National Cyber Alert
This is a National Cyber Alert! All systems behind a Hypertext Transfer Protocol Secure (HTTPS) interception product are potentially affected.
Detecting Malware that Uses HTTPS:
As of 8:40am 3/16/2017, Homeland Security released a statement titled TA17-075A: HTTPS Interception Weakens TLS Security.
This is what is being reported concerning this National Cyber Alert:
“A recent report, The Security Impact of HTTPS Interception , highlighted several security concerns with HTTPS inspection products and outlined survey results of these issues. Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility of a MiTM attack. Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server.” – Homeland Security
Contact CR-T to resolve and address these issues or with any questions relating to this matter.
Rocky Mountain Power had a Massive Power Outage
Rocky Mountain Power had a major power outage affecting more than 23, 523 of their clients starting at 5:00pm on 3/5/2017.
Is it still down and what’s next?
As of 2:30pm 3/6/2017, there are only 3,100 Rocky Mountain Power clients currently affected. They estimate that all issues should be resolved by 7:00pm.
No company wants to be down for that long, especially during hours of operation, you are losing opportunities, important data, and more.
The benefit of being a client with CR-T is that we are always looking to get things resolved as much as possible on our end quickly and efficiently. As a result, all our managed IT service clients, that were affected by this power outage, are up and running.
What steps I can take to help reduce data loss from a Power Outage?
Although power outages can’t be predicted or completely prevented, these following steps will reduce any major company down time.
- Step #1 – Regularly Scheduled Data Backup
- Step #2 – UPS
- Step #3 – Cloud Storage
Let’s break it down so you aren’t left in the dark about why this is all so important.
1. Regularly Scheduled Data Backup
A fantastic way to ensure data protection, is to backup the data every fifteen minutes. The initial process can take some time, but once the bulk of the data is backed-up, the system should continually update and backup any new or incoming files.
The biggest issue with this…
“Assuming your servers will never go down or a natural disaster could never possibly impact your business. Having a backup and disaster recovery plan is critical.” – CR-T
Have the experts check your a backup & disaster plan – Check Plan
If you are looking for something more than just a backup system that you may or may not have already, you should probably check into what we call the BDR Device, or Backup/Disaster Recovery Device.
The BDR Device can perform a bare metal install to make your infrastructure in-house redundant, making things smoother and still operational when your server is being repaired or replaced. This means your network is still up while your server is being fixed and parts are being ordered.
That’s what will make for a complete fail-safe for your servers, and not just a data backup.
We consider UPS, or Uninterruptible Power Supply, as a great and necessary component for all companies. This is the preliminary line of defense to power surges and minor power changes, however they are not the complete solution and can still fail.
Using this tool will ensure that the minor, everyday, issues don’t interrupt your company’s progress. It also allows for those minor issues to stay minor and nothing more.
3. Cloud Storage
The cloud is ultimately the best way to ensure your data is always there and can be accessed securely. Any power outage or data loss can be re-established with this type of service and storage.
This complex but simple idea is heading in a great direction to providing companies with a “peace of mind” attitude.
Contact CR-T to get better pricing and services in products like:
1. MS Azure (Microsoft)
2. AWS (Amazon Web Services)
We all wish these types of things never happen, but they definitely do.
Get your data secured and have a plan in place today – who knows when the next outage will happen in your neighborhood.
Report a Power Outage in your Area through Rocky Mountain Power Company.
Alert: Was Your Device One of Over a Million Breached By New Android Malware?
Gooligan is able to steal the authentication tokens that are required to access data contained in many of Google’s popular offerings, including Drive, Docs, Gmail, and the G Suite.
However, it would seem that, instead of extracting personally identifiable information, the culprits have elected to install malicious Google Play apps to generate fraudulent ad revenue. Reports have said that this modus operandi nets the attackers about $320,000 every month, and that Gooligan may be the biggest recorded breach of Android devices, ever.
This makes it all the more fortunate that Gooligan has, as of yet, shown no signs of stealing any of the data it could potentially have accessed. Google has even gone on record in their belief that, “The motivation… is to promote apps, not steal information.”
While Google has since removed the apps that include Gooligan from the Play Store, there could potentially be countless more similar threats, lurking in wait of their next victim. This means that, should your employees be able to access the Play Store on their work devices, your business could be a potential victim.
Therefore, every member of a business should be informed of the seriousness of clicking around mindlessly when using a business device. Institute a policy of only allowing business-related apps on company devices, and require any BYOD devices to be thoroughly vetted by IT.
Do you have a plan to prevent unauthorized applications from appearing on company devices? Let us know in the comments!