XFER Blog

Before this week, you probably never heard about Log4j. Right now, though, it’s the biggest topic in cybersecurity due to a massive vulnerability that is estimated to affect millions of devices. Your business needs to take this seriously.

It is certainly important that you update your software and hardware with the latest patches and updates, but it is also important to keep in mind that while these patches and updates resolve certain issues, these updates can also create problems of their own. An upcoming update to Google Workspace is the perfect example of this.

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

Being told by an IT provider how important it is for you to update your software is probably a bit like your grade school teacher telling you how important it is to do your homework: of course they’re going to say it, it’s their job to do so. However, we’re telling you what the Department of Homeland Security announced when they released a warning to update your Google Chrome web browser.

A new type of malware is targeting routers in what is considered a large enough threat that even the FBI is addressing it. Even worse, a router isn’t necessarily a device that you think would be vulnerable to attack from a hacker. What can you do to keep your business’ Internet access points secure from hacking attacks? Let’s dig in to the details about what the VPNFilter malware does and how you can address it.

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Twitter is recommending that all 336 million users change their passwords as soon as possible due to the discovery of an internal security flaw. While the issue has been fixed and no data breach seems to have taken place, Twitter is clearly taking this situation seriously.

The IRS has issued a warning to tax professionals to step up their cyber security to prevent sensitive taxpayer information from being stolen. CPA firms, large and small, are being targeted by hackers and identity thieves, especially during the high traffic tax season.

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

One of the best ways your organization’s network can remain secure is to always use the most recent version of any critical software solutions on your network. Unfortunately, making the jump to a more recent operating system is easier said than done, particularly for small businesses that have limited budgets. The problem of security becomes even more pressing for businesses that need to upgrade multiple servers and workstations, as failing to do so could prove to be fatal for your organization.

Run your Windows Updates and be very skeptical about opening unsolicited emails. Failure to do so may result in a very dangerous strain of ransomware that could infect your entire network and spread to your clients, partners, and prospects.

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

All across the United States, banks are rolling out ATM improvements to help boost the security of their members by utilizing mobile devices. While these measures will undoubtedly help, they aren’t enough to fix all of the vulnerabilities that ATMs suffer from without some vigilance on the user’s part.

In recent news, millions of records containing personal information were made available to the public in a sizable data leak, providing potential scammers with plenty of information to utilize in their schemes. These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet, a business service firm.

Do you know what today is? It’s National Clean Out Your Computer Day! This means that there is no time like the present to make sure that you’re taking good care of your business’s technology assets. In honor of this day, we’ll discuss ways in which you can take better care of your technology.

Banks and companies that manage automated teller machines, better known as ATMs, have been warned against another method thieves have been utilizing to commit identity theft--by no less than the Secret Service.

If you panic in the event of a hacking attack, imagine how the National Security Agency (NSA) feels knowing that some of its exploits are for sale on the black market. While there isn’t any proof that the NSA has been breached, there’s evidence to suspect that their exploits are available for purchase on the black market. This means that a willing hacker could get their hands on government-grade hacking tools--a dangerous concept.

Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.

Microsoft recently issued security patches to fix 27 vulnerabilities, many of which are critical in nature. The vulnerabilities are significant and popular titles are affected like Windows, Microsoft Office, Internet Explorer, and the new Edge browser. Microsoft users that ignore these security patches are putting their system at unnecessary risk.

The ransomware Petya (previously thought to have been eradicated) has unfortunately resurfaced, and it’s brought a friend to the party. Petya was delivered via an email containing an invitation to apply for a job, including the virus in an executable file that was disguised as a PDF job resume. When a hepless user clicked the file, Petya would get to work.