter is being proactive and recommending that all of its users change their passwords, just in case. To do so, log in to your account in your browser, access Settings and privacy, and from there, Password. It is also a good idea to enable two-factor authentication by accessing Settings and privacy, clicking into Account. Once there, click on the “Set up login verification” button and follow the instructions. You will find yourself on a Login verification screen, where you can activate the means to generate another authentication code.

While disaster seems to be averted this time, you should not hesitate to change your password as soon as possible, and makes sure that all of your online accounts have strong passwords in place. For more information about keeping your identity safe online, call the IT professionals at Infradapt at 800.394.2301.

 

Continue reading
0 Comment

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

Continue reading
0 Comment

ALERT: Equifax Data Breach Potentially Exposes 44 Percent of All Americans

ALERT: Equifax Data Breach Potentially Exposes 44 Percent of All Americans

In case you haven’t heard, the credit bureau, Equifax, has suffered a data breach that may have exposed the records of 143 million Americans.

Continue reading
0 Comment

Latest Ransomware Attack is Brutal Reminder of Cyber Security Importance

Latest Ransomware Attack is Brutal Reminder of Cyber Security Importance

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.


Why NotPetya Isn’t Really a Ransomware
The first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside.

A Hybrid Hacking Attack
Since the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA.

Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread--including onto updated and patched Windows 10 systems.

How To Protect Your Files
First off, don’t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable.

However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user’s systems were (and are) still vulnerable.

The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business’ systems are reinforced against the latest threats by keeping your defenses up-to-date.

Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network.

Infradapt has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at 800.394.2301 today.

Continue reading
0 Comment

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

Continue reading
0 Comment