k_Street Consulting, LLC Blog

Before this week, you probably never heard about Log4j. Right now, though, it’s the biggest topic in cybersecurity due to a massive vulnerability that is estimated to affect millions of devices. Your business needs to take this seriously.

It is certainly important that you update your software and hardware with the latest patches and updates, but it is also important to keep in mind that while these patches and updates resolve certain issues, these updates can also create problems of their own. An upcoming update to Google Workspace is the perfect example of this.

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

Being told by an IT provider how important it is for you to update your software is probably a bit like your grade school teacher telling you how important it is to do your homework: of course they’re going to say it, it’s their job to do so. However, we’re telling you what the Department of Homeland Security announced when they released a warning to update your Google Chrome web browser.

A major vulnerability has been discovered that affects everyone that uses Wi-Fi. Key Reinstallation Attack, or KRACK, affects the core encryption protocol that most Wi-Fi users depend upon to shield their browsing from others, Wi-Fi Protected Access 2 (WPA2).

Banks and companies that manage automated teller machines, better known as ATMs, have been warned against another method thieves have been utilizing to commit identity theft--by no less than the Secret Service.

If you panic in the event of a hacking attack, imagine how the National Security Agency (NSA) feels knowing that some of its exploits are for sale on the black market. While there isn’t any proof that the NSA has been breached, there’s evidence to suspect that their exploits are available for purchase on the black market. This means that a willing hacker could get their hands on government-grade hacking tools--a dangerous concept.

Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.

The ransomware Petya (previously thought to have been eradicated) has unfortunately resurfaced, and it’s brought a friend to the party. Petya was delivered via an email containing an invitation to apply for a job, including the virus in an executable file that was disguised as a PDF job resume. When a hepless user clicked the file, Petya would get to work.

You don’t often hear about mobile operating systems being vulnerable to security threats (desktop vulnerabilities usually hog the spotlight), but when you do, they’re usually major problems that you need to be aware of. One such threat is called “Hummer,” a trojan that has installed unwanted apps and malware to more than a million phones all over the world.

What kind of Microsoft products does your business use on a regular basis? If you can’t answer this question, you could be in trouble when it comes time to update your crucial applications and operating systems. This is a necessary part of working with technology; if your software can’t be considered secure, you need to upgrade to a more recent, better-functioning tool, or find yourself in a dangerous situation.

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

Next time you see an unsolicited resume in your email, it’s worth scrutinizing before you just click on it. It could be a nasty new ransomware called Petya.

Do you know which database management system is used by your company’s servers? Obviously your end users aren’t expected to know the answer to this question, but this is something that you, as a business owner, need to be aware of. If you don’t keep track of which database software you’re using, you might accidentally wait too long and wind up running an unsupported piece of software. For example, you need to move away from SQL Server 2005 (which is now unsupported) as soon as possible.

Malware has traditionally targeted industries that are exceptionally profitable. For example, hackers like to target retailers for their wealth of financial credentials. One of the most profitable industries, entertainment, is also subject to similar torment, including Steam, the PC gamer’s most valuable tool for gaming binges.

Modern ransomware is exceptionally dangerous, even by malware standards. Ransomware is capable of locking down important files on a victim’s computer, displaying a massive threat to both business professionals and their networks, as well as the average PC user. While other types of ransomware like CryptoLocker and CryptoWall are somewhat manageable, a new variant called CryptoJoker makes it borderline impossible to recover your files.

There’s a wicked string of malware on the Internet that locks users out of their browser and directs them to call a phone number. That phone number reaches hackers who have set up a subterfuge as an IT support company. If this happens to you, even if you are in the middle of something important, do not call the phone number.

For those of you who don’t yet have Windows 10, don’t panic. It’s not going anywhere, and you’ll get it soon enough. In the meantime, it’s important that you don’t get impatient and hastily open suspicious emails containing what appears to be a launcher for your Windows 10 download. Hackers are using ransomware to extort money from unsuspecting users who just want their new operating system already.

As seen by the recent Superfish app debacle, software that comes preinstalled on a new PC shouldn’t always be trusted. Most of the time, the innate software on a device can be trusted; but the Superfish application is an exception. This app, which came preinstalled on new Lenovo PCs between the months of September and December of 2014, can potentially compromise the security of your machine.

The next major operating system to get the ax from Microsoft is Windows Server 2003. Slated to have its mainstream support ended on July 14th, businesses that currently use the software need to begin making plans to upgrade their system as soon as possible. With this server operating system no longer being supported by Microsoft, your data will be vulnerable to the latest online threats.

Be advised, there's a new digital threat on the scene that you and your employees need to be aware of. Known as Cryptowall 2.0, it's a wicked virus that has the potential to encrypt and steal your files, making it the scariest thing to hit your front door this Halloween season.