A few weeks ago I posted an article about password vigilance and why it's important to maintain a healthy portfolio of different and complex passwords for your various accounts. That way if one system was hacked and usernames/passwords were stolen then only that system's data would be at risk. In the event of a compromised password you can easily change it and not worry about other accounts that perhaps share that same username. Simply update the account and your password manager. Case closed. Move on. I also mentioned that you should use two factor authentication if an application offers it.…
Read More
These words represent a common mindset we hear from owners and IT professionals in small to medium sized business. It is troublesome, to say the least. It is easy to fall into a false sense of security with all of the high-profile news about big companies being compromised. But we at Alpine Cyber Solutions want to remind everyone that there are very important reasons to be vigilant in the defense of your network, no matter your size. A primary attack vector for intrusion into a larger company is to take advantage of smaller partner companies that may not have the same standards as…
Read More
This is the first in Alpine's series on the modern security stack. Over the next few weeks, we will delve more deeply into each of the technologies that form a proper layered defense strategy. Do you have good security? Of course! We have the best anti-virus money can buy... Those of us in the security services and architecture arena have seen this conversation time and time again. And it makes us cringe every time. Sure, there was a time when a solid anti-virus would prevent the lion's share of problems that the young malware authors presented. But that time has passed.…
Read More
Once again, there is a battle between security and convenience. Unfortunately this time it affects anyone who enjoys the simplicity of buying a latté with their smartphone. Bob Sullivan, an investigative journalist, reported that Starbucks consumers are being victimized by criminals who transfer funds leveraging the auto-reload capability of the mobile app. The theft starts with a username and password change outside of business hours, followed by a series of increasing account fund reloads - all within a matter of minutes. Criminals can steal hundreds of dollars without the victim realizing that it's already too late. This was a relatively…
Read More
A new zero-day exploit has been discovered by Jason Geffner, a Senior Security Researcher at CrowdStrike, and its target is the virtual data center. VENOM (short for Virtualized Environment Neglected Operations Manipulation) allows a malicious user to send a command to their own virtual instance that will cause it to crash and open the door for exploitation of the entire hypervisor and connected network. This means that the attacker could gain full bare metal control of other companies' virtual machines, if they're hosted in the same virtual data center or cloud. The command targets a commonly ignored component of most virtual machines -the legacy floppy disk…
Read More