With all that's been happening, you may have missed a few things. So, I've put together an overview for you to catch up on this week's major news for MSPs.
Table of Contents
Google Offers Up Anthos Ready Data Storage
Anthos ready storage is being made immediately available for on-site use through Google Cloud partners. This follows the launch of Anthos by Google last June.
The primary components of Anthos are Google-managed Kubernetes, service mesh, a marketplace for applications, and configuration management, all of which can run on-premises and on Google Cloud. It has central control from Google Cloud, and can also be used to manage clusters and services on other cloud platforms.
Some partners are already impressed with the multi-cloud hybrid approach, as well as Google's commitment to ensuring their customers get what they need and want.
Google and Oracle Head Back to Court
It's ten years since Google and Oracle began their fight over a set of Android APIs. Oracle claims copyright infringement, while Google states that what they call “copying code from Java” will hurt software interoperability. Ahead of going into court, Oracle posted a statement attacking the motives of public supporters of Google, which include the CCIA, Microsoft, and IBM.
Oracle claims that Google is alone in this fight, although Google does appear to have some reliable tech supporters. No matter whose assessment of the situation we may consider to be correct, the two parties head next week to the Supreme Court to face off.
MGM Resorts Hacked
Over 10.6 million guests of MGM have had their personal information put online in a data dump posted by hackers. ZDNet went public with this when it observed the records of 10,683,188 former guests online. The data includes names, postal addresses, phone numbers, dates of birth, and email addresses.
The guests, some of whom are high-profile personalities, have been notified, where required by law. Meanwhile, MGM has been working with law enforcement and cybersecurity experts in the wake of the security breach. However, the problem is that not all states have laws requiring such notification, and this exposure leaves many at risk of exploits, including identity theft.
Nevertheless, MGM has tried to assure guests that the hotel has implemented changes to avoid this in the future. It is to be hoped that MGM, and all hotels, take computer security as a priority and implement proper best practices and layered defenses to ensure that their guests’ personal data is adequately protected.
Scammers Fake Burning Man Website
Kaspersky Lab has discovered a fake website "selling" tickets to the Burning Man event. The site differed from the official website in that it didn't ask for the same details from buyers, but instead just instructed them to make their purchase by clicking a link. The website used the same colors, fonts and design as “burningman.org,” the event’s official website.
This incident is not the first time that fans of the Burning Man event have been scammed, so users should take steps to protect themselves against scams, whether they involve Burning Man or other popular events. They can begin by familiarizing themselves with some of the more typical types of phishing attacks that are currently around.
Hackers Inside Citrix Systems for Five Months
Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. However, the networking giant recently reported that it had found evidence that a malicious hacker had gained access to its systems for five months from 2018-19.
The Federal Bureau of Investigation (FBI) notified Citrix that suspected cybercriminals had gained access to the company's internal network in March 2019. They assume the hackers had used the password spraying method to gain access. This method is a relatively crude but notably effective attack. It attempts to access a large number of employee accounts (usernames and email addresses) by using just a handful of common passwords.
Helpful Hints for Helpdesk Frontliners on Security Best Practices
When working with an IT helpdesk, it is essential to keep security a top priority. Here are some useful dos and don'ts to keep in mind that can help. Some of these may seem common sense but are still good reminders.
- NEVER email passwords to end users.
- Always use a random-password generator.
- Systems should NEVER use default credentials.
- Before resetting a user password, ALWAYS use a form of 2FA to verify their identity.
Copier / Printer / Fax Security
- Devices must have overwriting and encryption enabled.
- Utilize all the available security options.
- Before discarding an old device, secure/erase the hard drive.
- The default password should always be changed to a unique and robust one.
- Unique passwords on email accounts must be required.
- Two-factor authentication should always be enabled.
- Company business should NEVER be done over personal email accounts.
- Even if they know the source/sender, employees should have the training NEVER to click on links in messages, email, tweets, attachments posts, or online ads that look suspicious.
- Give training to employees about your company's spam filters, so they know the best ways to use them in order to prevent harmful, unwanted emails.
- There should be restrictions on where work files that contain private data can be copied or saved.
- To protect your data, use application-level encryption in your files where possible.
- Have file-naming schemes that don't indicate the kind of data a file may hold.
- Directly or via a third-party service provider, control the private data in your networks.
- NEVER use free services, as they rarely give the legal protection required for securing confidential data.
- Security software needs to be updated regularly.
- Regularly update existing apps and delete unneeded ones.
- Always check reviews before downloading, and use trusted sources for downloads.
- Use strong authentication, such as fingerprint or facial recognition, and passcodes to secure devices.
- Ensure that Bluetooth discovery mode is turned off.
- Enable the "find device" and "remote wipe" features.
- After downloading, configure app permissions right away.
- Your computer operating system, applications and browsers should ALWAYS be set to receive automatic updates.
- Get rid of software you aren’t using and make sure all software is current.
- There should be a clear company policy and concise rules concerning what employees can install and keep on their work computers.
- When installing software, please read the message boxes before clicking “OK”, “Next”, or “I Agree”.
- Antivirus software and anti-spyware must be installed on all of your organization's computers. Update this software regularly.
- Implement strict policies on access to data or systems. Provide it only to those who require it in order to perform the core duties relating to their jobs.
- Scan all USBs and other external devices for viruses or malware.
- Disable auto-run, which permits USB drives to open automatically on insertion to a laptop or computer.
- Restrict the use of USB drives to only those that are preapproved for business devices.
- The rules regarding the use of unapproved or personal devices should be explained in an established usage policy in order to protect business property.
- Separate personal USB drives from business ones.
- Unencrypted USB drives should not contain sensitive information. It is an excellent practice to keep private data off USB drives altogether.
That's a Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Check back next week for more highlights.