Security Vulnerabilities: LabCorp, Voter Data, & ComplyRight HR

In the previous security vulnerabilities post we discussed recent issues with Bluetooth, Macy's and Emotet. This post provides information about additional security vulnerabilities that have recently occurred including:

• LabCorp's Ransomware infection
• Voter data breach
• ComplyRight breach

The information about these recent security vulnerabilities include how they might affect you and what you should do to protect yourself. The title of each breach type listed below is a link to an external news source with additional information about that particular security vulnerability.

Security Vulnerabilities: LabCorp, Voter Data, & ComplyRight

LabCorp

LabCorp is one of the largest clinical labs in the U.S. and was the unfortunate victim of a SamSam Ransomware attack on July 13. Luckily, the attack was quickly noticed and immediate measures were taken to stop the spread of the attack. Still, in the 50 minutes it took to stop the attack, 7,000 systems and 1,900 servers were affected. This shows the power and chaos a Ransomware attack can cause, even when client information is not compromised, as in this situation.

Security Vulnerabilities: Bluetooth, Macy's, Emotet & More

Dozens of new security vulnerabilities have been discovered in the last few weeks. Some target hospitals, others banking software and still others regular everyday website users. These attacks have come in many different forms including:

• Bluetooth vulnerability
• Banking malware
• Ransomware via brute force RDP (remote desktop protocol)
• Accessing user accounts via breached websites and unprotected files

This post provides information about the most recent security vulnerabilities including how they might affect you and what you should do to protect yourself. The title of each breach type listed below is a link to an external news source with additional information about that particular security vulnerability.

Security Vulnerabilities: Bluetooth, Macy's, Emotet & More

Bluetooth Vulnerability  

Bluetooth is used by desktops, laptops, tablets, mobile devices, headphones, speakers, cars and much more. This recent Bluetooth vulnerability affects part of the process Bluetooth devices use to pair and authenticate with one another. The threat involves one aspect of the validation process being skipped which introduces the risk of a man-in-the-middle attack. When taking advantage of this vulnerability, attackers can intercept and decrypt, or forge and inject messages between devices. 

What to do About the Recent .Net Update Crashing Servers

If you have Microsoft servers running the Azure Connect agent to sync your active directory user accounts, you may have noticed some issues over the last week. A recent .Net Framework update has caused the Azure Sync agent to have a memory leak. As the amount of memory used by this service grows, there is less and less memory available for other services, programs and even logging into the system to shut it down properly.

For some, the only way to get a physical server up and running again is to force the server off and reboot. Upon reboot, there are some steps you need to take to prevent this from happening again until Microsoft releases another .Net update and a new Azure Connect agent.

Why USB Drives are Effective but also Dangerous

External USB drives are convenient and extremely affordable, which makes them the perfect solution for many uses. Consider the following applications:

• Moving files from one computer to another
• Keeping a secondary copy of important files
• Holding software executables, like anti-malware or internet browsers, to install on computers with malware or other issues that make it challenging to install software in traditional ways
• Sharing large files with others that email filters traditionally block

When USB drives are connected to a device, the device automatically detects it and installs software as necessary. This process takes less than a few minutes and once finished, the device is ready to use. Unfortunately, like many items that make our lives easier, they also bring risk. For example, Internet of Things, or IoT, devices can be controlled via apps and online applications. This also makes them a target to hackers and the easiness of using USB flash drives makes them a target. 

Example of an external USB flash drive. This particular drive has a rotating cover to protect the USB connector.

3 Things you Should do to Every New Computer

Purchasing a new computer is an exciting process. New devices boot faster, the screen resolution is better and applications respond so quickly compared to older systems. While it can be easy to get carried away with using a new device, there are a few things you should do first. Installing new software and setting preferences is important, but you will be better off if you first do these three things to a new computer.

3 Things you Should do to Every New Computer

Document the serial number, service tag, etc.

Before logging into the new computer document any of the following numbers as applicable:

• Serial number
• Model number
• Service tag
• Product number

Each manufacturer uses different language for similar sets of unique numbers. They are typically located on the back of a computer tower, on the bottom of a laptop or under the laptop battery. These numbers will be important if you need warranty work or if you need to download the original drivers again whether the driver was corrupted or the drive crashed and needed to be rebuilt.