Security Archives - Planet IT

Posts

Windows Server 2012 R2 End Of Support – Act Now Or Face The Consequences!

July 28, 2023/0 Comments/in Cloud, IT Security, Microsoft, Security, Windows /by Maciej Owsiany

If you are an IT professional running Windows Server 2012 or Windows Server 2012 R2 server, you need to be aware that support for these products will end on October 10, 2023. This means that regular security updates, non-security updates, bug fixes, technical support, and online technical content updates will no longer be provided by Microsoft.

This poses a serious risk to your business. You will be exposed to potential security breaches, compliance issues, and performance problems. Alongside several key vendors dropping support for their products as soon as this platform leaves standard support with Microsoft.

You will also miss out on the latest features and innovations that newer versions of Windows Server offer. This includes improved security, scalability, reliability, and efficiency.

Therefore, you need to act now and plan your migration strategy before it is too late. You have two real options and one really bad idea to choose from.

Embrace The Cloud and get all the benefits

Migrate to Microsoft Azure and receive free Extended Security Updates (ESUs) for three years after the end of support. You can move your applications and databases to Azure Virtual Machines and benefit from the cloud’s flexibility, scalability, and cost-effectiveness.

You can also use Azure Arc to manage your hybrid environment and receive automated/scheduled ESU updates and installation. This can simply be a lift and shift for now. Use the three years to get prepared for a newer operating system.

Upgrade your Windows Server

Upgrade to Windows Server 2022 or purchase ESUs for Windows Server 2012. If you prefer to stay on-premises, you can upgrade to the latest version of Windows Server. This will offer enhanced security, performance, and innovation. Alternatively, you can purchase ESUs for Windows Server 2012, which will provide security updates only for up to three years after the end of support. This can only be done if you are on an Enterprise Agreement with Microsoft. For most businesses, this won’t be an option.

Or….

…and you’d be really stupid to do this!

Do nothing and wait to join over 50% of UK-based businesses that suffer a major cyber incident each year. With an unsupported product, it will only be a matter of weeks before a major attack is launched by a threat actor against an operating system using unpatched vulnerabilities.

Whichever option you choose, you need to start preparing now and avoid the risks of running unsupported software.

Don’t know which way to turn…. Then reach out to the Technical Architecture team and we will help you understand your options and support you in the drive to move away from 2012 R2.

We are an IT company based in the UK that advises thousands of businesses, IT managers and leaders on all things Tech. We can help you with your migration plan and ensure a smooth transition to the latest Windows Server solutions. Contact us today and let us help you secure your future.

Azure AD is becoming Microsoft Entra ID

July 14, 2023/0 Comments/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Lewis Kitchen

You may not yet be too familiar with Microsoft Entra, but it’s about to become a much bigger part of your Microsoft environment.

Microsoft Azure AD, the cloud-based identity and access management solution that powers millions of organisations, is becoming Microsoft Entra ID.

This change reflects Microsoft’s vision to provide a unified and comprehensive identity platform that helps you secure your organization, empower your employees, and enable your digital transformation.

With Microsoft Entra ID, you can benefit from the latest innovations in identity protection, governance, and management, as well as seamless integration with Microsoft 365, Azure, and other cloud services.

ID Protection: Prevent account compromise with machine learning.

ID Protection helps you detect and stop identity attacks in real time. It uses advanced machine learning to identify sign-in anomalies and user behaviour that indicate a risk of compromise. For example, it can trigger a Conditional Access policy that requires strong authentication methods for accessing sensitive resources. This way, you can protect your accounts from phishing, malware, and other threats.

ID Dashboard: Monitor your identity security posture with insights and recommendations.

ID Dashboard shows you the impact of your identity protections, the most common attack patterns, and your organisation’s risk exposure. You can view metric cards and attack graphs that show risk origins, security posture over time, and types of current attacks. You can also get recommendations based on best practices and industry standards. With these insights, you can further investigate your security posture in other tools and applications.

ID Governance: Automate access governance with workflows and self-service.

ID Governance helps you ensure that only the right identities have the right access at the right time. It automates the employee identity lifecycle to reduce manual work for IT and increase employee productivity. It also provides machine learning-based insights about identities and app entitlements. You can use workflows and self-service to grant and revoke access to cloud and on-premises apps from any provider and custom-built apps hosted in the public cloud or on-premises. This way, you can comply with organizational and regulatory security requirements.

Apple Software – Critical WebKit Vulnerability: CVE-2023-37450

July 14, 2023/0 Comments/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Simon Williams

Apple has recently released a number of security advisories to address a zero-day vulnerability in Safari, iOS, iPadOS, and macOS Ventura. An attacker could exploit this vulnerability (being tracked as CVE-2023-37450) to achieve remote code execution. It has been reported that this vulnerability is being actively exploited, which means that attackers are currently using this security flaw to gain unauthorised access to systems, potentially leading to data theft, system damage, or other malicious activities. It is therefore imperative that you check and apply these patches as soon as possible.

Apple Rapid Security Response

Apple has rolled out a new protocol, termed Rapid Security Responses, to expedite the release of critical security enhancements in between regular software updates for iOS, iPadOS, and macOS. This approach allows for a more immediate response to certain security issues such as this one. Upon the application of a Rapid Security Response, a letter is appended to the software version number, indicating that the update has been implemented.

Who and What is Affected?

The vulnerability affects all devices running: iOS, iPadOS, and macOS Ventura that have not been updated to the latest security patches. This includes iPhones, iPads, and Mac computers. The exploit could be triggered by a vulnerable browser processing specially crafted (malicious) web content, leading to remote code execution.

How Can Attackers Exploit This Vulnerability?

Attackers can exploit this vulnerability by creating a webpage or web content that includes malicious code designed to exploit the vulnerability in Apple WebKit. They then need to trick the victim into opening this malicious webpage. This could be done through a phishing email, a message, or by compromising a website that the victim trusts and visits often. Once the victim opens the malicious webpage on a vulnerable browser, the malicious code is executed.

What Could Happen If This Vulnerability Is Exploited?

With the ability to execute arbitrary code, an attacker could potentially gain control over the victim’s device. This could allow them to install malware, steal sensitive data, create backdoors for future access, and more. In essence, the attacker could gain the same access to the device as the user, leading to a significant breach of privacy and security.

How to Patch This Vulnerability?

Apple has addressed this issue with improved checks in their Rapid Security Response updates. The patches were initially released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, due to a bug in Safari, some of the updates were pulled. Apple has since released new fixes to address this issue.

To patch this vulnerability, users should update their devices to the latest software versions:

iOS 16.5.1 (a) and iPadOS 16.5.1 (a), released on July 10, 2023.

iOS 16.5.1 (c) and iPadOS 16.5.1 (c), released on July 12, 2023.

macOS Ventura 13.4.1 (a), released on July 10, 2023.

To check for updates, go to the settings of your device, select ‘General’, and then ‘Software Update’. If an update is available, tap ‘Download and Install’.

The Cloud: Your Ticket To Growth Or Your Ticket To Extinction?

June 23, 2023/0 Comments/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by James Dell

The cloud is no longer the future of IT. It is the now of IT. Businesses that don’t embrace cloud computing are putting themselves at a serious disadvantage.

Here are just a few of the reasons why your business will be left behind if you don’t embrace the cloud:

You’ll be less competitive. Cloud-based businesses can be more agile and responsive to change. They can also scale up or down their resources as needed, which gives them a significant advantage over businesses that are still using on-premise solutions.
You’ll lose customers. Customers are increasingly demanding cloud-based services. If your business doesn’t offer these services, you’ll lose out on potential customers.
You’ll be more vulnerable to security threats. Cloud providers have a team of security experts who are constantly monitoring their systems for threats. On-premise solutions, on the other hand, are often more vulnerable to security breaches.
You’ll spend more money. Cloud computing can be more cost-effective than on-premise solutions, especially over time. This is because you only pay for the resources you use.

If you’re still not convinced, consider this: a recent study by McKinsey found that businesses that adopt cloud computing are more likely to grow their revenue by 20% than businesses that don’t.

So, what are you waiting for? Embrace the cloud and start reaping the benefits today.

Here are some specific examples of how businesses in the UK are being left behind by not embracing the cloud:

A medium-sized business in Swindon is struggling to compete with larger businesses that are using cloud-based marketing and sales tools.
A manufacturing company in Reading is losing customers because it can’t offer cloud-based customer service.
A financial services company in Oxford is at risk of a security breach because it is still using on-premise servers.

These are just a few examples of the many businesses in the UK that are being left behind by not embracing the cloud. If you don’t want to be one of them, then it’s time to start planning your move to the cloud today.

Don’t miss out on the benefits of cloud computing. Embrace the cloud and start growing your business today. Contact me directly if you have any questions – james.dell@planet-it.net or DM me on LinkedIn

Critical Vulnerability in Fortinet FortiGate Firewalls: Immediate Action Required

June 12, 2023/0 Comments/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Simon Williams

A critical security flaw was identified on Sunday 11th June 2023 in Fortinet FortiGate firewalls that could potentially be exploited by threat actors to achieve remote code execution.

IMPORTANT UPDATE from Fortinet June 12th: https://www.fortiguard.com/psirt/FG-IR-23-097

Details

This vulnerability, formally tracked as CVE-2023-27997, is reachable pre-authentication, on every SSL VPN appliance. In simple terms, this means an attacker could potentially execute arbitrary code on the system even without needing valid credentials. It is important to note that the details of this vulnerability are currently not fully disclosed, but Fortinet is expected to provide more information in the coming days.

Impact

The flaw could allow a malicious actor to interfere via the VPN, even if Multi-Factor Authentication (MFA) is activated. This poses a significant threat as it could potentially allow unauthorised individuals to gain access to sensitive information, manipulate data, or disrupt services.

In recent years, vulnerabilities in Fortinet firewalls have become a lucrative attack vector for cybercriminals. If exploited, this could lead to severe consequences including data breaches, operational disruptions, and potential reputational damage.

Recommended Action

Fortinet has released patches to address this vulnerability in FortiGate versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5. We strongly advise you to apply these patches immediately to mitigate any potential risks.

We understand that patch management can be complex and time-consuming. However, in this instance, the severity of the vulnerability makes prompt action essential.

It is essential that you act on this immediately. If you’re not sure what to do, or if you think you may already be a victim, call the Planet IT security team now: 01235 433900

URGENT ALERT: Papercut Vulnerabilities

May 10, 2023/0 Comments/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Simon Williams

Two vulnerability reports were recently made public regarding high/critical severity security issues in PaperCut MF/NG. (Latest update May 9th)

It has been observed that multiple threat actors including nation states are exploiting unpatched servers in the wild.

While initial attacks were targeting critical infrastructure (primarily in the US), current threat actor activity appears to be more opportunistic, affecting organisations across various sectors and geographies. We are aware that this has become a particular threat to the Education sector here in the UK.

The first vulnerability is a ‘Remote Code Execution vulnerability’.

This allows an unauthenticated attacker to get remote code execution on a PaperCut Application Server. This could be done remotely and without the need to log in.

The second vulnerability is a ‘User account data vulnerability’.

This allows an unauthenticated attacker to potentially pull information about a user stored within PaperCut MF or NG – including usernames, full names, email addresses, office/department info and any card numbers associated with the user. The attacker can also retrieve the hashed passwords for internal PaperCut-created users only (note that this does not include any password hashes for users sync’d from directory sources such as Microsoft 365 / Google Workspace / Active Directory and others). This could be done remotely and without the need to log in

As more threat actors begin to exploit these vulnerabilities in their attacks, organisations are strongly urged to prioritise applying the updates provided by PaperCut to reduce their attack surface:

URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) | PaperCut

It is essential that you act on this immediately. If you’re not sure what to do, or if you think you may already be a victim, call the Planet IT security team now: 01235 433900

Can’t wait to integrate ChatGPT into your business processes? …actually, here’s exactly why you should wait!

March 21, 2023/0 Comments/in ai, Cloud, data, General, IT Security, Latest Tech, Professional Services, Security, Software /by James Dell

You can’t escape it. It’s all over the news and social media about this sudden wave of improvements in LLM (Large Language Models) or as most people know them at the moment Chat-GPT!

Every large tech firm is rushing to integrate these technologies into their products with Microsoft launching co-pilot and Bing with Chat-GPT integration. Google is launching AI lead improvements to Workspace and Facebook accidentally leaked the source code to their LLM. 🤦‍♂️

With all of this going on you would expect that these products are at least secure and pose no risk to the users, businesses or the general public. And while I am wholly in favour of improvement to AI and ML, we must consider the risks these LLM pose as they begin to become part of everyday life.

What are you talking about?

I should start by covering what an LLM is. Well in the words of Nvidia “A large language model, or LLM, is a deep learning algorithm that can recognise, summarise, translate, predict and generate text and other content based on knowledge gained from massive datasets.” To most of us what this means is that a system can take input in human language, not machine code or programming language and can then complete these instructions. Now, this can be as simple as how do you bake a cake. Or you can ask it to write an application that will convert files to pdf and upload them to an FTP server based on the IP address x.x.x.x and write an output file for me to show completion, in C++. The LLM will then go away, compute the question against the information it has been “taught” and will then come back with an answer.

There are a few things we should all be aware of with LLMs as they stand today, these limitations are present but not always obvious.

LLMs are driven by the dataset they have and may have complete blind spots to events if they occur post the data set provided, i.e Chat GPT (GPT-3) is based on a data set from 2021. So if you ask it about the F1 teams for 2023, it will either throw an error or will simply give you information it “generates” from the information it has been fed.
LLMs can therefore “hallucinate” facts and give you a completely incorrect answer if it doesn’t know the facts or if the algorithm works itself into a situation where it believes it has the right information.
LLMs are power-hungry. They need huge amounts of computing power and data to train and operate the systems.
LLMs can be very biased and can often be tricked into providing answers by using leading questions making them unreliable.
The largest risk is that they can be coxed into creating toxic content and are prone to injections actions.

Therefore the biggest question remains what is the risk of introducing an LLM into your business workflow?

With the way that LLMs work they learn from data sets. Therefore, the potential risk is that your business data inside applications like Outlook, Word, Teams or Google Workspace is being used to help develop the LLM and you don’t have direct control over where the data goes. Now, this is bound to be addressed over time but these companies will 100% need access to your data to move these models forward so limiting its scope will have an impact on how they develop and grow. Microsoft and Google will want to get as much data as possible.

As such you need to be careful to read the Terms of Use and Privacy Policy of any LLM you use.

Other Risks

This one is scary, and it increases as more organisations introduce LLMs into the core workflow, is that queries stored online may be hacked, leaked, stolen or more likely accidentally made publicly accessible. Because of this, there is a huge risk of exposing potentially user-identifiable information or business-related information.

We should be aware of the misuses risk that also comes from LLM with the chance they will be used to generate more convincing phishing emails, or even teach attackers better ways to convince users to enter into risky behaviour.

The final risk that we should be aware of is that the operator of the LLM is later acquired by a company that may be a direct rival to yours, or by an organisation with a different approach to privacy than when you signed up for the platform and therefore puts your business at risk.

As such the NCSC recommends

not to include sensitive information in queries to public LLMs
not to submit queries to public LLMs that would lead to issues were they made public

At this point, Planet IT’s recommendation is not to integrate the new features from Microsoft and Google into your business workflow. Certainly not until proper security and data controls have been implemented by these companies and the risk of your business data being used as sample material to teach the LLMs is fully understood. These are emerging technologies, and as we continue to see change at Planet IT we are monitoring everything very carefully to understand how it will affect the security and data compliance of your business.

More information from the NCSC can be found here : https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk

If you want to talk to one of our experts about how we can help you with your security and understanding of LLM then please call 01235 433900 or you can email enquires@planet-it.net or if you would like to speak to me directly you can reach out to me via DM or at james.dell@planet-it.net.

IMPORTANT!!

This article was NOT written by ChatGPT. It was written by this ChapJPD (James Peter Dell)

Cloud Security Assessment Checklist: Protecting Your Business in the Cloud

February 9, 2023/0 Comments/in Cloud, data, General, IT Security, Latest Tech, Professional Services, Security, Software /by James Dell

Just because your data is in the cloud, that doesn’t mean it’s secure.
What???

I know many people believe that because they use Microsoft Azure, AWS or GCP, and big tech have their own security measures in place, that means you are safe, right? It doesn’t!!

In order to protect your sensitive information and comply with industry regulations, you need to perform a comprehensive security assessment of your cloud infrastructure.

Here is our recommended cloud security assessment checklist to help you ensure that your cloud environment is secure:

Access Management

Access management is one of the most critical components of cloud security. You need to ensure that only authorized users have access to sensitive information and systems. This can be achieved through the implementation of strong authentication methods such as multi-factor authentication, the use of secure password policies and even better, biometric authentication.
Additionally, it’s important to regularly review and audit your access logs to detect any unauthorised access attempts.

Directory Service

Directory services play a crucial role in cloud security by providing centralised authentication and authorisation for your cloud environment. A robust directory service will allow you to manage user accounts, passwords, and permissions in a secure and scalable manner. Ensure that your directory service is properly configured and that it integrates seamlessly with your access management solution.

Data Loss Prevention and Backup Policies

Data loss prevention is critical in protecting your sensitive information in the cloud. Implement a comprehensive data loss prevention strategy that includes the use of encryption, data backups, and disaster recovery solutions. Ensure that your data backup policies are regularly tested and updated to ensure that your data can be recovered in the event of an unexpected outage or disaster.

Rely on a Security Team

This is key. A dedicated security team is essential for ensuring the security of your cloud environment. This team should be responsible for the implementation and management of your cloud security solutions, as well as for performing regular security assessments and audits. Whether in-house or outsourced, make sure that your security team has the necessary skills and experience to keep your cloud environment secure.

Encryption

Encryption is an essential component of cloud security. Encryption can protect your sensitive information from unauthorised access, even if it falls into the wrong hands. Ensure that your data is encrypted both at rest and in transit, and that your encryption keys are properly managed and protected.

Security Updates

Often overlooked, updates are critical for keeping your cloud environment secure. Regularly update your cloud infrastructure and security solutions to ensure that you are protected against the latest threats. Stay up-to-date with the latest security news and vulnerabilities to ensure that you are prepared for any potential security incidents.

Monitoring

Regularly monitor your cloud environment to detect any security incidents or threats. Ensure that you have the necessary tools and processes in place to quickly respond to any security incidents, and that your security team is properly trained and equipped to handle them.

In conclusion, the cloud is an essential component of modern business, but it also presents a unique set of security challenges. By following this cloud security assessment checklist, you can ensure that your cloud environment is secure and that your sensitive information is protected. Keep this checklist handy and regularly assess your cloud security to ensure that you are always protected.

Ignorance is not bliss. Why Are Some Businesses So Reluctant To Embrace The Cloud?

February 1, 2023/0 Comments/in Cloud, data, General, IT Security, Latest Tech, Professional Services, Security, Software /by James Dell

Why are businesses so reluctant to adopt the cloud?

Cloud computing is the future of business. I argue that it is very much the present too. The cloud benefits organisations to become more agile, efficient, and cost-effective.

But why are some companies still hesitant to join the party?

Is it the cost? Is it a lack of understanding?

Ok, Let’s call out the elephant in the room: security and privacy concerns.

Yes, security breaches make headlines, but the truth is that cloud providers have heavily invested in security measures.

This includes encryption, firewalls, and multi-factor authentication. However, many businesses are still sceptical about the effectiveness of these measures and worry that their data could be vulnerable to cyberattacks.

So, I’m going to call the cloud providers out on this. Just because your data is stored on the cloud, and despite their valiant efforts, the reality is that you still need 3 party security solutions in place to safeguard your business data. But any responsible IT manager or business leader will appreciate this is a modern business need anyway.

Another reason for the reluctance to adopt cloud computing is privacy. Many businesses are concerned about the privacy of their data, particularly in light of recent privacy scandals. They worry that their confidential information could be accessed by unauthorised third parties, either by accident or through malicious intent.

But it’s not just security and privacy holding companies back. Many simply don’t understand the cloud. And that’s understandable. But ignorance is not bliss in the digital age. The businesses that seize the cloud advantage will leave their competition in the dust. Access to cutting-edge tech, scalability, and improved collaboration – the benefits of the cloud are too good to pass up.

So, to the companies still on the fence about cloud computing: don’t be left behind. Embrace the future and take your business to the next level.

Cloud computing is the answer to your digital needs – embrace it and thrive.

The future of Cyber Security for… BUSINESS LEADERS

February 1, 2023/0 Comments/in Cloud, data, General, IT Security, Latest Tech, Professional Services, Security, Software /by Maciej Owsiany

The future of cyber threats impacts both IT managers and business leaders, but with different priorities and approaches. While both groups recognise the importance of securing their organisation’s digital assets, they have different perspectives on the impact of these threats on their respective roles.

I have written 2 articles. Both on the topic of looking at the future of the cybersecurity landscape, but this post is from the BUSINESS LEADERS, OWNERS, MANAGING AND FINANCE DIRECTORS point of view.

If you’d like to see my take on what IT MANAGER or IT DIRECTOR‘s need to be aware of, then CLICK HERE.

The Future of Cybersecurity. What Business Leaders Need to Know!

Cyber threats are becoming increasingly sophisticated and persistent, posing a significant risk to businesses of all sizes. Business owners, managing directors, CEOs, and financial directors, be Aware! It is crucial to understand the future of cyber threats and take the necessary steps to protect their organisations from devastating cyber attacks.

Cost of a Cyber Attack. A successful cyber attack can have devastating consequences for a business. This includes loss of sensitive information, damage to brand reputation, and financial losses. The cost of a cyber attack can run into hundreds of thousands or even millions of pounds. In many cases, even force a business to close its doors permanently.
Targeted Attacks. Businesses are increasingly becoming targets of cyber criminals who are looking to exploit vulnerabilities in their systems for financial gain. These targeted attacks are becoming more sophisticated, and businesses must be proactive in their approach to cybersecurity to stay ahead of the threat. The naive days of “Why would they want to hack us?” are long gone. Any business is a target.
Cloud Computing. The widespread adoption of cloud computing is changing the way businesses operate. It also presents new challenges in terms of cybersecurity. Businesses must ensure that their cloud environments are secure, and that sensitive data is protected from cyber threats.
Human Error. Now this is a big one! Human error is a leading cause of cyber attacks. Your people are and are always likely to be your weakest link. It is crucial for business owners to educate their employees about the importance of cybersecurity and best practices for keeping their systems and data safe.

In conclusion,

The future of cyber threats and cybersecurity is uncertain, and businesses must take proactive steps to protect themselves. From the cost of a cyber attack to the risks posed by cloud computing and human error, it is crucial for business owners to understand the potential consequences and take the necessary steps to secure their organisations. By implementing robust security measures and staying informed about the latest threats and trends, businesses can mitigate their risk and protect themselves from the devastating consequences of a cyber attack.