security vulnerability | GIGE IT Solutions: IT Services Mississauga https://gige.ca/tag/security-vulnerability IT Services & IT Solutions Mississauga & Toronto Tue, 06 Aug 2019 13:50:11 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.5 https://gige.ca/wp-content/uploads/2017/06/cropped-tab-icon-g-final-32x32.png security vulnerability | GIGE IT Solutions: IT Services Mississauga https://gige.ca/tag/security-vulnerability 32 32 Why you should avoid SMBv1 in 2019 https://gige.ca/why-you-should-avoid-smbv1-in-2019 Tue, 12 Feb 2019 16:24:36 +0000 https://gige.ca/?p=6251 The post Why you should avoid SMBv1 in 2019 appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

A server computer acts as a central hub to any organization’s IT infrastructure. It is the core that all other computers are connected to, and stores and shares information among them. Much like personal computers, servers rely on operating systems and programs to carry out their functions. One of such software, called SMBv1, has been identified as a security vulnerability in today’s cyberworld.

SMBv1 is short for Server Message Block Version 1. It is a file sharing protocol developed in the 1980s, and was adopted by Microsoft in the 1990s as a method of sharing files across devices such as printers.

In 2008, the second version of the message block, SMBv2, was released alongside Windows Server 2008. Following this, version 3 was released in 2012 along with Windows Server 2012. Due to its age, SMBv1 was deemed obsolete by Microsoft in 2014.

While SMBv1 is no longer offered as preinstalled software in current Microsoft system offerings, it can still be installed onto current systems, as some old servers are still running on the software. However, Microsoft highly discourages this, as its age has caused it to become a security vulnerability. In fact, a critical vulnerability in SMBv1 had to be repaired with an emergency update on May 12th, 2017 by Microsoft.

This was not the only SMBv1 incident in recent years. On September 13th 2016, Microsoft had to release an emergency patch repairing a security vulnerability in its software which allowed cyberattackers to remotely execute code on computers running SMBv1. Three days later, Principle Program Manager Ned Pyle of Microsoft advised all users to upgrade away from SMBv1, after discovering that sensitive data could be stolen through it.

How do you protect yourself?

As has been demonstrated by numerous security incidents in the past few years, SMBv1 simply is not a secure protocol to be using in 2019. This is unsurprising as well, given that the software was written over 30 years ago. However, this highlights the importance of using computer software that is up-to-date, as lack of support will often result in security vulnerabilities that will leave your data unprotected. Do not fall victim to cyberattack. Call us at +1 888 366 4443 for more information on how to keep yourself safe!

The post Why you should avoid SMBv1 in 2019 first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Why you should avoid SMBv1 in 2019 appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
6251
Phishing Scams: what are they, and how do you protect yourself? https://gige.ca/phishing-scams-what-are-they-and-how-do-you-protect-yourself Mon, 15 Oct 2018 17:48:42 +0000 https://gige.ca/?p=5913 The post Phishing Scams: what are they, and how do you protect yourself? appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
computer-3028682_960_720

Phishing scams are a type of cyberattack that is designed to steal sensitive data such as login credentials and credit card information. The term ‘phishing’ originates from the word ‘fishing’, due to the cyberattack strategy using ‘baits’ to lure out victims.

Often, phishing scams will be distributed through fraudulent email addresses that direct users to fake websites. By posing as legitimate companies, cyberattackers trick victims in to typing their credentials into fake websites that send the information directly to them.

While most phishing scams are non-personal and widely distributed, ‘spearphishing’ is a strategy that targets specific companies or groups of high-level individuals within organizations. By specifically tailoring the emails to these people, these fake emails become even more difficult to detect.

Recent phishing attacks are getting sneakier

A recent phishing attack posed as a Denver-based law firm and targeted the company’s clients. The fraudulent email asked victims to follow a link to download an “important PDF”. When clicked,  this link redirected them to a fraudulent site where they would be prompted to enter their office 365 login credentials. Once they entered the information, it would be sent to the cyberattacker. Finally, they would be redirected to the legitimate Microsoft site.

Significant to this attack is the fact that the fraudulent website was actually running on a legitimate SSL certificate and was hosted on a domain that was under Microsoft. Therefore, it was even more difficult to detect than normal phishing attempts.

Protecting yourself against phishing

The most effective way of protecting your organization from phishing scams is to educate your staff on how to spot the signs of a fraudulent email. Some common tells include spelling or grammatical errors, inconsistent capitalization in the subject line, or suspicious sender email addresses. If employees are vigilant of these warning signs, the effectiveness of phishing scams in your organization will decrease significantly. In light of the most recent phishing scam using a legitimate SSL certificate on a fraudulent site, it is also important to educate your employees on the methods of identifying object store URLs on Azure, AWS, and GCP.

In addition to being able to recognize common phishing strategies, it is also important to ensure that all company computers are running up-to-date antivirus software. It is also beneficial to actively keep track of cloud accounts in order to detect suspicious activity.

GigE Solutions can help you educate and protect yourself against phishing scams. Contact us today at +1 888 366 4443 or learn more about our IT security services here.

The post Phishing Scams: what are they, and how do you protect yourself? first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Phishing Scams: what are they, and how do you protect yourself? appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5913