IT Security in the News

IT SecurityWe are following three IT Security news stories that have gained mainstream attention. Today on the blog we are going to re-cap all three stories, and talk about what they mean for the IT world

Garmin pays up

Garmin is still recovering from the ransomware attack we talked about on last week’s blog, you can read it here. The company reportedly received a decryption key, meaning some sort of ransom was paid. The original ransom demanded by the hackers was 10 million dollars, but Garmin has not acknowledged the ransom publicly. A week and a half since the attack, device users are still having issues related to the services taken offline.

This attack is an example of why it’s important to have a quality backup solution, and an incident response plan. When Garmin was attacked, they had to take all services offline, which included phone, email, and chat support. Not only did they have to disrupt the service they provide, but they also had no way to communicate with customers other than statements on Twitter.

Follow-up on massive Twitter hack

Twitter released more information about the hack that compromised many high profile accounts. They are citing a mobile spearphishing attack on employees as the cause. Twitter says employees were compromised, allowing hackers to access internal company tools. Twitter made a point to say, the employees who were compromised were not in a position to access the tools needed for the attack. Criminals used the information they had on some employees to attack more technical employees and gain access to the tools needed. In part of their statement Twitter said, “This was a striking reminder of how important each person on our team is in protecting our service.”

We couldn’t have said it better. As Jack always says, your employees can be your biggest asset, or your biggest liability. This is also a reminder that it’s not just the employees who are working in the IT department who are important. Any infiltration of the company systems can lead to an attack on the database or system tools.

Microsoft to buy TikTok

TikTok has been under increased scrutiny since Amazon “mistakenly” told all of its employees to delete the app. You can read our blog post , ‘Is TikTok Safe?’ Here. The US government has continued to talk about banning the app in the US since this new publicity. Over the weekend it was reported Microsoft is looking into buying TikTok for the US, Canada, Australia, and New Zealand markets. Microsoft has vowed to make data security their number one priority. They have until September 15th to complete the deal. Investment organizations are predicting the deal could be in the 50 billion dollar range.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Recent Posts

July Newsletter

Quanexus Q-News

The July Newsletter is now available on the website. This month, the newsletter is interactive! After you download click around to explore additional media from a given article. If you’d like to receive the newsletter before we feature it on the blog, sign up for our mailing list. We also send out security alerts and other news in the IT world.

July Newsletter Front Cover

Click Here for the July Newsletter!

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Ransomware Attack on Garmin

Garmin services still down after ransomware attack last week.

The Kansas based GPS maker experienced a ransomware attack, resulting in outages for users. When the attack was discovered Thursday morning, it appears Garmin took all services offline to contain the spread of the attack. The event also affected call centers, email, and online chat, so currently the company has no way to support their customers. Garmin says customer data was not compromised. Many outdoor adventure types rely on Garmin systems. Garmin makes specific equipment for divers, mountaineers, pilots, and marine vessels.

Garmin’s largest product category are fitness watches and computers. They make advanced cycling computers, as well as running, swimming, and golf specific sport watches. Users are currently not able to upload their activity data to the Garmin server, which then connects to other fitness tracking apps. Garmin also makes aeronautical software for iPad and Android tablets. Pilots are reporting they are not able to download flight plans, or the aviation database from Garmin servers. An up-to-date aviation database is required for flight by the FAA, so pilots who only use Garmin software to fly are currently grounded. Garmin also makes emergency devices for adventurers far from cell towers. Users can send for help, and also communicate through satellite services. Garmin says these emergency devices are still operational.

The ransomware WastedLocker is believed to be behind the attack. This form of ransomware is attributed to a hacking group based in Russia, appropriately named, Evil Corp. The ransomware encrypts servers and adds “wasted” to the end of the file name to leave their mark. Evil Corp has increased ransomware attacks since May, targeting large US companies with the new WastedLocker ransomware. Other outlets are reporting the criminals are asking a 10 million dollar ransom. Only Monday, did Garmin admit the outage was due to ransomware, but have not publicly responded to the ransom. Systems began to come back online throughout the day Monday, but Garmin says it will take some time to get all features back to normal.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Virtual Private Network VPN

Back to Basics – VPN

A Virtual Private Network, or VPN, is a tool to create a private network on a public infrastructure.

When we access the internet from home, most people have a modem that connects to an Internet Service Provider (ISP), which then connects to the internet. Your ISP assigns IP addresses in blocks, so other users in your neighborhood will have a similar IP address. This IP address tells the websites you access your general location, and how you are accessing the site. There are times when you may not want your ISP to see the websites you are accessing, and there are times you don’t want the website you are accessing to know your location. For instance, we are working from home more, a person working in a financial department of a large company may not want the ISP to see the private corporate financial information.

Another example of when a VPN can be useful is working from public Wi-Fi. Many companies are working from home, but most restaurants and coffee shops have opened again. Maybe you have developed a routine of working from the local coffee shop for an hour to start your day. As we know, getting dressed and getting in the car is a good way to tell our brain it’s time for work. The problem is you are accessing company email and data on a very public network. Public Wi-Fi is fairly simple for criminals to access and steal email information or data moving across the network. A quality VPN will encrypt the data moving across the public network and make it much more difficult for criminals to access.

VPN’s are also used by those who travel often. If there are websites or streaming services only available in your home country, you can use a VPN to make your IP address look like it is coming from that country. When you’re on a business trip to Europe but getting blacked out from your cable company at home, a VPN can make it look like you are accessing the streaming service from the US.

There are many VPN’s on the market, consumer and professional grade. There are free VPN’s and those that come with a fee.  As with most things, you get what you pay for. A good VPN package will include software for desktop and mobile and will give you control over what country your signal will appear to be coming from. If you are looking for a professional VPN setup for your employees working from home, please contact us.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business