Scam of the Week: Text Phishing !

Scam of the Week: Text Phishing !

by | Nov 24, 2021 | Uncategorized

*** TDS Newsflash ***

Scam of the Week: Text Phishing !

<<from our friends at SANS ISC InfoSEC, by Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu:

Many companies have extensive security tools to monitor employee computers.  But these precautions often fail for “out of band” access that uses cellular networks instead of Ethernet/WiFi networks. Our reader Isabella sent us this phishing email that they received:

Dear User,
This is to let you know that our web-mail server will be upgraded and maint=
ained soon.

If you don't want your e-mail account to be terminated during the upgrade,

Send "[redacted]" to 6-0-5-5-5-5-1-1-1-1. [altered]

You will receive instructions on how to upgrade your account via text messa=
ge.

If you do not comply with the above, your email access will be disabled.
Please accept our apologies for any inconvenience this may cause.

Regards
System Administrator
[redacted]

Note that the phone number is somewhat obfuscated, likely to protect it from tools inspecting email or network traffic.  The user is asked to send an SMS.  While SMSs may travel across WiFi networks in some cases, they are usually not accessible to network protection devices.   In this case, the user received a link next:

Text Phishing example

The user is not likely going to click on the link using a mobile device, lessening the risk of discovery to the attacker.  The target URL is no longer available, but Isabella reported that the link leads to a phishing page.

The attack was somewhat targeted in that the attacker used consistent branding for the code to be sent.  It included the short-form of the organizations name which is why I redacted it above. Even the target domain used (which is no longer reachable to me), “http://micro365upgrade.com” was plausible for an Office 365 upgrade.

And as always, Think Before You Click!


Thank you, and if there are any questions, please let us know, by forwarding this email to [email protected] or calling our office at (330) 441-4426.

Have a great day and thank you for giving us the privilege of serving you!

Adam Siemienski

CEO, Techspert Data Services

Main: 330-441-4426

Support Email: [email protected]

websiteportal

 

 

URGENT: Apple Devices Critical Updates!

URGENT: Apple Devices Critical Updates!

by | Nov 24, 2021 | Urgent Bulletin

*** TDS Newsflash ***

 

URGENT: Apple Devices Critical Updates!

All,

If you have an iPhone, Apple Watch, iPad, Mac…, please check for updates on that device as soon as possible and install any available updates that are listed.  A zero-day flaw has been recently identified and may currently be exploited for an untold number of Apple devices.  

Here is an article for more information:  Apple patches a NSO zero-day flaw affecting all devices – TechCrunch (ampproject.org)

If you have a Mac at home, an Apple Watch or an iPhone or iPad, you’ll need to make sure you get that updated. 


Thank you, and if there are any questions, please let us know, by forwarding this email to [email protected] or calling our office at (330) 441-4426.

Have a great day and thank you for giving us the privilege of serving you!

More Apple Vulnerabilities

by | Nov 22, 2021 | Uncategorized

*** TDS Newsflash ***

More Apple Vulnerabilities

Please update any Apple device you own by checking for any updates.

MS-ISAC ADVISORY NUMBER:

2021-137

DATE(S) ISSUED:

10/27/2021

SUBJECT:

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution.

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  • macOS Monterey is the 18th and current major release of macOS.
  • macOS Big Sur is the 17th release of macOS.
  • macOS Catalina is the 16th major release of macOS
  • watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
  • tvOS is an operating system for fourth-generation Apple TV digital media player.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

                                                                                                     

SYSTEMS AFFECTED:

  • iOS and iPadOS prior to 15.1
  • iOS and iPadOS prior to 14.8.1
  • macOS Monterey prior to 12.0.1
  • macOS Big Sur prior to 11.6.1
  • macOS Catalina prior to security update 2021-007
  • watchOS prior to 8.1
  • tvOS prior to 15.1

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low


Thank you, and if there are any questions, please let us know, by forwarding this email to [email protected] or calling our office at (330) 441-4426.

Have a great day and thank you for giving us the privilege of serving you!

Foundation SaaS?

by | Nov 22, 2021 | Uncategorized

Foundation Software Clients,

 

Many of you may have seen advertisements from Foundation software for their Foundation Hosted product.  Here’s what that is and here’s what you need to know when considering.  The technical term SaaS stands for Software-as-a-Service and all this means is that Foundation in this case, resides on a server that is hosted on the internet (cloud).  So rather than you hosting Foundation on your own server, Foundation does this for you.  Here are the pros and cons:

 

PROS:

  • You may not have to invest in an expensive server every 5-7 years or you may be able to downgrade to a less-expensive version (there are many other factors that need consideration to make this go away though)
  • Foundation handles all maintenance of software
  • Cost becomes monthly expense and you’ll always be on the latest version
  • No more waiting for annual tax table updates—it’s done automatically
  • You can access your login from any device anywhere—even phone or tablets!
  • SaaS is highly scalable so that when you grow, adding users is a phone call away with nothing more to do on your end (no potential upgrades for server memory, capacity etc.)
  • Support can be much quicker since Foundation can access your account without having to remote in to your systems

CONS:

  • Potential slow response when using the application.  This depends mostly on your internet connection and its reliability and speed.  We don’t recommend SaaS unless your internet is fiber or if not, at a very high speed like 500×50 or above for asymmetrical connections (normal cable internet).
  • Cost may be more during a defined timeframe.  ROI calculations may conclude that in a 5-year timeframe, your current licensing is less expensive.  But here you have to factor in the savings of downgrading the type of server needed if at all and monthly costs to maintain your servers.
  • If your internet goes down, you have no access to Foundation Software unless you go to another location that has it.

 

Our recommendations evolve alongside changing technology and we want everyone to know that Techspert is here to help you make these decisions.  Our suggestion is to reach out to Foundation and find out what the cost of converting to hosted vs. on-prem, then we can help demonstrate on-prem hardware costs going forward which may even be reduced depending on other variables.   Let us know if we can help.